hxxps://cdn[.]discordapp[.]com/attachments/1203879647289413682/1232787105961349130/dump[.]exe?ex=662ab9f6&is=66296876&hm=0db3af2128886b9393992fd51fedb12d85bcf65b020a1dc623d46719d3c481a9&

Analysis

max time kernel
271s
max time network
299s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24/04/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1203879647289413682/1232787105961349130/dump.exe?ex=662ab9f6&is=66296876&hm=0db3af2128886b9393992fd51fedb12d85bcf65b020a1dc623d46719d3c481a9&

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4092	dump.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3777591257-2471171023-3629228286-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\dump.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4040	firefox.exe
Token: SeDebugPrivilege	4040	firefox.exe
Token: SeDebugPrivilege	4040	firefox.exe
Token: SeDebugPrivilege	4040	firefox.exe
Token: SeDebugPrivilege	4040	firefox.exe
Token: SeDebugPrivilege	4040	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe
4040	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 3056 wrote to memory of 4040	3056	firefox.exe	77
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 1364	4040	firefox.exe	78
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79
PID 4040 wrote to memory of 3032	4040	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cdn.discordapp.com/attachments/1203879647289413682/1232787105961349130/dump.exe?ex=662ab9f6&is=66296876&hm=0db3af2128886b9393992fd51fedb12d85bcf65b020a1dc623d46719d3c481a9&"
1⤵
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cdn.discordapp.com/attachments/1203879647289413682/1232787105961349130/dump.exe?ex=662ab9f6&is=66296876&hm=0db3af2128886b9393992fd51fedb12d85bcf65b020a1dc623d46719d3c481a9&
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.0.412866177\1489609759" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b4201e6-854d-41e9-aded-691280e72b02} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 1848 1e7ffc03e58 gpu
    3⤵
    PID:1364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.1.795766978\1423786280" -parentBuildID 20230214051806 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03942052-28b8-4939-9c39-aa36b3fdf876} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2392 1e780aac058 socket
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.2.1080115700\996794340" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 1608 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2241861-f612-48ab-a00b-4ed4b6c1515e} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 2860 1e78353ed58 tab
    3⤵
    PID:2476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.3.352160134\2011650918" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0fa581a-b4f3-49a6-a2c2-ccf493c95ead} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 3560 1e78639d858 tab
    3⤵
    PID:4324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.4.1234245875\353482980" -childID 3 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 27654 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1dafbc83-6752-4d73-accc-891a9161c4a2} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5472 1e78859d558 tab
    3⤵
    PID:660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.5.1801799339\41438768" -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5636 -prefsLen 27654 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7201e4e5-18ce-4dcf-833c-17d7806d4efd} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5716 1e788ba7e58 tab
    3⤵
    PID:2380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.6.1576443113\694632913" -childID 5 -isForBrowser -prefsHandle 5612 -prefMapHandle 5456 -prefsLen 27654 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7802f2f-81e6-481a-ae18-7a8ab50ac0d0} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5860 1e788ba8458 tab
    3⤵
    PID:4644
- - C:\Users\Admin\Downloads\dump.exe
    "C:\Users\Admin\Downloads\dump.exe"
    3⤵
    - Executes dropped EXE
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.7.402823389\1536780349" -childID 6 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 28079 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f7dd12a-67f4-4d15-a21e-baca67febd89} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 3852 1e78353ff58 tab
    3⤵
    PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.8.492779449\466802945" -childID 7 -isForBrowser -prefsHandle 5448 -prefMapHandle 5608 -prefsLen 28079 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b610867a-4430-418c-a1d5-b22d21b84b9d} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5848 1e78610bf58 tab
    3⤵
    PID:3908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.9.753109934\1388645041" -childID 8 -isForBrowser -prefsHandle 9960 -prefMapHandle 9940 -prefsLen 28215 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feb85f69-e04e-4259-a88b-74fdcae2047b} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 9972 1e788557d58 tab
    3⤵
    PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.10.365871015\285982040" -parentBuildID 20230214051806 -prefsHandle 3100 -prefMapHandle 10016 -prefsLen 28215 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa7bb259-4aef-4676-8fb7-3b577f72c1e3} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 10028 1e78b2abe58 rdd
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.11.1715869365\176752256" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5548 -prefMapHandle 3632 -prefsLen 28215 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42656da3-fbdf-4b58-9549-4f560294ec8c} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 9832 1e78b2aa058 utility
    3⤵
    PID:1700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4040.12.1439884812\1999069217" -childID 9 -isForBrowser -prefsHandle 5688 -prefMapHandle 5712 -prefsLen 28215 -prefMapSize 235121 -jsInitHandle 1064 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30585577-06d8-4205-a97c-e1129a1545e1} 4040 "\\.\pipe\gecko-crash-server-pipe.4040" 5700 1e788ba7258 tab
    3⤵
    PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
a6a2369ff98a32c55f26a5ce4284d9a6

SHA1
a2b5cadb56da96b0893cc49ee6011f69e5a79bb5

SHA256
ba5812684bb8f32163aae12461774cfe561e22ae68a3b905dfcbb9bea8716435

SHA512
6192a303a01f5eafaf32790482c69d5c869da9107d5eab5e648953652d0fecc14a698c06b429e4421a2df1002844f0a32cf8336dc022b99fb5a85f27ba78eed4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\14238

Filesize
9KB

MD5
64f986041d318debe26257473849df7a

SHA1
d39805ba066924e992d9d4da6db13bd832c071d8

SHA256
8c74170471de54a203a0d02adbdae1c14a16c9afb814ea5c177730ede84826c8

SHA512
d77a2129686b21aa74336fbd7a1a0b77b48e21c348d3f6203cb4dbad9ed0fb02d2b2c525cb0ee202a88b6f91c6e6484f181a75b03ff728e74ca218fd256ba952

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\16437

Filesize
11KB

MD5
89174ddbfa0eef9914560cac8b66c460

SHA1
4b316fa8bfda64e740905376e9501eca7d1c9c0f

SHA256
617543b57640704f512115eba9c98f72052b52124566d1dfe98879029d37ed69

SHA512
931d41092cc2c1da144be44be5bcb3b7b74863bfb9a56c21855fbd27ec7e5bcc0d6739359d348c94446095db9a531cea6561edf7e69e1f680e523b477e486846

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\19607

Filesize
11KB

MD5
88af73ff6907d719f533fd8555d2291a

SHA1
8e7f3c4fb8f38e2d95b9276f7408d96babb828af

SHA256
3fd5d65ccebf352f0378e4208597c09686f922118a7e9f879e8a0851327f295f

SHA512
f7ef5c658069296bb243e693a06b5b6f72c129997c91141e763ba902fc037df75c56a56daee9d51069ccc67a7dc08790aa1a898b08eacebb69662254c5948981

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\22524

Filesize
9KB

MD5
29eb6a238119cbd6fdff997ed941f68a

SHA1
ede6f88ce46cd71a2986450c3a90e67e07c5f2c4

SHA256
cc894d9a0fefed4b3811cb22c1f41dca5976bc9ea2ad887a9a22a2ac3fd80d41

SHA512
f31f1c7631a8411eaf883115b9b554c013f3fea81f1ba5e20ec6e32ae91cf0410bc73155ddf2378d82ba8d4b223b80a225451d49461906fba08adadc2c3fa664

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\24113

Filesize
11KB

MD5
b2e199e50ce7db031c1308e7fcc9f3f0

SHA1
8fac710c9f41c8b4b2e9d2b71b7441a464ad9546

SHA256
e04bb6d390115b190a7515beb805550475665d6d14cf118a253e040404b9b403

SHA512
dbb3bf1d8329651601809034cf7bd208c19f0cc64457418e93b3f08daaab6fa4fd1570ab9c1f4d49f87057b1811a84faa60617bde50baa5677d762843b39c3e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\26877

Filesize
8KB

MD5
0bf35b12457c79d557b785d5c8f4ab6a

SHA1
f33e4be72e6beffefa3e6f172c90d853516d9a09

SHA256
a85ac56850dd675219ace50d0ec4fb21efe70b28088eabdfd159671408ab78c9

SHA512
5685f5d05d4af0f45cfb8135a79f12c92698620c3a060a99f7c6811cc8a4b2f9c9f6e467137fc3fc90f8f18809598ecd528ddc93205d296f25012d0041dad083

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\27255

Filesize
11KB

MD5
da9a39231d35f668aae1d318cb10c61b

SHA1
26a0c8c5ea9292b84dbe1f39e9da7f82958d0d26

SHA256
dc4914a287732322409adddf4c53fdf0cf307401c5a24667625d216195c6b302

SHA512
5d139b429cbafcc9aa02ee14e38595da8d0a0b120d02dbcd8c6665c81b172af62067ff0a034d1f74f6c2cc8df81012b97b1259c58fa763c1841ecd089d912ff3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\29724

Filesize
11KB

MD5
59901fcc62b079be80d7c5e2cb4d6ccf

SHA1
24a4c72dec686ba9b3859ffe8c70d137733af087

SHA256
cf6d4fd1e39f45ff0c432d1bde37bb4dfd5e452b10d00f3fb8210e4cfdce4327

SHA512
81f95ccd3d3cdab471c3153e4b63145ab4bf5acbc0a8a44d656fa6a602eace3ea1de757030ad63b9eb0ebb4c5a18a147caeef7345ee42b5eb417e67f79e438cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\32220

Filesize
10KB

MD5
68ecc4278df1b01dbf2c7390f99cce95

SHA1
d6d76ec1b6ff5ab495648b84eff384326e5bb9b2

SHA256
86e44301b50b0e9137ecb7e3be4c6d475def36137c3b3b1645f7dafac00a8eb1

SHA512
2c440077683e259201a9717f87a47d8b3d92830f3b1f4f0e195ef93a7f5b87fcab80dcf9422c2fc86a450cd473e158f139e9a29a7664de80e78e41af30b41e4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\5035

Filesize
8KB

MD5
e09d22572397b3394af09aa04700daf7

SHA1
b15da561c050cff03f0611cfc93d689caa55c2a6

SHA256
4932d7bc0f176d731fb6424235ad731de15f5b5750f8baca9730b0443a2f3394

SHA512
c6a4fb7a7b400e0a354f55403d21c9bf60c5f23392bc71426e4edc44d9b5773e0ac5804f9f2ca7815587242b33e13f1af57c76f54bf895217ff3e104211546e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\7774

Filesize
10KB

MD5
9d8fdbd2caac56fe5d42526d8f3439af

SHA1
50d91ab4a2d0c138df6f57908a63eb9c6d9ef788

SHA256
bfbc345ad267cc786daa05ddc5c387284ebab224bfbb0d5519bfc0a6146fa9d6

SHA512
09fe9b36a4732415dea6a1088b7c59bf4ef9b20310944dd72d1c542b6408d46b16b05373773f687e78ee448acca87ff064d113474e99d9a3e87e91fcb56573f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\7998

Filesize
10KB

MD5
d3b234e2918fb172c6c2c5350d801cc6

SHA1
89a380f4af56c86577cded219cc911a28c903fa1

SHA256
0589f289c84fba21f3e091e8a91254c04822c60b6310ea9d8a7c0c1d89540706

SHA512
68f6e05ecdd6b38a1d0b87915d003e5a6ce5d28bfc7f57121992ef92a68351c1af1ea2e97038342a2def5eb0caaba9e2e1086bd41a1e50c5a6a3fdd1e565cc5f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\8177

Filesize
32KB

MD5
d39f4c9937b1a5d135f0f7165b24cf93

SHA1
7213a2a4f508417ef480692ca1ff5108bf1ba504

SHA256
cd2c8be1c6024c3aa516c6009aff9eb9f0cef5fb0d0b989ed42f962daab2eb2b

SHA512
ce40566018ab405814e704e9c3ad3e374dabbf400fc9928127a30b79fb8e98e51f694c4ac7773e532420f269b45eb1753fd56648393fd383057c557e71cdd737

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\doomed\906

Filesize
11KB

MD5
6fc4bbebe715bb2dd0018332c70069c4

SHA1
99d9758bd1275afb8fe63dba09c549aca3b871b6

SHA256
0e6deb007309abcd533c8af7a3abfd7eb2b8d75d8b9809973457d560e0a2a1f0

SHA512
f24be059364268494b662c478f7e532ea199eeef5f6d63837dbea46bacbdf2411fe1c9a19f831b96d45c8df523f797ad1edb9bd525d8fb456b759fcafda014dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
62e3882b020a7ddfc7ebb56d8022e1b7

SHA1
c54ddb949b00b4bc4230ec967708392754de5008

SHA256
a6003c030e1ba272a901ffaa42507044b666b9627db2a5d6c199c99b76b2f0e9

SHA512
ad6b84c0ade8759b73e2cc3561e34373374a0e82b46ade9d133f93db610e2f1dbca335da6065dd979908d027eab4aed2e98708114fd2c5c32236f04b3e3070eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
4ad9473b4519eea3dd45a53dbfd75921

SHA1
469bd20bd773d9414715d6533beb70688c513711

SHA256
eb94a01f7edefb261b51d0c34308e8b13f932550292722c00b7906b4d2081d0a

SHA512
bd7797bbdcb5e97ac79357c5c88324b245c095a62442f6d6206d9eb57f09712b79fa45e43eae113a90efb8d46bf1363c342686e5de2a68fe873a8a9cb33e0a62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
429a65bf820f12bd042d1cc04b717486

SHA1
09431d94abdcb8534f2242d82fd721fbb6dc5c43

SHA256
0ce1261878c1c81c3ab2bece5075aa0f69267231a6fb59b831354335ae4f69d3

SHA512
e41dcd6033f6ea9622ce0bf23759e63a5d8dbe3a1994a2bab1b16c0ffc49cea1be2471e4de4dffc5620d9ad473197d5ab189ebe1708e251c3631d9a420737100

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
e607e5f6b0ce835c7666d3e09646e4d9

SHA1
1cc06be629d8af919808af2c16ed2ce87d18d02d

SHA256
9961e262baed3d21dbd2cf2912f97370b6bc5263ed862625069678fb9a388547

SHA512
8abbb39c2b7f55c5944d61f9d5daa48a379a02f5a1a2bc107cbf13d7c65fda6ff5b7f3398cf00f60d3e6e80a27c10cc0d490ed440aa8e01155e326c5ec0cea76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\prefs-1.js

Filesize
7KB

MD5
870e098c6433075f76380be26b49afd0

SHA1
4a92b65fe58261176e1cd5d9a38a3438899dc4e5

SHA256
e6217d35e71326b54d0a74bf286d762af8ee8ede55da0891ad71373b46851ce4

SHA512
605391d2f14b9e04a89516ec7fe110eb48be4d346c0f296b136387e290852f31d2afa190059ef91d294abbd1cecf0631776732cafb22188af74f09a1f1ba4124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\prefs-1.js

Filesize
6KB

MD5
c70f822d3a23664f160109b58581c0e2

SHA1
6ff45c64224959143a1c506903404a9e902e6c83

SHA256
d48f056abd8ea3db943e295bc374b438b0c9eeab59de7702c0157bf3c3c2affb

SHA512
1660d5459385e8f65b5c122ed221bf09a2095718c290009e0aefd2c817447c15971853bd0da14d658cebc614cf40f7955ede9e31cb2f273a83d9cc1e62cc4e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\prefs-1.js

Filesize
7KB

MD5
e8b846964897185c14b96bc5a9528bf4

SHA1
2d5c11220e6d2d956124828fe27e4f8cce59bfd5

SHA256
e755ba8ad55be4c1a8cc4697fc27217758f8e4b062285fc7e1a21081fa431157

SHA512
0bf0e783e2446dcf8ce1de7ccc392fbb604ae0cb04ad2b8261ada217241f5ca302bfa9e705959086901a0b260b505eccdaf9e0e27ce47eb19386248307bbfdb7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
80dcfa26ffbd563c3d25b9eeb8452829

SHA1
6f63b324467ac2561af86904c29a142162d51459

SHA256
26723daf41093c09aff7171d6fa3a05ac22609ea66442d4f7b289b9b6b81fdc5

SHA512
55d248f525d5875fff982eb2ac10515b5d6e9215df7b9fce8386def1d835b97d427c23dd50a5d78ff4e9b5441c3ed23ec7db2725581b7c31ad130b92865030a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
dbc0e60894b26bce5bc7e8d710f33599

SHA1
b867c033cefc1e33335ed2990b4c2ea391f0b5a9

SHA256
fbc1eff7da34b03e787f0e0b15089407664061caa21984a18136569dd19a098d

SHA512
9901586a29f3db38a24cecd4da304bbe5a8c9aa63a02779b4df4218c212c32e22449917e8589cdd4875bfe8fc2ba40bd9b5ef7c7b80673736a05cacf2f014ee1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
ed5dd58d3c751fd14daeb3f98b02d11d

SHA1
4b6638d0db7a67c042e0e98cd49e6da23e17350b

SHA256
a6bcf65cbe3a28520334a1c02624d5174039c2e804362e26a1cf251b84a7d19f

SHA512
785fcf491525589c55a4b4aa7534c90186c53c40fb46b7a9bf6b59a96d878d5580ca72ffd6a42e5e4c33db426051db801e7f8c62902c0d4f3175d998d1163d8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1057d56741e523939d1cc93b679c45dc

SHA1
96b8067af7020950be255bb7d59f2cd143863057

SHA256
c5b68ff2e91733f208bbd6c43a7281ab9a81c12fa6fa0677759df20531346297

SHA512
62e54cacc9d9b3eef5d66381b3899dd805b7aba6672d9292bd8f129f71f6e5e2c66b9aa86b3f0e795196dec56910bdd0d06ef8a4653bce8f5dca78d27e308571

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
31699a8e0345ca4ecd1d488c8aa25fb4

SHA1
0a263f72663cbd7f834dc41ac129463b80b4f69d

SHA256
3d30490b547c1120867119bcf67f7f8db2b23877540cb7193a71a85be4775b52

SHA512
2c0a999b6db1c454c8ac70b57c641ce9dd60eec7d995bbcc2cc5691c0652b6848a6f8576c74eb8a0089f931f9ab218e86dc55b724653a659c86896686b92170e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
2b6deb94a3dd713a586beef8d4817db6

SHA1
6bdaba5d5cd1a042e0ac2302913ec6bbfbdec7cd

SHA256
9e8609af968b357b56cc85ed26f72b466f92d83ba5fd7f15a38c8b1314b1fd09

SHA512
78b9b27e17df7c7007fb8443cc7be26a30f02a71662e06a8f511f0d89d1e8e27db4791102ce647f410da622d347feb159497b98d804ff08bf1d843c2d711e5e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bcdi3zmp.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
13cc25353e39357b113077b17f29cd7b

SHA1
0cf5c8bca041bcff1d481e71859746c395533149

SHA256
74f70d98d43865c65c0f4374649c454bb53baa8e7046b6d993f7568c10537c9d

SHA512
11768a13a35b5906357ca8c54e5782156c40904d9d7ef339bb955b8ac2a3cddc0882a1c92f9eee25712c6afd4c429d116c5d650969cd990ea22fecd95ef0e208

Download Submit
C:\Users\Admin\Downloads\dump.-dEMC09T.exe.part

Filesize
93.6MB

MD5
612a4decb2f0e614b015f604adc44bf3

SHA1
35408bc686ec24100d615e3407fca894f6022fbe

SHA256
7eb3b900ccf9f399cff1c85a13e8fee73e398dfa6c16c577957fec3b9592675a

SHA512
ffdbdb657a58a245bbe11fc2296ca9f55b524e7323bf1eece7241346319d8b1374f59884b65084970c8e11692f513ce2087cf92a88e69ca7e8e7bef44478c26b

Download Submit
C:\Users\Admin\Downloads\dump.exe:Zone.Identifier

Filesize
216B

MD5
29ab399b0955009872bda6c234bb65e1

SHA1
021573159338b95c5d700a3f54a0a08815dd22c7

SHA256
9b904d0c7d1d1cad388dfe0cd39613d009be7c58955ba5f4c0232d44f00b670e

SHA512
352094121894ff7cf2d207bae09c583428fe048e1616dd9690e37c6834c2dc09ee20dd3acf46020a3aff2dc32404cc046cb372cdbb734decd87575fc11d909f5

Download Submit