Analysis
-
max time kernel
325s -
max time network
326s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 18:24
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://bit.ly/SoundBridge
Resource
win10v2004-20240426-en
General
-
Target
http://bit.ly/SoundBridge
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeDebugPrivilege 2564 firefox.exe Token: SeDebugPrivilege 2564 firefox.exe Token: 33 5656 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5656 AUDIODG.EXE Token: SeDebugPrivilege 2564 firefox.exe Token: SeDebugPrivilege 2564 firefox.exe Token: SeDebugPrivilege 2564 firefox.exe Token: SeDebugPrivilege 2564 firefox.exe -
Suspicious use of FindShellTrayWindow 8 IoCs
pid Process 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe -
Suspicious use of SendNotifyMessage 7 IoCs
pid Process 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe 2564 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2500 wrote to memory of 2564 2500 firefox.exe 83 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 2956 2564 firefox.exe 84 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 PID 2564 wrote to memory of 4960 2564 firefox.exe 85 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://bit.ly/SoundBridge"1⤵
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://bit.ly/SoundBridge2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.0.146446422\475154790" -parentBuildID 20230214051806 -prefsHandle 1812 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7828fc61-b690-4185-9e24-2dc7ea76bf7c} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 1884 1bd59b24358 gpu3⤵PID:2956
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.1.1475327716\813090713" -parentBuildID 20230214051806 -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff943e6-7312-4e44-ae1e-39f0e92e5a5f} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2528 1bd45888d58 socket3⤵PID:4960
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.2.1567969196\1295134554" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2940 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {853a0b89-91fc-4336-b987-d1ecda0b3408} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2928 1bd5ca41858 tab3⤵PID:5092
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.3.881897188\1504591800" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8fff627-e481-4846-b2eb-7e505ab86da0} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 3660 1bd5e6af458 tab3⤵PID:5080
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.4.1794319652\1731208867" -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cdf607e-8039-4231-8c80-d5d7cb7e4bb4} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5116 1bd60436a58 tab3⤵PID:2024
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.5.934928962\939151693" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d7aa556-8f53-40d5-bd91-cc891c12db89} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5252 1bd60435b58 tab3⤵PID:1140
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.6.1213715559\2115896709" -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cec053d-923b-480b-a1ae-559405ec4162} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5140 1bd60436758 tab3⤵PID:4088
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.7.2099735475\1549580636" -childID 6 -isForBrowser -prefsHandle 5044 -prefMapHandle 5284 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b64fec-8c51-4254-886d-0b1a973cf989} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5648 1bd60f8b058 tab3⤵PID:4720
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.8.383075842\1783516657" -parentBuildID 20230214051806 -prefsHandle 3244 -prefMapHandle 5688 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {355ccbb2-b615-4354-8545-5523b44120c4} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5044 1bd61635558 rdd3⤵PID:2936
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.9.35576935\1395976469" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3248 -prefMapHandle 5300 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b12b75d-fa78-4fa6-95b7-170bcbfb0fb7} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 5828 1bd61637f58 utility3⤵PID:4600
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.10.620268527\768048872" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 6060 -prefMapHandle 6056 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84c4543b-198b-49a8-9b3e-2a2e39507af9} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 6068 1bd61637058 utility3⤵PID:2128
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.11.525207128\354087922" -childID 7 -isForBrowser -prefsHandle 6264 -prefMapHandle 6224 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18331b8e-2f74-4b6d-a07c-c4f093e9012c} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 6276 1bd61915b58 tab3⤵PID:5016
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.12.1817500035\1955140481" -childID 8 -isForBrowser -prefsHandle 6472 -prefMapHandle 3576 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3fb429d-2fb3-439b-aa46-a6b2be705c0a} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4840 1bd5fae8d58 tab3⤵PID:5808
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.13.2066797761\572143791" -childID 9 -isForBrowser -prefsHandle 1716 -prefMapHandle 2216 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ee52cb1-a447-44c8-b2f9-e1645a07b98f} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4180 1bd45840058 tab3⤵PID:3464
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.14.404374392\169861405" -childID 10 -isForBrowser -prefsHandle 7192 -prefMapHandle 7204 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b345571-2cd9-47fb-8c51-bc0084425663} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 7212 1bd60f8bc58 tab3⤵PID:4224
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.15.901816410\1324872074" -childID 11 -isForBrowser -prefsHandle 3092 -prefMapHandle 3120 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d238f9d8-f8c9-45b2-beff-edbc1f4b0e40} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 7164 1bd63af6b58 tab3⤵PID:4448
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.16.119146581\1509706775" -childID 12 -isForBrowser -prefsHandle 7600 -prefMapHandle 7596 -prefsLen 28186 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1be86af1-8db2-4dbf-a256-e7368d25e92b} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 6664 1bd5f8d6e58 tab3⤵PID:5092
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x51c 0x3081⤵
- Suspicious use of AdjustPrivilegeToken
PID:5656
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp
Filesize24KB
MD53c6b304202037aeec28d38f69fd2d1e1
SHA1478093d6efaee67c1c17c87783d7307177c0885b
SHA256ca498ce38184283d97cb3dc868711e7cc91ab8e85a558f33bfb9f1b983c56553
SHA5122ac4eedad6b7fd8eed987a637f17239f8afdfd5c393777f281ec021b30b4417f601d6dd7fdc8a01ea513743a8a05ee3d1322247b1d533c4525feb92dc3e25b0b
-
Filesize
16KB
MD5af6cdb19841444ca55ce2753a189b321
SHA1a57177573da5fca3e12d4915b3fd17a5c6bc553b
SHA256b29304b1ad1bc17984e53715fe00702e03ffb265f7c6a87b561113e225d712f4
SHA512d8cd237b06854727cd57f7f7eb8f36ee31f81e465e9473d572932060602460de702d1c4f9828b393c7b8f929ae3bc94e6af0b166d7d4e10666118d643f6eb722
-
Filesize
16KB
MD5f08af3a0ce757b85223eef4e02ffb4a8
SHA1ea45b521421b17d23f795fbe680aebd3511664c6
SHA256bd86d4f10286644879a2236ca41eacff28aac9a463ec661c4ebbd23fcd0239b1
SHA512f5ba9caab1a224a50b36209946936ddb1b9bb1d0d4be8850d0b86c88eb78e39c6a638a9b6b56d928cf36c04ea49b060468a9dd4d846fc9e2d5071c03c2330cd9
-
Filesize
16KB
MD58ca4ac9fb40742a6aacebbe29194ffe5
SHA10f65f2244ff2669e121551cb9cc86d62393e11cc
SHA25653c02f8c75adfd056ad86fe36fb53ca1df8157a4c5f61d23568fc8848aa6cec6
SHA512cb9e946fa25d209ea763aeb78413e3ba2db0be48f15609904ea3184e47a2ce7015e182cf957563fcc09ab76b317c703ced53fb329d0d51d5e836554c051ac59f
-
Filesize
16KB
MD5bf7183bd3c60c49768cc0db7ae778702
SHA17982ade770a075ed5519aba4d4d5c454b3d21962
SHA256d92596402c6599295e2fecd6efa5e37b3d12cb1ff125de0ffe0f411096a31ee7
SHA51256426b383b697563ac2a426d58027538832ce878afdf77d2a717662de460c745c3c90fcbefcdbe435c48ef0d5d7faf85ad3cbee58547677cabd1bace025350bb
-
Filesize
16KB
MD5015414889073c524db403e61065665eb
SHA1b27e19b3c434558a3452cf787d9b829bf5937b04
SHA25618a54252a26901bfdaf2b032f8967f821592ee2b3935bb69e49aba71fdfb6f44
SHA5120fdb165591e2bbf303f8b88bdc7525fd5173291f4acff0298adc9e51908745c5fb15513e595b967b456f2a36a141a304ee71f9405876f156016a3e5c0444d487
-
Filesize
16KB
MD55604346f84150a22382483f2d657ed91
SHA135fdcca5442dfd5b139db6efabaff37e5f4f9dfa
SHA25633456a48535dfd2a848a7c5dbd4b5b54db600c3b1d40f20fc79b162e5195bb0e
SHA512b4976fde5f78e73e014865a6d68098099ee10de280be697e9f57d5c9f0477327a4e2c08f7b8eebd25bc43008b306a865c5edca4b13ed130a1366e6ff73ebf084
-
Filesize
16KB
MD52426c281d49fd36b4dc4210139cf369a
SHA15b6509a38e13069051a12d57124da727befe278f
SHA256edbbfd233479289bffbdad7d0215d137103580b2ed440c69658a2cb05ab16bad
SHA512a31cf9a14f5b7043a53014b900b12a5f8e33ac1c1cfe2699ce69ff80483d6c12790067b01fe4030cc5d42a05be18fd89d7b39cf12c58c3b76fa113ba318efea9
-
Filesize
16KB
MD55b3f75b5ee9530872f0ca9643e11d81c
SHA1bc3337da81fd8d8d17ddd1ee315b775a72271c4a
SHA25615c3df80a844dc926b0f77d7c09a165a485dcf97d0ad4f7e86aa32ee62381d22
SHA512b7a83c34c812c22b01ff0dbf06ba3a587e44368bb5b7f4ff76876eea7f40e3ab4ac73a7b4ac5353bb4979a001862051c50a17b2c9f8e498417ba27e86671819f
-
Filesize
16KB
MD5b3b5a36a6e17bf999408619b3736e929
SHA1a05df0166948112e670f300c4ddd7aef261c899b
SHA2562a4910b5e69d5923dfdb36d63315560adb9d8b4ebf85f67003be6b7696490418
SHA5121abbba17c8b2d7fcb9aa082390913627c3d31b8c04ebc57deca76fcd41743b757d827d15151217c0459373cc4895b592e11cf5649ab4a585902ec3c4732df5d9
-
Filesize
16KB
MD5bc05fc6ede4f11872e706acee34ce377
SHA128b4aea18bb73b293847bda2cc2efa4dbbc123c2
SHA25689bd203ecdf5575bc988013d07928dd36e0b08b8b8aca2a5d6c19e8e7219390e
SHA512d05c091f3a73fdccaca5f4eb3907f009aa8fa7a0022f093cc0542c1c414489b819ece25b86688b08b7870efb3f3826c880f50523177d1156da0887609b7a254d
-
Filesize
16KB
MD5931bdaa78f40f73db1f65e96e2529bdf
SHA196390a79c0f8823df841d8bb5afcc71b209b7410
SHA256aba769ffb6055505051750932bd3b5b43d699bc8f239613dac0a059d361867f8
SHA512f82acc21064598b10787743a55039a85e14ce654597bfe4ea886c3d0a2f52aa4ec100e94183e6736c0a3ccc6f06d89e6b5b4735b9c4c0f366696419f85b73ac8
-
Filesize
16KB
MD5b354b4073a1d2090f0f1d69cb2ef3155
SHA1cfd90a1ca009e4c0e005de7a0bd9ae69f924626b
SHA25661aa1a1921fd67d53a14304945bb2f1b9e5224bc7395c4746a78536e5974dde8
SHA5128080c227b0ed57bcf148a901b532b8c4516974c328f90019d44d80755f44f779fcd68b9f8b11d53f520213ffa0ada47da2c50abdec99a8db4fad40f53820e61a
-
Filesize
16KB
MD5d7980e0a701eccd74b84071347f4db7a
SHA1a93787d6988f857822dbc08167742abcd1f65a15
SHA256a727a61d33bd0aa876242eab024a9df0c99a4b9e04ef083b1a660c26ff020545
SHA512015ced5ebde34d70230bb6d6f5f9a0692af007ebf099735491c42a4439dc5f23a6018cb8bcb77a097868c6d11827ea49d5ce91201632e949f55388452257a4f4
-
Filesize
16KB
MD5ba63c380d42543ee6226b4d9251a3851
SHA1563515220755ff2b8194a40cb8757208fdea9e20
SHA2568676eae7a9bc95fd4cc27d1643d675f3e5e1f201c54660d22d95cbd744ca2473
SHA51291f624ee6479cbb5444a0ba78fc34fd8d64902579c0036662c68ff51751b3bfd3b3254ac56f9588aa6d07fb49b3bf8e237a30a918e581ec52cd7140e0051e476
-
Filesize
16KB
MD5f3625cbb0901eb0ecf678cfe5461f600
SHA1607fa168477afcf349991d95578846d7351b7b61
SHA256709e1514beb217407c4d443baf2c554d6673647548d0b87629705cc6670048e7
SHA512208713ff7317745faf0a3a222578c000ee58b5a7dbbfa9031838b3ed7613953f3a4699d679b6ef105f8a2db3e81da638c46acfbc293b14cbb295b4fd910f30fc
-
Filesize
16KB
MD5ef5e86e116ff7d3bdb74cd735612f2fc
SHA11c8ca0c4cb7490d2e2ea438e5dd5b12c6460506e
SHA256db9a2a401208e9f41e7217f049eca004bf08c5dec3b7405aace7b407d593509e
SHA512ad156e9ca8c31e6a806fc7fa3e967b96eb2914498238b98b6c81d712da824c835e38cbf88aa950b06c5102de6759314b4370696160b9393b128ace0942c8eb8c
-
Filesize
11KB
MD527579d3591883769c7d019d8ad577776
SHA1f52598627651d7e198041928d3338bf6254e6a3e
SHA256051c332010071a1e6b80432afbc00e952c342e784fd2e92e137eb02d702e03e1
SHA5123c555d4372b0ab7603208012c01893ba4959256c71ae1bd31500f56f37e9d5ffae8c4253bd68becd208090d22682f1409b8fbabff2cf400594f52609276c4a6e
-
Filesize
16KB
MD5f2ecd4c43086e7496800c13862fc70dc
SHA1bf7b6d06602033944dc89ad1fa52b7c4f7333abc
SHA256d3ad109d5c0dafc104bf4aba13bc9089329a7a4d58c215d935cc05967a35908e
SHA512b75137b55dadc9ad166383d464f20cc81effefc6ffd10fdfb7c00d819cf75a35b4c6af0846a4293d7f9316fd1ca3afbdcd15572881631bd9b37c35f2c98b41bb
-
Filesize
16KB
MD50b6482e975afdbb7268e966f0360f56d
SHA16177e350445ab2dce36c81d383801dcc0bdfa50a
SHA2564ef86f2cf5a47ddfcb1fef23f6034cf1eb0944af14a91e45b3d32e4fd73ec9ef
SHA5120852717750260b918ac57e714d285a8e6c94cf545ca87ba9125ac7d8bb8cbf675c1620ebca8ef7cb011b191134434f3396ee09dfcafdeebc196d00a09c66cd65
-
Filesize
16KB
MD561f343a0b978c9bc8a42e12a61a49a69
SHA160101fd4a2c4d2db1f5417c411cab3f3627d22ba
SHA256ce7d2168b296842209629910a3d6e179b1506eb19032540d9624523cd037e9bd
SHA5123531061f9e8baa5158b65e89c5a0e7ab530ef70bf018c66dc8f10815a51b87ac28ead0dbdf329704b91d3aa0c199b3963d7dc85259a50c1862ea8983180ca810
-
Filesize
16KB
MD51142d4f5b030b98ef79961a7cca3a2bc
SHA117e1eb0a050890d13f24bda876b8332c902ec5fe
SHA256ec8eaf677d8d8c4f45db281c8a2e445e5eb31961c27ce3dbfb6301049ab9690a
SHA512fa6576892097d432c033fc16428998711e069b24767c2a96419926408042a26beea0d9428ac8b3c99d31938250700659b60922aece017b4ddcfc209bec75cd3e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\021C39BDD3BAB163B30C174121801693BEB31A55
Filesize215KB
MD50b06febf73cf875bfe5e8a928bbc26af
SHA1634c0a89e2bcb8f4a05aa2625b201f810033efda
SHA2569ac833181ca338f8eac49f229718eda5a42a46751f7a712d61eceee9bd563ea3
SHA512661d74d75599a30e12c6cb72f85e56bd9966ab743d26cc63f0f7055a95bcaa46efc0f02d6d98cf720ca1f2673a0c45fda7858f3390e567f38784a57b896e7e28
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\2E72DF0140180A9469E5CB353300B5BAA73A8D1F
Filesize22KB
MD51fcde165f8a72ecdc200d83409c7b779
SHA126eedb61c82c18cbdcdfcd840c0ca891413640eb
SHA256345cab4bf5a3b8627205a841bf0148516b3b44a36721e1a7c44c31811491fbb7
SHA5126d260675171c4fcbfeb06a7baec20f001221ab1211b4cabd49ec7d31d4ba495b96401d8d1b5f752fc8019b23ce918b9f9d0faee4aceb04aff814d883a6c9b5c9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize7KB
MD5ca3960775e67cc2efb9477537bfea883
SHA17201493778775603749545b7f56552bf22249c29
SHA25607f893f775d011acf9a2702546227ba21fac6b5909946ec57e72c2a620488f69
SHA5120dae9a975ec429fe96742e6afcb48b6f17c2599b0ae48adb08ed69ab6cbd7d24befdb6879fbd5687ae06428c61b51205610824889ceac4611072cffd33dc1618
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize14KB
MD54d05315154beca664990615f76766c2e
SHA15317ea037a0a9e1b0388f1affe89d50c490a45d7
SHA2565145a2f5d51cc5f5ac38e0dbf20108fa3cb50e2e07a86fbd34a6ac17a120c244
SHA5121ebb4777e7aa002428ac494574c7035122028848a45cfe7f03617e928111db1df07f825ff1c7d3c00540fc49e7bc522670daf8580644bc50849ba397073ee064
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\datareporting\glean\db\data.safe.bin
Filesize182B
MD51c3c58f7838dde7f753614d170f110fc
SHA1c17e5a486cecaddd6ced7217d298306850a87f48
SHA25681c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d
SHA5129f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49
-
Filesize
7KB
MD58b4aa8bac6265b54369a02d5123d9d18
SHA1dd6d4589a76cb681ce7b0906064f3a04dad36a8b
SHA256f427aafe143938ee882ad74fdfcf05173ede9b8640aeefa796fbc9db4ea5ded6
SHA5127a2ee5eb5c3c5986717ecb162907b212fcbad7e51ada8702594477a6fad9ba93170c6211d6eff10581cabec86f7a2e547a1ebbb9bc79e4bce66d09ceac682743
-
Filesize
7KB
MD5d4c5a4a06e63876b1c750a0da488d262
SHA121a3dd659dc0e1ee8c3215b5864d55b88b44d302
SHA256acef582acce18629b459fb3951b8217a74db2cad2aa92f517b747c2a28d9f1a3
SHA51213b1d41e64886dca55e509f98967599fecb78321e1f05762b454268f48f94e369c58a4d16bd9f75b7f4da346b28b0dbd56126bee4f1e01ab81c5620e3bddea86
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5229881d20b1125e811409e05fe5c65d8
SHA1e7caf706bf9c0e6ce8f8aab4c687e255f13dba48
SHA256469134e4e41191e33c85a81037d5423d6c947acb0fb437fa25137daf8d32be3a
SHA512c820331a10b0f16e0320e1c4042f57cd31bdde549f0f183d6f0b5e9d0433789659bf57da054a3eba812da306f503cd1102e5769fc5999147aa69fe1ec4ac939a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD58598662574e21b1b065701d72fcc4a7a
SHA12a5b237244a9e6022d40bef52e20f1586a9322a8
SHA2567ab709b34db5489dd8fbab4c3025a47a8198bbd9bf725f363fa62a7c558e3ad6
SHA512f451556eb50194369660886d08258f833b39336002523e224d2722cbb5726af20565f4e68501dc70f69cc500dc111155f92e47a770d68a264b861145930e2138
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize7KB
MD5f0277a15b6be87e423ca0cbef56ce4fd
SHA1e95d9783e4dea865168d68d8bd619e77f8616edb
SHA256a19ee75a37db9b3c9f0fbc6daca4fae4ff79b8e64fc768fea07b3b631630d09a
SHA512dcb3611ffd891f8e1fc0a9634b2532c85b63b9f915281f681d3b17e79d957c332d7d998334c91e238783e4601750223c0e7a85a2a737799ecef00997db32bcbd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD52ae263fd9dedcdebacd2c0187adb738d
SHA1b145145fcaa9ced32b7be94d3813c8c1fdd023d5
SHA2569d1128f691eb647d963a36245fcaa0b5943f95cfe80e619aac2661cf90dddaad
SHA512ec4229d7ba0759d8bf8f20b6b2e24b160a68035255aaa5469b6e148920def8c3526d960ef1c148821294d78d9687fbb7490ec62ae8ca9fe8e4fb7f0ee3e4782b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize7KB
MD5a78f97a1b1433c9b98353d0093164a6c
SHA14c6b1806e76919629126d2d4e61e5f17ba350ca9
SHA256665cc247e73d3e259c18c610f4aa7f1814447bcd82233de00c7533bc9f60d003
SHA5129af107c33196642e3f7fc2cedb6a927754f1d96aee18e04d36b7c4fdfbc8eb9e12009cecc51109894964f013cdcf2536d477cf2f19b2ae3d500938f8735a7b52
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD5e4b09cc2bf14dc0274bf5f0e25944295
SHA11e9db79058abdfd144da908f4aa43bdda15774c7
SHA2566516c1882f538dffc5df4ece7afa1e59cc0623a2503b4a38215aff204004231e
SHA51219ebb4dd66adcd1c5f8b870f9c721eddd4e31ae1b48fde6f0df4d575b56c168413c1e474f6c1cf97ae4ec58204ff67801fdb58d7d259215a1372d516bb0e47a6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD5a75a0cb1cccf2849ff92050d75c542ee
SHA1d4f4acb3f1abb8f06ed5770c5c7ed6bf85003843
SHA2569e888380e02d452fd30906010ed0911e05cd0c1ee6f94fece50c306712526f92
SHA5124efb139179911d7c72cf900071c2c0a913de90e5d8601d2b718e92ba3610c80120a5fd94c9b9372de8450a7d268a77463c6190ea12f775a669173cc19b985519
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD5c2365bee9205bf320a512a5c6c46e279
SHA144143c7a1d399260b69bf987fe854ee7b2f17365
SHA2562baee131e82edf4f3a100735a199135e2791b0eaa05006c4fb7d03ff41c225f8
SHA512a1597ea367c6f6a25c79c4bbb9a4e70ffb724fe4d10981eaa6153483fbf83a3015c0ddf09c862528377d707e291b25f64a5c4150bae60d9117dfb49efaeb0b29
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5a7c06eab736635b4e65e57397a22e4c4
SHA1acda077af9274006754ddff743b1b97b5bafc13c
SHA2567abd39f5c04ccd03df1f48a0883b1bb059f20a1d089151c75bc085403260ce06
SHA5123ab16973f9e4afbd1b6b2018f0fa51bfa0f392e9b5cc44e3c729df3f7f42beb718541bbeb80ff5f77d921aafb057965d583f869cb6dfb0c612157a1db46f9aa5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD58a056bd0ab3200ecf4f42fe811c7a7f2
SHA11a7ef7857cff596526bc3c69fdb0dbd6526530d7
SHA256a92d98ee53cb20406eeb77aa0bde084c23e89408a507a764a51cd8ddb2ae1e43
SHA5120f5f8afbdb119e449608d8c99fb76427bdaa82aef129c26bf05d82ec2919d6fcc27e6d09f73a21da101a780eef64e186618eaa1da3b27df972979854848f882d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD52c9a835bc047bc9fd60efe17fb07a9e2
SHA14a65e97b8a33227f93fee767216f80b2b4c7b676
SHA2569c653b2f106467eb633c67778f7ef720c7f3a842b2eb4f5e58e6feda542ed6b5
SHA5121a3494a7d49d16c2c6a8e0c2bc1026d4034880fe376aad233dcd519aa8fb4c2409ae9504f346dfcb86291962a41c95427ed497d63214440971ed7974ede6336e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5888b8d1553136205b9c16b06e0f12680
SHA101f693533c0bbf16a6f6b87aa62bbafe2a161df7
SHA256c9a49f1fe8f4cc78cb9a0877e3f5dbf5c0a3e110c7af48b05ffb2ec790bdd025
SHA512352b389517a31edea62f98977079b62cf283a19c02cb7296dff1d8118506c73675c86b4c12ba982bdebf1148eec6f89008eac533af4aef891208fd399cb581b3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD565846d700b4c55135fad2e6335ac3ddf
SHA1cdc7635a3a1fb1a391a4c01646d1925504760897
SHA256c18fd0627a1ff943172284c6636cf1bd3c5e03c0517fedc74bb56bcaa012825f
SHA512cbc17bb56f15809f99ec29b792dafa4ffb4944b832c3c407c01d5e8ec29080bc9d6a05ddf1108f833dc12ad93d144107f034d514ac3ed5f58f4f49c4d3fa349b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize11KB
MD5d1c39bc84bd7c184ee1b9c82bd8241df
SHA10c3379c9a412ab72bf6f205a42e5015488986331
SHA25695e6ce85923c613fa00f3ca0bfb485a63a39174d6886d2b58c0db75ddfe131d7
SHA5129c3db1eb87c5abe1ef97bdee4c18913a4475ad0850bdcb8244067f3afd63a6781789193f4c8ce48730b3a7b1d7beec1c9b21c4c7634d19ca701abb114c372a31
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5910319a42720c0f91b6e89574e2916da
SHA1b335e9c8bff570c00c4039a114cc8a85aaf1dbce
SHA256e026fcf69a2da47df125206904dabf75805e02d756b0cccf739de756ba2b3427
SHA512bdbe8836c4eadc2d2e4d453cabf5a4149711d9e505d86874b0a1ac681de9689988f0c685a428401a0152385ccb8507efa43ce7da9fb4cb81071a7d03e5bad324
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite
Filesize48KB
MD5b859122b11e9950f2e00df450f12874c
SHA13dbb0f4f06ceddb5109edf8d18b341d3761ff667
SHA25629c5e94c3f0df35e5feddfcc29993de625e01557fc4931ec227c940d353b18df
SHA512895e8149bd96e5cc79a755e0b51709f3493fd63ca28c9fa087128455dc8bfa19ba624063b1f2af65aafc9bcfe91572b3555ddc8c9a21be7d44bad58d78bc432e