Resubmissions

01/06/2024, 18:30

240601-w5rcyabb7s 1

01/06/2024, 18:24

240601-w12m4sbf73 1

Analysis

  • max time kernel
    325s
  • max time network
    326s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 18:24

General

  • Target

    http://bit.ly/SoundBridge

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bit.ly/SoundBridge"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bit.ly/SoundBridge
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.0.146446422\475154790" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7828fc61-b690-4185-9e24-2dc7ea76bf7c} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 1884 1bd59b24358 gpu
        3⤵
          PID:2956
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.1.1475327716\813090713" -parentBuildID 20230214051806 -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff943e6-7312-4e44-ae1e-39f0e92e5a5f} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2528 1bd45888d58 socket
          3⤵
            PID:4960
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.2.1567969196\1295134554" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2940 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {853a0b89-91fc-4336-b987-d1ecda0b3408} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2928 1bd5ca41858 tab
            3⤵
              PID:5092
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.3.881897188\1504591800" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8fff627-e481-4846-b2eb-7e505ab86da0} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 3660 1bd5e6af458 tab
              3⤵
                PID:5080
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.4.1794319652\1731208867" -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cdf607e-8039-4231-8c80-d5d7cb7e4bb4} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5116 1bd60436a58 tab
                3⤵
                  PID:2024
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.5.934928962\939151693" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d7aa556-8f53-40d5-bd91-cc891c12db89} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5252 1bd60435b58 tab
                  3⤵
                    PID:1140
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.6.1213715559\2115896709" -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cec053d-923b-480b-a1ae-559405ec4162} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5140 1bd60436758 tab
                    3⤵
                      PID:4088
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.7.2099735475\1549580636" -childID 6 -isForBrowser -prefsHandle 5044 -prefMapHandle 5284 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b64fec-8c51-4254-886d-0b1a973cf989} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5648 1bd60f8b058 tab
                      3⤵
                        PID:4720
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.8.383075842\1783516657" -parentBuildID 20230214051806 -prefsHandle 3244 -prefMapHandle 5688 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {355ccbb2-b615-4354-8545-5523b44120c4} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5044 1bd61635558 rdd
                        3⤵
                          PID:2936
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.9.35576935\1395976469" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3248 -prefMapHandle 5300 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b12b75d-fa78-4fa6-95b7-170bcbfb0fb7} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5828 1bd61637f58 utility
                          3⤵
                            PID:4600
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.10.620268527\768048872" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84c4543b-198b-49a8-9b3e-2a2e39507af9} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 6068 1bd61637058 utility
                            3⤵
                              PID:2128
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.11.525207128\354087922" -childID 7 -isForBrowser -prefsHandle 6264 -prefMapHandle 6224 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18331b8e-2f74-4b6d-a07c-c4f093e9012c} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 6276 1bd61915b58 tab
                              3⤵
                                PID:5016
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.12.1817500035\1955140481" -childID 8 -isForBrowser -prefsHandle 6472 -prefMapHandle 3576 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3fb429d-2fb3-439b-aa46-a6b2be705c0a} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4840 1bd5fae8d58 tab
                                3⤵
                                  PID:5808
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.13.2066797761\572143791" -childID 9 -isForBrowser -prefsHandle 1716 -prefMapHandle 2216 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ee52cb1-a447-44c8-b2f9-e1645a07b98f} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4180 1bd45840058 tab
                                  3⤵
                                    PID:3464
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.14.404374392\169861405" -childID 10 -isForBrowser -prefsHandle 7192 -prefMapHandle 7204 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b345571-2cd9-47fb-8c51-bc0084425663} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 7212 1bd60f8bc58 tab
                                    3⤵
                                      PID:4224
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.15.901816410\1324872074" -childID 11 -isForBrowser -prefsHandle 3092 -prefMapHandle 3120 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d238f9d8-f8c9-45b2-beff-edbc1f4b0e40} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 7164 1bd63af6b58 tab
                                      3⤵
                                        PID:4448
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.16.119146581\1509706775" -childID 12 -isForBrowser -prefsHandle 7600 -prefMapHandle 7596 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1be86af1-8db2-4dbf-a256-e7368d25e92b} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 6664 1bd5f8d6e58 tab
                                        3⤵
                                          PID:5092
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x51c 0x308
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:5656

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp

                                      Filesize

                                      24KB

                                      MD5

                                      3c6b304202037aeec28d38f69fd2d1e1

                                      SHA1

                                      478093d6efaee67c1c17c87783d7307177c0885b

                                      SHA256

                                      ca498ce38184283d97cb3dc868711e7cc91ab8e85a558f33bfb9f1b983c56553

                                      SHA512

                                      2ac4eedad6b7fd8eed987a637f17239f8afdfd5c393777f281ec021b30b4417f601d6dd7fdc8a01ea513743a8a05ee3d1322247b1d533c4525feb92dc3e25b0b

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\11017

                                      Filesize

                                      16KB

                                      MD5

                                      af6cdb19841444ca55ce2753a189b321

                                      SHA1

                                      a57177573da5fca3e12d4915b3fd17a5c6bc553b

                                      SHA256

                                      b29304b1ad1bc17984e53715fe00702e03ffb265f7c6a87b561113e225d712f4

                                      SHA512

                                      d8cd237b06854727cd57f7f7eb8f36ee31f81e465e9473d572932060602460de702d1c4f9828b393c7b8f929ae3bc94e6af0b166d7d4e10666118d643f6eb722

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\11465

                                      Filesize

                                      16KB

                                      MD5

                                      f08af3a0ce757b85223eef4e02ffb4a8

                                      SHA1

                                      ea45b521421b17d23f795fbe680aebd3511664c6

                                      SHA256

                                      bd86d4f10286644879a2236ca41eacff28aac9a463ec661c4ebbd23fcd0239b1

                                      SHA512

                                      f5ba9caab1a224a50b36209946936ddb1b9bb1d0d4be8850d0b86c88eb78e39c6a638a9b6b56d928cf36c04ea49b060468a9dd4d846fc9e2d5071c03c2330cd9

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\1174

                                      Filesize

                                      16KB

                                      MD5

                                      8ca4ac9fb40742a6aacebbe29194ffe5

                                      SHA1

                                      0f65f2244ff2669e121551cb9cc86d62393e11cc

                                      SHA256

                                      53c02f8c75adfd056ad86fe36fb53ca1df8157a4c5f61d23568fc8848aa6cec6

                                      SHA512

                                      cb9e946fa25d209ea763aeb78413e3ba2db0be48f15609904ea3184e47a2ce7015e182cf957563fcc09ab76b317c703ced53fb329d0d51d5e836554c051ac59f

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\13787

                                      Filesize

                                      16KB

                                      MD5

                                      bf7183bd3c60c49768cc0db7ae778702

                                      SHA1

                                      7982ade770a075ed5519aba4d4d5c454b3d21962

                                      SHA256

                                      d92596402c6599295e2fecd6efa5e37b3d12cb1ff125de0ffe0f411096a31ee7

                                      SHA512

                                      56426b383b697563ac2a426d58027538832ce878afdf77d2a717662de460c745c3c90fcbefcdbe435c48ef0d5d7faf85ad3cbee58547677cabd1bace025350bb

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\14236

                                      Filesize

                                      16KB

                                      MD5

                                      015414889073c524db403e61065665eb

                                      SHA1

                                      b27e19b3c434558a3452cf787d9b829bf5937b04

                                      SHA256

                                      18a54252a26901bfdaf2b032f8967f821592ee2b3935bb69e49aba71fdfb6f44

                                      SHA512

                                      0fdb165591e2bbf303f8b88bdc7525fd5173291f4acff0298adc9e51908745c5fb15513e595b967b456f2a36a141a304ee71f9405876f156016a3e5c0444d487

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\17132

                                      Filesize

                                      16KB

                                      MD5

                                      5604346f84150a22382483f2d657ed91

                                      SHA1

                                      35fdcca5442dfd5b139db6efabaff37e5f4f9dfa

                                      SHA256

                                      33456a48535dfd2a848a7c5dbd4b5b54db600c3b1d40f20fc79b162e5195bb0e

                                      SHA512

                                      b4976fde5f78e73e014865a6d68098099ee10de280be697e9f57d5c9f0477327a4e2c08f7b8eebd25bc43008b306a865c5edca4b13ed130a1366e6ff73ebf084

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\17154

                                      Filesize

                                      16KB

                                      MD5

                                      2426c281d49fd36b4dc4210139cf369a

                                      SHA1

                                      5b6509a38e13069051a12d57124da727befe278f

                                      SHA256

                                      edbbfd233479289bffbdad7d0215d137103580b2ed440c69658a2cb05ab16bad

                                      SHA512

                                      a31cf9a14f5b7043a53014b900b12a5f8e33ac1c1cfe2699ce69ff80483d6c12790067b01fe4030cc5d42a05be18fd89d7b39cf12c58c3b76fa113ba318efea9

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\19491

                                      Filesize

                                      16KB

                                      MD5

                                      5b3f75b5ee9530872f0ca9643e11d81c

                                      SHA1

                                      bc3337da81fd8d8d17ddd1ee315b775a72271c4a

                                      SHA256

                                      15c3df80a844dc926b0f77d7c09a165a485dcf97d0ad4f7e86aa32ee62381d22

                                      SHA512

                                      b7a83c34c812c22b01ff0dbf06ba3a587e44368bb5b7f4ff76876eea7f40e3ab4ac73a7b4ac5353bb4979a001862051c50a17b2c9f8e498417ba27e86671819f

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\19600

                                      Filesize

                                      16KB

                                      MD5

                                      b3b5a36a6e17bf999408619b3736e929

                                      SHA1

                                      a05df0166948112e670f300c4ddd7aef261c899b

                                      SHA256

                                      2a4910b5e69d5923dfdb36d63315560adb9d8b4ebf85f67003be6b7696490418

                                      SHA512

                                      1abbba17c8b2d7fcb9aa082390913627c3d31b8c04ebc57deca76fcd41743b757d827d15151217c0459373cc4895b592e11cf5649ab4a585902ec3c4732df5d9

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\22137

                                      Filesize

                                      16KB

                                      MD5

                                      bc05fc6ede4f11872e706acee34ce377

                                      SHA1

                                      28b4aea18bb73b293847bda2cc2efa4dbbc123c2

                                      SHA256

                                      89bd203ecdf5575bc988013d07928dd36e0b08b8b8aca2a5d6c19e8e7219390e

                                      SHA512

                                      d05c091f3a73fdccaca5f4eb3907f009aa8fa7a0022f093cc0542c1c414489b819ece25b86688b08b7870efb3f3826c880f50523177d1156da0887609b7a254d

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\22227

                                      Filesize

                                      16KB

                                      MD5

                                      931bdaa78f40f73db1f65e96e2529bdf

                                      SHA1

                                      96390a79c0f8823df841d8bb5afcc71b209b7410

                                      SHA256

                                      aba769ffb6055505051750932bd3b5b43d699bc8f239613dac0a059d361867f8

                                      SHA512

                                      f82acc21064598b10787743a55039a85e14ce654597bfe4ea886c3d0a2f52aa4ec100e94183e6736c0a3ccc6f06d89e6b5b4735b9c4c0f366696419f85b73ac8

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\2251

                                      Filesize

                                      16KB

                                      MD5

                                      b354b4073a1d2090f0f1d69cb2ef3155

                                      SHA1

                                      cfd90a1ca009e4c0e005de7a0bd9ae69f924626b

                                      SHA256

                                      61aa1a1921fd67d53a14304945bb2f1b9e5224bc7395c4746a78536e5974dde8

                                      SHA512

                                      8080c227b0ed57bcf148a901b532b8c4516974c328f90019d44d80755f44f779fcd68b9f8b11d53f520213ffa0ada47da2c50abdec99a8db4fad40f53820e61a

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\24336

                                      Filesize

                                      16KB

                                      MD5

                                      d7980e0a701eccd74b84071347f4db7a

                                      SHA1

                                      a93787d6988f857822dbc08167742abcd1f65a15

                                      SHA256

                                      a727a61d33bd0aa876242eab024a9df0c99a4b9e04ef083b1a660c26ff020545

                                      SHA512

                                      015ced5ebde34d70230bb6d6f5f9a0692af007ebf099735491c42a4439dc5f23a6018cb8bcb77a097868c6d11827ea49d5ce91201632e949f55388452257a4f4

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\24528

                                      Filesize

                                      16KB

                                      MD5

                                      ba63c380d42543ee6226b4d9251a3851

                                      SHA1

                                      563515220755ff2b8194a40cb8757208fdea9e20

                                      SHA256

                                      8676eae7a9bc95fd4cc27d1643d675f3e5e1f201c54660d22d95cbd744ca2473

                                      SHA512

                                      91f624ee6479cbb5444a0ba78fc34fd8d64902579c0036662c68ff51751b3bfd3b3254ac56f9588aa6d07fb49b3bf8e237a30a918e581ec52cd7140e0051e476

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\25075

                                      Filesize

                                      16KB

                                      MD5

                                      f3625cbb0901eb0ecf678cfe5461f600

                                      SHA1

                                      607fa168477afcf349991d95578846d7351b7b61

                                      SHA256

                                      709e1514beb217407c4d443baf2c554d6673647548d0b87629705cc6670048e7

                                      SHA512

                                      208713ff7317745faf0a3a222578c000ee58b5a7dbbfa9031838b3ed7613953f3a4699d679b6ef105f8a2db3e81da638c46acfbc293b14cbb295b4fd910f30fc

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\25176

                                      Filesize

                                      16KB

                                      MD5

                                      ef5e86e116ff7d3bdb74cd735612f2fc

                                      SHA1

                                      1c8ca0c4cb7490d2e2ea438e5dd5b12c6460506e

                                      SHA256

                                      db9a2a401208e9f41e7217f049eca004bf08c5dec3b7405aace7b407d593509e

                                      SHA512

                                      ad156e9ca8c31e6a806fc7fa3e967b96eb2914498238b98b6c81d712da824c835e38cbf88aa950b06c5102de6759314b4370696160b9393b128ace0942c8eb8c

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\26491

                                      Filesize

                                      11KB

                                      MD5

                                      27579d3591883769c7d019d8ad577776

                                      SHA1

                                      f52598627651d7e198041928d3338bf6254e6a3e

                                      SHA256

                                      051c332010071a1e6b80432afbc00e952c342e784fd2e92e137eb02d702e03e1

                                      SHA512

                                      3c555d4372b0ab7603208012c01893ba4959256c71ae1bd31500f56f37e9d5ffae8c4253bd68becd208090d22682f1409b8fbabff2cf400594f52609276c4a6e

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\28579

                                      Filesize

                                      16KB

                                      MD5

                                      f2ecd4c43086e7496800c13862fc70dc

                                      SHA1

                                      bf7b6d06602033944dc89ad1fa52b7c4f7333abc

                                      SHA256

                                      d3ad109d5c0dafc104bf4aba13bc9089329a7a4d58c215d935cc05967a35908e

                                      SHA512

                                      b75137b55dadc9ad166383d464f20cc81effefc6ffd10fdfb7c00d819cf75a35b4c6af0846a4293d7f9316fd1ca3afbdcd15572881631bd9b37c35f2c98b41bb

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\5000

                                      Filesize

                                      16KB

                                      MD5

                                      0b6482e975afdbb7268e966f0360f56d

                                      SHA1

                                      6177e350445ab2dce36c81d383801dcc0bdfa50a

                                      SHA256

                                      4ef86f2cf5a47ddfcb1fef23f6034cf1eb0944af14a91e45b3d32e4fd73ec9ef

                                      SHA512

                                      0852717750260b918ac57e714d285a8e6c94cf545ca87ba9125ac7d8bb8cbf675c1620ebca8ef7cb011b191134434f3396ee09dfcafdeebc196d00a09c66cd65

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\6043

                                      Filesize

                                      16KB

                                      MD5

                                      61f343a0b978c9bc8a42e12a61a49a69

                                      SHA1

                                      60101fd4a2c4d2db1f5417c411cab3f3627d22ba

                                      SHA256

                                      ce7d2168b296842209629910a3d6e179b1506eb19032540d9624523cd037e9bd

                                      SHA512

                                      3531061f9e8baa5158b65e89c5a0e7ab530ef70bf018c66dc8f10815a51b87ac28ead0dbdf329704b91d3aa0c199b3963d7dc85259a50c1862ea8983180ca810

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\doomed\7144

                                      Filesize

                                      16KB

                                      MD5

                                      1142d4f5b030b98ef79961a7cca3a2bc

                                      SHA1

                                      17e1eb0a050890d13f24bda876b8332c902ec5fe

                                      SHA256

                                      ec8eaf677d8d8c4f45db281c8a2e445e5eb31961c27ce3dbfb6301049ab9690a

                                      SHA512

                                      fa6576892097d432c033fc16428998711e069b24767c2a96419926408042a26beea0d9428ac8b3c99d31938250700659b60922aece017b4ddcfc209bec75cd3e

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\021C39BDD3BAB163B30C174121801693BEB31A55

                                      Filesize

                                      215KB

                                      MD5

                                      0b06febf73cf875bfe5e8a928bbc26af

                                      SHA1

                                      634c0a89e2bcb8f4a05aa2625b201f810033efda

                                      SHA256

                                      9ac833181ca338f8eac49f229718eda5a42a46751f7a712d61eceee9bd563ea3

                                      SHA512

                                      661d74d75599a30e12c6cb72f85e56bd9966ab743d26cc63f0f7055a95bcaa46efc0f02d6d98cf720ca1f2673a0c45fda7858f3390e567f38784a57b896e7e28

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\2E72DF0140180A9469E5CB353300B5BAA73A8D1F

                                      Filesize

                                      22KB

                                      MD5

                                      1fcde165f8a72ecdc200d83409c7b779

                                      SHA1

                                      26eedb61c82c18cbdcdfcd840c0ca891413640eb

                                      SHA256

                                      345cab4bf5a3b8627205a841bf0148516b3b44a36721e1a7c44c31811491fbb7

                                      SHA512

                                      6d260675171c4fcbfeb06a7baec20f001221ab1211b4cabd49ec7d31d4ba495b96401d8d1b5f752fc8019b23ce918b9f9d0faee4aceb04aff814d883a6c9b5c9

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                      Filesize

                                      7KB

                                      MD5

                                      ca3960775e67cc2efb9477537bfea883

                                      SHA1

                                      7201493778775603749545b7f56552bf22249c29

                                      SHA256

                                      07f893f775d011acf9a2702546227ba21fac6b5909946ec57e72c2a620488f69

                                      SHA512

                                      0dae9a975ec429fe96742e6afcb48b6f17c2599b0ae48adb08ed69ab6cbd7d24befdb6879fbd5687ae06428c61b51205610824889ceac4611072cffd33dc1618

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                      Filesize

                                      14KB

                                      MD5

                                      4d05315154beca664990615f76766c2e

                                      SHA1

                                      5317ea037a0a9e1b0388f1affe89d50c490a45d7

                                      SHA256

                                      5145a2f5d51cc5f5ac38e0dbf20108fa3cb50e2e07a86fbd34a6ac17a120c244

                                      SHA512

                                      1ebb4777e7aa002428ac494574c7035122028848a45cfe7f03617e928111db1df07f825ff1c7d3c00540fc49e7bc522670daf8580644bc50849ba397073ee064

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\datareporting\glean\db\data.safe.bin

                                      Filesize

                                      182B

                                      MD5

                                      1c3c58f7838dde7f753614d170f110fc

                                      SHA1

                                      c17e5a486cecaddd6ced7217d298306850a87f48

                                      SHA256

                                      81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

                                      SHA512

                                      9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

                                      Filesize

                                      7KB

                                      MD5

                                      8b4aa8bac6265b54369a02d5123d9d18

                                      SHA1

                                      dd6d4589a76cb681ce7b0906064f3a04dad36a8b

                                      SHA256

                                      f427aafe143938ee882ad74fdfcf05173ede9b8640aeefa796fbc9db4ea5ded6

                                      SHA512

                                      7a2ee5eb5c3c5986717ecb162907b212fcbad7e51ada8702594477a6fad9ba93170c6211d6eff10581cabec86f7a2e547a1ebbb9bc79e4bce66d09ceac682743

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js

                                      Filesize

                                      7KB

                                      MD5

                                      d4c5a4a06e63876b1c750a0da488d262

                                      SHA1

                                      21a3dd659dc0e1ee8c3215b5864d55b88b44d302

                                      SHA256

                                      acef582acce18629b459fb3951b8217a74db2cad2aa92f517b747c2a28d9f1a3

                                      SHA512

                                      13b1d41e64886dca55e509f98967599fecb78321e1f05762b454268f48f94e369c58a4d16bd9f75b7f4da346b28b0dbd56126bee4f1e01ab81c5620e3bddea86

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      229881d20b1125e811409e05fe5c65d8

                                      SHA1

                                      e7caf706bf9c0e6ce8f8aab4c687e255f13dba48

                                      SHA256

                                      469134e4e41191e33c85a81037d5423d6c947acb0fb437fa25137daf8d32be3a

                                      SHA512

                                      c820331a10b0f16e0320e1c4042f57cd31bdde549f0f183d6f0b5e9d0433789659bf57da054a3eba812da306f503cd1102e5769fc5999147aa69fe1ec4ac939a

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      8598662574e21b1b065701d72fcc4a7a

                                      SHA1

                                      2a5b237244a9e6022d40bef52e20f1586a9322a8

                                      SHA256

                                      7ab709b34db5489dd8fbab4c3025a47a8198bbd9bf725f363fa62a7c558e3ad6

                                      SHA512

                                      f451556eb50194369660886d08258f833b39336002523e224d2722cbb5726af20565f4e68501dc70f69cc500dc111155f92e47a770d68a264b861145930e2138

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      7KB

                                      MD5

                                      f0277a15b6be87e423ca0cbef56ce4fd

                                      SHA1

                                      e95d9783e4dea865168d68d8bd619e77f8616edb

                                      SHA256

                                      a19ee75a37db9b3c9f0fbc6daca4fae4ff79b8e64fc768fea07b3b631630d09a

                                      SHA512

                                      dcb3611ffd891f8e1fc0a9634b2532c85b63b9f915281f681d3b17e79d957c332d7d998334c91e238783e4601750223c0e7a85a2a737799ecef00997db32bcbd

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      8KB

                                      MD5

                                      2ae263fd9dedcdebacd2c0187adb738d

                                      SHA1

                                      b145145fcaa9ced32b7be94d3813c8c1fdd023d5

                                      SHA256

                                      9d1128f691eb647d963a36245fcaa0b5943f95cfe80e619aac2661cf90dddaad

                                      SHA512

                                      ec4229d7ba0759d8bf8f20b6b2e24b160a68035255aaa5469b6e148920def8c3526d960ef1c148821294d78d9687fbb7490ec62ae8ca9fe8e4fb7f0ee3e4782b

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      7KB

                                      MD5

                                      a78f97a1b1433c9b98353d0093164a6c

                                      SHA1

                                      4c6b1806e76919629126d2d4e61e5f17ba350ca9

                                      SHA256

                                      665cc247e73d3e259c18c610f4aa7f1814447bcd82233de00c7533bc9f60d003

                                      SHA512

                                      9af107c33196642e3f7fc2cedb6a927754f1d96aee18e04d36b7c4fdfbc8eb9e12009cecc51109894964f013cdcf2536d477cf2f19b2ae3d500938f8735a7b52

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      9KB

                                      MD5

                                      e4b09cc2bf14dc0274bf5f0e25944295

                                      SHA1

                                      1e9db79058abdfd144da908f4aa43bdda15774c7

                                      SHA256

                                      6516c1882f538dffc5df4ece7afa1e59cc0623a2503b4a38215aff204004231e

                                      SHA512

                                      19ebb4dd66adcd1c5f8b870f9c721eddd4e31ae1b48fde6f0df4d575b56c168413c1e474f6c1cf97ae4ec58204ff67801fdb58d7d259215a1372d516bb0e47a6

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      9KB

                                      MD5

                                      a75a0cb1cccf2849ff92050d75c542ee

                                      SHA1

                                      d4f4acb3f1abb8f06ed5770c5c7ed6bf85003843

                                      SHA256

                                      9e888380e02d452fd30906010ed0911e05cd0c1ee6f94fece50c306712526f92

                                      SHA512

                                      4efb139179911d7c72cf900071c2c0a913de90e5d8601d2b718e92ba3610c80120a5fd94c9b9372de8450a7d268a77463c6190ea12f775a669173cc19b985519

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      11KB

                                      MD5

                                      c2365bee9205bf320a512a5c6c46e279

                                      SHA1

                                      44143c7a1d399260b69bf987fe854ee7b2f17365

                                      SHA256

                                      2baee131e82edf4f3a100735a199135e2791b0eaa05006c4fb7d03ff41c225f8

                                      SHA512

                                      a1597ea367c6f6a25c79c4bbb9a4e70ffb724fe4d10981eaa6153483fbf83a3015c0ddf09c862528377d707e291b25f64a5c4150bae60d9117dfb49efaeb0b29

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      a7c06eab736635b4e65e57397a22e4c4

                                      SHA1

                                      acda077af9274006754ddff743b1b97b5bafc13c

                                      SHA256

                                      7abd39f5c04ccd03df1f48a0883b1bb059f20a1d089151c75bc085403260ce06

                                      SHA512

                                      3ab16973f9e4afbd1b6b2018f0fa51bfa0f392e9b5cc44e3c729df3f7f42beb718541bbeb80ff5f77d921aafb057965d583f869cb6dfb0c612157a1db46f9aa5

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      11KB

                                      MD5

                                      8a056bd0ab3200ecf4f42fe811c7a7f2

                                      SHA1

                                      1a7ef7857cff596526bc3c69fdb0dbd6526530d7

                                      SHA256

                                      a92d98ee53cb20406eeb77aa0bde084c23e89408a507a764a51cd8ddb2ae1e43

                                      SHA512

                                      0f5f8afbdb119e449608d8c99fb76427bdaa82aef129c26bf05d82ec2919d6fcc27e6d09f73a21da101a780eef64e186618eaa1da3b27df972979854848f882d

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      11KB

                                      MD5

                                      2c9a835bc047bc9fd60efe17fb07a9e2

                                      SHA1

                                      4a65e97b8a33227f93fee767216f80b2b4c7b676

                                      SHA256

                                      9c653b2f106467eb633c67778f7ef720c7f3a842b2eb4f5e58e6feda542ed6b5

                                      SHA512

                                      1a3494a7d49d16c2c6a8e0c2bc1026d4034880fe376aad233dcd519aa8fb4c2409ae9504f346dfcb86291962a41c95427ed497d63214440971ed7974ede6336e

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      888b8d1553136205b9c16b06e0f12680

                                      SHA1

                                      01f693533c0bbf16a6f6b87aa62bbafe2a161df7

                                      SHA256

                                      c9a49f1fe8f4cc78cb9a0877e3f5dbf5c0a3e110c7af48b05ffb2ec790bdd025

                                      SHA512

                                      352b389517a31edea62f98977079b62cf283a19c02cb7296dff1d8118506c73675c86b4c12ba982bdebf1148eec6f89008eac533af4aef891208fd399cb581b3

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      11KB

                                      MD5

                                      65846d700b4c55135fad2e6335ac3ddf

                                      SHA1

                                      cdc7635a3a1fb1a391a4c01646d1925504760897

                                      SHA256

                                      c18fd0627a1ff943172284c6636cf1bd3c5e03c0517fedc74bb56bcaa012825f

                                      SHA512

                                      cbc17bb56f15809f99ec29b792dafa4ffb4944b832c3c407c01d5e8ec29080bc9d6a05ddf1108f833dc12ad93d144107f034d514ac3ed5f58f4f49c4d3fa349b

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      11KB

                                      MD5

                                      d1c39bc84bd7c184ee1b9c82bd8241df

                                      SHA1

                                      0c3379c9a412ab72bf6f205a42e5015488986331

                                      SHA256

                                      95e6ce85923c613fa00f3ca0bfb485a63a39174d6886d2b58c0db75ddfe131d7

                                      SHA512

                                      9c3db1eb87c5abe1ef97bdee4c18913a4475ad0850bdcb8244067f3afd63a6781789193f4c8ce48730b3a7b1d7beec1c9b21c4c7634d19ca701abb114c372a31

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      910319a42720c0f91b6e89574e2916da

                                      SHA1

                                      b335e9c8bff570c00c4039a114cc8a85aaf1dbce

                                      SHA256

                                      e026fcf69a2da47df125206904dabf75805e02d756b0cccf739de756ba2b3427

                                      SHA512

                                      bdbe8836c4eadc2d2e4d453cabf5a4149711d9e505d86874b0a1ac681de9689988f0c685a428401a0152385ccb8507efa43ce7da9fb4cb81071a7d03e5bad324

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite

                                      Filesize

                                      48KB

                                      MD5

                                      b859122b11e9950f2e00df450f12874c

                                      SHA1

                                      3dbb0f4f06ceddb5109edf8d18b341d3761ff667

                                      SHA256

                                      29c5e94c3f0df35e5feddfcc29993de625e01557fc4931ec227c940d353b18df

                                      SHA512

                                      895e8149bd96e5cc79a755e0b51709f3493fd63ca28c9fa087128455dc8bfa19ba624063b1f2af65aafc9bcfe91572b3555ddc8c9a21be7d44bad58d78bc432e