1e75576e5c9912e7884f31b188a974f72c126a3aa52c6d57e358f38e2d21fa6d

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
03/02/2024, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GeometryDash.exe
Size

8.5MB
MD5

e4d73e0e44a0ef808c906106b52466c1
SHA1

ac31df176f434ae5b1bc7944b9082fb1e229da0e
SHA256

1e75576e5c9912e7884f31b188a974f72c126a3aa52c6d57e358f38e2d21fa6d
SHA512

2a5b537147ce5189a583d7b61d2a4490b6eb672339d3291b563604062b8eaa597785e99e6781a1957358c5a1ac7bdc43e8109048a0f97d915ec76aeee0eb8c15
SSDEEP

98304:AV+mMdl51ycMEUGNmOw/abBRtIQ1Pdhb4JmULWpcoCZvsj6r2t9+ESeT0mdmC4Do:AsmMrBMEjUOPpM0ULfL

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1252	firefox.exe
Token: SeDebugPrivilege	1252	firefox.exe
Token: SeDebugPrivilege	1252	firefox.exe
Token: SeDebugPrivilege	1252	firefox.exe
Token: SeDebugPrivilege	1252	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe
1252	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1252	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 3500 wrote to memory of 1252	3500	firefox.exe	84
PID 1252 wrote to memory of 1648	1252	firefox.exe	85
PID 1252 wrote to memory of 1648	1252	firefox.exe	85
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 1692	1252	firefox.exe	86
PID 1252 wrote to memory of 3780	1252	firefox.exe	87
PID 1252 wrote to memory of 3780	1252	firefox.exe	87
PID 1252 wrote to memory of 3780	1252	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe
"C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe"
1⤵
PID:3044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.0.1591020935\550234693" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc949d53-c8c3-4ddd-b496-c344ab6245a3} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 1840 23e945f6858 gpu
    3⤵
    PID:1648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.1.302717269\747346109" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {362dd11a-9cc9-4908-a335-b8eb99440820} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 2216 23e88470a58 socket
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.2.840852277\1579317015" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3088 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76bedae4-2af8-435e-b156-59ddc1a26cc6} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 3236 23e997c0058 tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.3.250662314\458059163" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a330fb78-64ab-424e-b27a-3147db8aa89c} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 3480 23e99db5658 tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.4.355141180\1313619327" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 4580 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {597a16e0-8c08-4082-86ff-a69f09612a76} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 4596 23e9b3f5258 tab
    3⤵
    PID:2824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.7.1145942646\1599110599" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe1267fa-bf8b-42b9-b6be-ca476324109b} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5464 23e9bc6fe58 tab
    3⤵
    PID:3964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.6.127334705\938726171" -childID 5 -isForBrowser -prefsHandle 5328 -prefMapHandle 5324 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18ead7ea-037f-4817-bb79-d0c26bdfc529} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5336 23e9bc6f858 tab
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.5.739306471\1463285695" -childID 4 -isForBrowser -prefsHandle 5104 -prefMapHandle 5100 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cdeb4b3-b8be-4eab-b7b4-e2011f6d64b2} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5116 23e9b3f3a58 tab
    3⤵
    PID:944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.8.617828938\1671544520" -childID 7 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21c01a36-5428-4952-9558-059d9ffc7640} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5840 23e9de9a258 tab
    3⤵
    PID:3088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.9.190998405\1267797941" -parentBuildID 20221007134813 -prefsHandle 8132 -prefMapHandle 5728 -prefsLen 26458 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e76d9d58-ede1-4f5b-bdc8-de2a8c063f6e} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5612 23e9d64ee58 rdd
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.12.1820646385\1285234926" -childID 10 -isForBrowser -prefsHandle 9440 -prefMapHandle 9436 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1972cc14-a368-4d16-9ce5-b0839cae8498} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 9448 23e9de99958 tab
    3⤵
    PID:2876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.11.391760594\2074605197" -childID 9 -isForBrowser -prefsHandle 9636 -prefMapHandle 9632 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44cda5e2-02cb-411d-b2f9-5950e80964e6} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 9644 23e9dc73f58 tab
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.10.144482760\1189146310" -childID 8 -isForBrowser -prefsHandle 9872 -prefMapHandle 6136 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d2b244-4ace-492a-a7a8-d07245fce0ce} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5612 23e9d651558 tab
    3⤵
    PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.13.426422690\961374069" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9564 -prefMapHandle 9624 -prefsLen 26458 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c3b0ac0-9a77-40ff-b5fc-870a07dfaadd} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 9572 23e9e8b7658 utility
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.14.1834253304\1302301932" -childID 11 -isForBrowser -prefsHandle 5364 -prefMapHandle 5660 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ed8ded5-a0d5-453f-88f7-140e5e00e6c4} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5500 23e9dc63258 tab
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.15.1322244809\1711639742" -childID 12 -isForBrowser -prefsHandle 4056 -prefMapHandle 4028 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdda2133-d732-41b1-aca0-707d1798c2b1} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 9616 23e96d34258 tab
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.16.1740799097\1855232442" -childID 13 -isForBrowser -prefsHandle 9508 -prefMapHandle 4416 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d43bb25-1382-47c5-a950-cc33cf5063b9} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 9520 23e9ef18058 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.17.584304857\428988883" -childID 14 -isForBrowser -prefsHandle 6116 -prefMapHandle 4804 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f4c92f7-3b13-4725-86f0-53eb18ef73bf} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 4416 23e9f0c3b58 tab
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1252.18.609225730\345005942" -childID 15 -isForBrowser -prefsHandle 5940 -prefMapHandle 9868 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb69682a-45e9-4ec4-8b0e-a5e218394c9f} 1252 "\\.\pipe\gecko-crash-server-pipe.1252" 5928 23e9f0c1158 tab
    3⤵
    PID:4112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\doomed\11354

Filesize
15KB

MD5
ef42e642b3449986f6561982c193ba56

SHA1
7555f831763f747a412df2e98fac6c877ad451bc

SHA256
d8fcfe45ad2f2a84d925a74781dcb4516ec200eb9abb9d066635b7a430665179

SHA512
dc9ce3c8205679d44f801666db02b33583414ae14d4fc760933af391a852b9c98cc45ed9f75cca857e6fb57c60ba7e492b3a22881190651c8d73f98d3f3802f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\doomed\14619

Filesize
21KB

MD5
ccba482af322fbc1b1ce88e964dc8f26

SHA1
b42daf59bc62c787cba896102fec0fba0b4fc0fa

SHA256
6791950e11f2ffecfb11e952421e45bf49714edcd81d4e1a892c4394a3ad700c

SHA512
4956a0c561fc55f695a97c9c1492392d18fc259d156c9813c291d309fc644671dbd0e1c5377ef8581a17e12f75cecf6c9d07bfcd6abd64e6efe909925987f220

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\doomed\16045

Filesize
10KB

MD5
225b1ab6b46b61e4cebf504f003379b5

SHA1
b2dafa02685d0aa269018d902db5e67a8190e480

SHA256
bca463681ee9103a4cb6ddb31014088df6f8bc24664c5f682766e58b8778d708

SHA512
b273e16b957520833e46cbfcb728f29a3ece1507bba04809147b98c45d43a421e96ee07cd54dc0ec62faab98b40e97fed83a96db84a74590b1a6a34ba682ef35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\doomed\16217

Filesize
10KB

MD5
449d60e9a81f17630f71d0f85f71d376

SHA1
521c922248f12ffb6f1a1ed0ce49d5c112b5e0ca

SHA256
20d3c4d7d449f7acb59d87d2d002b6ba9680dd751d35dc3d3164a8601ac19f84

SHA512
3c85f7efa6603b8d83f77a8f7752983494483fec1bd0cfc7a584196bd47b3404830bbe6ca998f87c25fce2014d107bb0e474b9f6afb6242f4e05d2f38e5985a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\doomed\23149

Filesize
7KB

MD5
07ec1fab7421ed623dcae2f6bb0addb2

SHA1
792ed8b574ef6163f9afb530ba1868e9f0599890

SHA256
b59842a996e318f1353ce074b4dca69a68f8df3d8735caef60eaa0787aeb8561

SHA512
bf47662eb207bce7e4ea27f75e48b7320e38c509548b89bcd1c3688d6bc6c72bbba1182b545c89a1a87c52b14d696b5f374305e7309efac9cfc62e23466e6544

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\cache2\entries\C5DD3DC594F330FDC5F8643F32A3DD22555D6D95

Filesize
112KB

MD5
d327b027462a817c12bedd50100cfb13

SHA1
85d793f51959fc8816e50dc800f2416291f90324

SHA256
9da1ca3a5f0fc23076dd5317929e8df198679c41b16c9ad8864a6cc92996ff36

SHA512
16fda71dc4cfba582bae6fdbb727c9e9f8e9a5246fe5ecb3839ffa90da29dfc9fd9e0fc862f58e66bd30d9938ec23b919a6f4b6a3f564632935db481828c102c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6fd8mnze.default-release\jumpListCache\L36Do+EO+7OlEKOEUdhQ6A==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.5MB

MD5
3137d47a3dcda67065b7c724552f5c42

SHA1
f308cfae2b7420401cac56fd9337b0628fb98e07

SHA256
3d1091e5a4cd545696284b7dc1b80e9d0f4aa8015d4046a56c2afb75b55389e6

SHA512
c431c8bd835f3601610ba009b55baaba46c6855b7ad893e31919e2c592203503d818a0445a64c284165d4184d452df7266916f0b1eb264e42a0ac216e514939c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0102db14a2e0e79d6f63a3cdfeed8e63

SHA1
8965b9ef5d08e410d88cea0651da34f993a8c698

SHA256
871c18d027ceeda4a50456fa5987005778aa9791db432ff26505d293e9eb64fb

SHA512
c47c2e7c982d23a5447138bb158f8f7f6484a6e9813bfab47cebae15e8a236a97cde5f0e203accfabe81b8e940c94225da9594f32ce72496239a1de3055ee128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\093f85d4-4629-4813-9386-37d950d7c247

Filesize
746B

MD5
25e94f4d778aa14a0064b420768fff9b

SHA1
31273f69592579456cb1e7ba7ed04c15b9b4c939

SHA256
d895e403c8775da8c0e63bb4fac9dcd1824206a65ad1dce8e3cbd40215d48953

SHA512
3367d1e1993555a165d1bc3909e73884fc9d46d7c890bb2d2229d03969acad19ad025f705016aea75d929a363da1f13b13f8e2b1fe7fc5cde6ab28b9e15ae302

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\datareporting\glean\pending_pings\c291e003-a61e-449f-a187-9bccd8d61cc4

Filesize
10KB

MD5
e2cf5340abd2413bda841e63ec7b82eb

SHA1
750d30145fb3b7e1b4608579ae0ca2df0023da39

SHA256
b055e7e80531ce22377091be8b9288bd93b74c1405c72bd6d3db23803cf58ecf

SHA512
87f6ec57d41475e1259edcfed323c1a54929562888fd874387f6cc6575902b7dd1755e4a828f8e270164834e51d290687b12a49b7249716ecfefd21d3e409605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.4MB

MD5
f02c426eca73fe5533079459b82b2920

SHA1
c9cb68d1b2f81df4aabbaec86d1314720fcd56aa

SHA256
71c6eafb656c3e27716c0f96c3ea09a91fb976afbd2ac61b9c98d12957622d12

SHA512
593f3623f695b2eda43bd20c9bf29f19e3a4a569d9156387e1fa7dc67da38fd2281bc5a06424b284b76394a667aeda419355d446c3cd8c2334bf04fee5b0087a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs-1.js

Filesize
7KB

MD5
02cb2e2297ca9ef0b0f74bf2e4992bb1

SHA1
23787e5237fab7d64932ef48cfa2cb4632b08504

SHA256
978429f94f42f6829ea944d3790c850ed0e93c551b4641687fd3ff0cbabb41da

SHA512
ccf03631cb74726c4eb7331c065f24bb443fc7e16fbefc9d9f98ebcafd3cf3cc7749b7d0d2212a9793490849c035b11141d5b5025b1723fc6e9e25224afda592

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\prefs-1.js

Filesize
6KB

MD5
8b1050298151ca4ee833d98561ccd865

SHA1
d5fb0a54a0909ff5147a1cc527384735937c1485

SHA256
04c9df5ba8707e74cae21766724b87fe23c2cdddcbf80a107e756e16edb2829e

SHA512
9727d77502e08f44891a88a62924d9b74ae758d22558a8cfce311995c15c231c91d9d547875917b7e8e37701cdd491c8803f348416b3182cca9ea562eff77bb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
89ed87f1cfe72a87f682391d4bae8822

SHA1
60e682c8d534fe1d0021c0fb9917e128ca88e801

SHA256
f7f06cd505b36fe205cc9d1e6953a5cb08baa4a98e258d7c8b1e71ec33c241db

SHA512
d6729dfb836b4ebd1de0db1b75d10150d41c4665c78a272010f1f4a57cd48fec731e6ac6e873758ccfd326428550ea173747207d14248091bdfcd954ab3d25c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
27d6588e178b8b4ee8b8e64aee80a8e1

SHA1
1fb2cc6ab61d962327a8f2c6910d4b338b8ddb87

SHA256
360e5fd64a65ca15ecadd398d4994d52a61c9412aef992c654439c107b4ca17c

SHA512
e69bdebe26d42721c86286dcd34f7ac7058936dd55a583dfc8ceb493cb9e4a6b50fa93ed34d3c82c83ed4d3f454a5e0a8f9b579deb36b6e808f9b85932be2937

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
17f4b4e245a65ddce8e325287a5e1ad4

SHA1
5d204c58a2aa1ef88ee788d17d3d55962d5fe623

SHA256
b2d4cfacc4e2395207453db4d2a9b30aabb8d05a490337cc36c718b06160da44

SHA512
8055f93a57d1178d0eeb316ba15a65d0ae26e578e674510d5b48dedd7ace5f74fadc87b35928fd9735665120428f3b1a13123cccc7a9deabc7021e35f9cb5f8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
e4b1de8a210fbc9cf27b1eb5e7d78141

SHA1
5ac254531c0796de91d57613f4d147fab7b2f1e6

SHA256
94fe4fae682f2e8432999d41c72e55bd51f6a9f959a3213e46c7588acc68cec0

SHA512
e88cb4505e27de6f4fa4fab47c97eb761486ee0cb2354c6eee24ad1481aa34772a43235bb0023db186917b2c4d15e0eadaf94247e43080de86a6852219cc7032

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
46311f334e49f4071eb0d5e8a1bb282d

SHA1
235142735b94b737d3dfafaed109836d480ecded

SHA256
ed06e3d872c8d49be898806794b243ab58fc3a35f3bcb2d9abb838adba4bdf12

SHA512
e2229fba4d74d2186cf61782f8b454ea9f99aece6b3173f98393ae0415933ccdee56efbf7184aabccb1799fe237e01fefb4be646514ace82c34473ac43b2be16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\storage\default\https+++www.pornhub.com\cache\morgue\115\{80627247-3f64-4b24-aa74-1651c9f37773}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6fd8mnze.default-release\storage\default\https+++www.pornhub.com\cache\morgue\167\{22851acc-a3c7-4693-a276-211327494ca7}.final

Filesize
1KB

MD5
932479fe19d996a5e8f139bf51085149

SHA1
da374dfebb658802ee62fc8ec320c3442fc93192

SHA256
c57de29d8406c0e2534d96c4c23199b127d8ee9bb86dce5230bf8157894b4f84

SHA512
ddbc216c01474d8ccc4f73fc78d228e68600b2bc148cdf3b7d12108b9fbdce3f2c91fdddce4841e669b1a2a609a8fae927e2a551efd11877e6513f7849edc05a

Download Submit