2e51701c2ae78af7f1ff4d2aed64148e19d138c36c4096cae67c638e642e054e

Analysis

max time kernel
940s
max time network
1010s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.zip
Size

4KB
MD5

8f09880436e2d5218370bdffe4430d77
SHA1

e9ec604b1cefa128d7b611d88b665f079dce2b24
SHA256

2e51701c2ae78af7f1ff4d2aed64148e19d138c36c4096cae67c638e642e054e
SHA512

7990c6a2efeed4bf57812434d79f0ef968e06a460f28cd23c407f8bbb2a0f84de17309c9acd02e97dc503bb25294f39ad877a69b1f1baddef4d54c0f3f783981
SSDEEP

96:pSfd8hcsTZKP1qiJn46vGM5sXkMVijOJ5hTmT+31+1J1p1nWWjRn0:cfdy8qg46vGMekeijOJrFQV0WjRn0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs

Web Service

T1102

Processes:

flow	ioc
31	drive.google.com
211	drive.google.com
212	drive.google.com
214	drive.google.com
273	drive.google.com
25	drive.google.com
32	drive.google.com
29	drive.google.com
30	drive.google.com
207	drive.google.com
28	drive.google.com
208	drive.google.com
209	drive.google.com
210	drive.google.com
216	drive.google.com
270	drive.google.com

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings firefox.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

584 AcroRd32.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

firefox.exeSetup.exe

description pid process

Token: SeDebugPrivilege 708 firefox.exe
Token: SeDebugPrivilege 708 firefox.exe
Token: SeDebugPrivilege 3276 Setup.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

708 firefox.exe
708 firefox.exe
708 firefox.exe
708 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

708 firefox.exe
708 firefox.exe
708 firefox.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exefirefox.exe

pid process

584 AcroRd32.exe
584 AcroRd32.exe
708 firefox.exe
708 firefox.exe
708 firefox.exe
708 firefox.exe
708 firefox.exe
708 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings	firefox.exe

pid	process
584	AcroRd32.exe

description	pid	process
Token: SeDebugPrivilege	708	firefox.exe
Token: SeDebugPrivilege	708	firefox.exe
Token: SeDebugPrivilege	3276	Setup.exe

pid	process
708	firefox.exe
708	firefox.exe
708	firefox.exe
708	firefox.exe

pid	process
708	firefox.exe
708	firefox.exe
708	firefox.exe

pid	process
584	AcroRd32.exe
584	AcroRd32.exe
708	firefox.exe
708	firefox.exe
708	firefox.exe
708	firefox.exe
708	firefox.exe
708	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 1456 wrote to memory of 708	1456	firefox.exe	firefox.exe
PID 708 wrote to memory of 3052	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 3052	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 3052	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2832	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2680	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2680	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2680	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2680	708	firefox.exe	firefox.exe
PID 708 wrote to memory of 2680	708	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Setup.zip
1⤵
PID:2892

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" shell32.dll,Options_RunDLL 7
1⤵
PID:2648

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1476

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.0.1183580536\1765092129" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0864c4ae-e47d-4033-beb6-a1571c7fbc2a} 708 "\\.\pipe\gecko-crash-server-pipe.708" 1312 10dbee58 gpu
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.1.353549365\232711743" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {013c83fd-0999-4012-89d6-ac1013f621b7} 708 "\\.\pipe\gecko-crash-server-pipe.708" 1500 d71c58 socket
    3⤵
    PID:2832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.2.2001721685\1570792069" -childID 1 -isForBrowser -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95443c01-c7db-4622-973f-1d388ddd0340} 708 "\\.\pipe\gecko-crash-server-pipe.708" 2164 19c83f58 tab
    3⤵
    PID:2680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.3.904927525\1421654890" -childID 2 -isForBrowser -prefsHandle 1652 -prefMapHandle 1648 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaff7d1e-70ef-4f6d-9853-94e26d5964c9} 708 "\\.\pipe\gecko-crash-server-pipe.708" 704 1b51de58 tab
    3⤵
    PID:548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.4.21086460\368096980" -childID 3 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {301e780e-c5e4-44b8-870f-261607406468} 708 "\\.\pipe\gecko-crash-server-pipe.708" 2932 d62b58 tab
    3⤵
    PID:1188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.5.990686443\1729734500" -childID 4 -isForBrowser -prefsHandle 3596 -prefMapHandle 3600 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc35d1ab-a185-435f-84ba-553192d769c7} 708 "\\.\pipe\gecko-crash-server-pipe.708" 3580 1e355358 tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.6.151681238\1252134772" -childID 5 -isForBrowser -prefsHandle 3552 -prefMapHandle 3580 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5689a465-5e8a-4cfa-b6b3-0eb936d81e71} 708 "\\.\pipe\gecko-crash-server-pipe.708" 3796 1e387a58 tab
    3⤵
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.7.403555025\940463084" -childID 6 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ce3b297-f0bb-4687-82bf-9f9e4b83bf60} 708 "\\.\pipe\gecko-crash-server-pipe.708" 3880 1e387d58 tab
    3⤵
    PID:2144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.8.701845075\896422041" -childID 7 -isForBrowser -prefsHandle 4576 -prefMapHandle 4580 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3387241-f342-4113-a2f5-e296789bd06c} 708 "\\.\pipe\gecko-crash-server-pipe.708" 4568 d63258 tab
    3⤵
    PID:2648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.9.38016640\2029371586" -childID 8 -isForBrowser -prefsHandle 1084 -prefMapHandle 2588 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e0718c-90e4-4e17-9613-235f3c34c903} 708 "\\.\pipe\gecko-crash-server-pipe.708" 3392 1b74f258 tab
    3⤵
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.10.1658625293\257439069" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 3076 -prefsLen 26426 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db3c67e4-39b6-4356-a3cf-91dd79fca3c8} 708 "\\.\pipe\gecko-crash-server-pipe.708" 1928 d65058 rdd
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.11.2030929693\1725894616" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3856 -prefMapHandle 3796 -prefsLen 26691 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2fcbc03-58c4-4141-a910-47df1155d74d} 708 "\\.\pipe\gecko-crash-server-pipe.708" 8668 23af7a58 utility
    3⤵
    PID:3560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="708.12.1936819919\276763177" -childID 9 -isForBrowser -prefsHandle 8416 -prefMapHandle 8440 -prefsLen 26691 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ed6963-b95d-4ba4-ad1a-2b91e94fa863} 708 "\\.\pipe\gecko-crash-server-pipe.708" 8444 1ad2c258 tab
    3⤵
    PID:4028

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\308A63F550E52F137EC4A3D3C1A34793F761DFE9

Filesize
49KB

MD5
c5da9921d74c0c404d0b5283c2b6d094

SHA1
901b48ae622305b55fef02823565b6e382088679

SHA256
65f8e59a7250726e5b8a43b36faa37b6ed5361ac0336d63e63d69792669cff27

SHA512
1cd94882dd391bff122379f39c016290c7cc02ac1cea012a36d7c92f770f64b629b206d2f7e4a7168b6c306930ddd189fdda6813f724066152890c98a1791116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup.zip

Filesize
4KB

MD5
8f09880436e2d5218370bdffe4430d77

SHA1
e9ec604b1cefa128d7b611d88b665f079dce2b24

SHA256
2e51701c2ae78af7f1ff4d2aed64148e19d138c36c4096cae67c638e642e054e

SHA512
7990c6a2efeed4bf57812434d79f0ef968e06a460f28cd23c407f8bbb2a0f84de17309c9acd02e97dc503bb25294f39ad877a69b1f1baddef4d54c0f3f783981

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCAA6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
e264e4f6c920cb5713e16b7ee7a02e4d

SHA1
1af130684f04c65ef26271aad6758e0780cb9e1f

SHA256
ed2b41780e61e3e5acf1523553f7ee77f69482ca02e6a4c095e5c7abc5eb9115

SHA512
2541a69d2c83d32338d1a7e714994f6083e2be134f6a039f36930c42df5c291c8a3fc29bb152a76e10de42a2132c25081fda3b7b2de6ae5e6345c1947a7e35a2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
23ec9647b5fbb010c9dd2c41143111b3

SHA1
f9cd0539d44c79ece75ccbec860637ec635634d8

SHA256
4897b3930216363ecf01ff60610d01f60581fcfd66b35a0f174f07c84eed27eb

SHA512
5cb839fb6faf45d80f9eb30d09978860e76af86950137297e966c77f7f150743d360364ebb86962422aee675ac4313b9af7821b72af78584cd55b26b44f58907

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
7d3f25d62d6b121dc644c5c8b346b369

SHA1
aa24e0b255cab692486d95f6938dcf746f0af2d1

SHA256
32874cc791c3d75056e14318126e5a828865ae445816b6d2fd5bfe71e40d47a9

SHA512
a8fac8f408e7479d4243ac1a48cb012ae4eff4f372f3cf5850be5d73c337a6eb2817ed816ca90b7048be831e7fd16e9842d546604a036cc3e5a41a3bfc55a6d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\bookmarkbackups\bookmarks-2024-06-03_11_bSPMuI1K73vkg1GmMbRYjg==.jsonlz4

Filesize
946B

MD5
9e0ef04191b2863f97aa67606f3941c6

SHA1
a7e0e21b8812d02ac8eeceb78bce273d0ff48fdf

SHA256
e79f516add33ccf3e5989ab59fb531d9f1456eeef2d288469c7aa83430343f30

SHA512
ee060e70f2c12d0ac7d8134d1f35a936d3996f433d8f83c9ae48189a9882d228d5f0ac8747681225b2a176094dd11c91259e60e48f9d67fddab314845c3130a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
14ccfb738cc0d26b827a362c81abc682

SHA1
99a86fd87fb6705d451ab2d629eefa162ea776c1

SHA256
750d38e2a2d3c1fcf10894ed13b6bd282f351c4cd19f0e0794d5ae34b8c3dd12

SHA512
3d41748b96facd72854524a26aeb122b7889891c06f250465ec6fbbd78f65726c064f50d8c1284af80b67d487e18120aebfe1622f95f491572528c8b4b0fa010

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\d0689d4d-3804-4a21-b09f-93f1d7823d75

Filesize
13KB

MD5
e0d6cd78071d75e994393f115f5744c1

SHA1
0e14dde441151e21d81b8d4d77ea38ca423ffcc2

SHA256
3b4f3a22dfbddbbf4e43cf55e8c360bca0dc01680f64ffbc32d0b26f2aec1438

SHA512
026cf4dfa2fa45bf7663dc5d78228014de21473917164d882914b919f3434318a0da5afc5d40955b9b64003f1ebaf81203a6b1e8e6384a9d5c8556ef36e13faf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\e39e324b-d352-484e-a999-470e470dea98

Filesize
745B

MD5
35ca98e731de0de039f69aaa587a3af1

SHA1
ebfddd0280e736ff4ffb4ae7812a7e77b250fc8a

SHA256
b2d8cbb694884819d03a3ce41ca3e0f4efb2e45d63bca984e4663d9b4cf268bc

SHA512
268be082e9b998c8d35ce4ea5844ca2f9c8269e475e4e520a1003a3d69d3cd047a6f2f6cc9c636c7491ddbe107e9fe55da3f87aee438db2ebaf19e58eea222da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\logins.json

Filesize
661B

MD5
79e88fe68c687860e21bfe7f94adffea

SHA1
ed985cb7d85c9402dcfd2bb31025399a42f62d19

SHA256
445d2d72d22447519f70a07fd7bd55d5e9d113520b5a106b5654c10bbdbde740

SHA512
70683e7f544222c90b7242527c8681dcfac401cf5aca130b136ce8edba1e51dd5f207c3a1dbd972c256eac13d015e454a0492d95eb63214d976a277bfb732992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

Filesize
7KB

MD5
56e05b508658d128c594a7cc69ecae9d

SHA1
92d98fc94aefeff85b6128e93d97d9ade8fdbe74

SHA256
f6f11dfa5607d2197fbb6a8ac6c995cd0dc38fc86169230d815afcf0b120a6f7

SHA512
bd410f179ff77e7e85d42178399ba7d481993f89157a47ec64ed7e79c4a5adc02d9608c6065e93a3b4b6801cdd967236161ea8f4ed755f2fba6a1fc1258cf6f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

Filesize
6KB

MD5
f580375d4ae9ac84e632a87f07a776ea

SHA1
4ab61140c866169a154bd93f64daaed195af114a

SHA256
efebe88978f780f165ba836370778ef3077b1247370201107b383b5ce40336fd

SHA512
40ce17a0277f8fdd40aa518d1f15231dee1f7ec6d60227b9f0cbb9804b5a21d67b33e799038f956ea7b8d50c87cd3d9bb98c05b3620bef8f898a9e9c5accdda6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

Filesize
7KB

MD5
89f8efbe9c92648ececa83d3cec0c4ef

SHA1
c0c4e6a003d34b6256696ec342319ecf76ed2f26

SHA256
b1acc175d266c703368d71a9f60cc3b9d028a4ee947f2d44051b469444858772

SHA512
f7c16c17930dda757d5ff4987f830d08964ada61787cb39953c6d673a992cb75dba53970922d0f56bb4d12d8524e67fafc17d7bb39b680e1d351452f7838802d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

Filesize
6KB

MD5
d72eb5a13d50944a4dfa72078f12e5d7

SHA1
11d2990c5df2c4fa88ffbff44d79388b04029274

SHA256
ce3072a0820e26ca5614ccf0c9437311e2ab779d3e522e9d17910770632b4218

SHA512
8ad04b8a1abf8d01fb244000de5ad104c910d89063205e552d4b1baa70c9af41673bcbe091296fcc63ce6753b0eb0f627c69f06247f16a387d798b7e981d30d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs.js

Filesize
7KB

MD5
06fde12c4ce2a76c01f848f440a79b3f

SHA1
a1c78451c9a99dd1c8bff0d7ee769133f64bb771

SHA256
49b4b86f43672f1fc90b3c6a2e0d047f9e94452374ae2b87e8bebd2ed185e0b7

SHA512
ce82232672db33c70eb8ae309f66e9cc2eb509696dddba3a6b7369de15841f7b3a9095f6c7bd1f879ca4af347350d09b1c5b58b31b355f99883d0f3bd366ded2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0e548f1bf44bb9f4319dd6cf3975992e

SHA1
276781fa985987f6ab371e229afb26277d93b5f8

SHA256
0b7a0324a8b4de0ed859d822c3dc176f550d4e21f9ec0c7163ea5118ed4006cc

SHA512
368dd595e1b366b7a9081bf0cccc2d2657e13e5b1bb00311f6966516c5bc478dea6fc8a228b84d82012a9aea81aa1232a78cf29ca7d79fd4cb4a33030779c59c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
ed5dc515bc05e47ab1685a12f3662fe6

SHA1
7f872b680953086117bb56fa6e59ae9b8ad95ad7

SHA256
d6faf02f97bb0ab628b918e1ddc8488c53cdeaf0c4a2af908cf68ce9f9a55768

SHA512
0719af930ff6f0fa9aa31e8b597a4243a08d0f0e38c89cf307e85ee89e27d9c0b39f0d7fa342b9746e4a80784bae14250f20f5d665fb21ef35fb16fe67c4aaa4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7ea8f5db527f44fd279b78f0d10ca57c

SHA1
bd33f5575c9a7f7f0bc725a0efcd64216fbba951

SHA256
9382fbd4ef40245914049714c8d0b384ed994b3f2ef4774b91dd9476eb4457f1

SHA512
8f5aa620472433b2ca7e7ab51aee3ecdeb1156f2dda34d043f000c4b6ff8c6ace02d7c0693a8bbbe3e5f3c6fd55321c28ed640b304c24656fa4e956658f0d00a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
df3d91fb6dfe6d5ad5c839f4daca5846

SHA1
fdda3d077f17b1e15f3cdd5fc13e6b7c24008ba7

SHA256
71be839e5ac5add709722c6e91249ac4555975e42ccd98e2ed1f9ec8d70f46fc

SHA512
934b945637476a6c4bf978bbc4dc32ce731f1914dae35733f457c31d840786e083af6ab2917fb5b25c8a26b8e6a624ccccf01112cf7df757b9810a48cb44e317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++drive.google.com\cache\.padding

Filesize
8B

MD5
1b629c98d5372ec452442ca7fe12327d

SHA1
9cf8fd0fb7fd3b29cf9c80c83537557ae422a945

SHA256
718876e16e20b93277c13799280ec45b6f9cd73f41c89d9befbe709454422780

SHA512
520e24d29e8b9b5ead0041bf41f643a6ebd5743c146a6d54a1673758decb7e087d2e546a2ac15d3251124bac52fa6d032eeda761334abdab0d1e48462dfc7262

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++drive.google.com\cache\morgue\114\{7c165722-c5da-4ce4-baec-14e8c0bea172}.final

Filesize
3KB

MD5
2ff226bcb10b49e4419267a36e8f6364

SHA1
1983ece345592035a42cc901024078c7e0207e07

SHA256
35e1e0c0cadd29b6a8b18888eb3b94ef04f82b898326f0134fe6a54466322ce6

SHA512
671887d8ca746903bf5d2005b0811bfcd41b4cccdde69eff1fec9e3529c245883e99141b1eedf57c62bc7ca06efe54eb6bb428b38bc8a2300e05895ccbcecc95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++drive.google.com\cache\morgue\53\{12879eb8-dcaf-430d-9564-4b39547a8335}.final

Filesize
469B

MD5
a6482eb77cac80176c0378f4423378b9

SHA1
aedf23c042a3e4efbe88000e011fb3f7287dbd57

SHA256
e0095211660d38eda42a54df62c90cef6d8ea0cab5e9d5bf763cdf79783d5812

SHA512
7bf91bfb6e2e57f18a208512f346d6a2ed037824d1f605bb01b0538486531725452cdd398792369ae58ecb97e747132cb55525f319b2fc08f111ed9f9f36135e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\default\https+++drive.google.com\idb\4041069256GsoDoegvlierD.sqlite

Filesize
136KB

MD5
166bed858711a9b50644e6004d918e79

SHA1
8df4f259c660cf63ec5d32f7f9797dc561261651

SHA256
3a82c2dc5c4aed90424965cbee786251695c14a7bb070dc873231cf0beb928d7

SHA512
dab2c58a84a0d7c3ea5ea3d1e43493abaab53e98613edccbc9855015a07ff6da7295aed158b3361d12d552bfc131f71f8a6661f6e2cb6dd0a2f273b2e2a0bf5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
84915a4201d8a8e0564944a76ad800b0

SHA1
898b5b1061e0ab66aaf128107f8ebe071214eae1

SHA256
8fa1acacc57ac6b358b867004a18c6e99ac57069dd50b618689c3c2304ca1a95

SHA512
fbc253aefd6b8977297a5823e6736b68c64b45f0c9c0f4c344d23977ee31e6d798b197ceb4ed2d4dbe7392dc9459b5a8eb3fd20b4d87217f32b755c4afd03a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\targeting.snapshot.json

Filesize
3KB

MD5
72620ab2483d72f1ae488e3c9a450d04

SHA1
06f70ddc8fda13e0e04ed8076b493477b0aabbf9

SHA256
262a6e701595eb74f37862f76dc1e410b8adb4c52984562a77dc287369d7ad0c

SHA512
bdfaee78a303a20770ea5039851896ae032302208321cbb925d9ee4754e36b1ec183ea1df09d7732edfd02973d006e8556f692b9987e7a4303913adcdeb70ae7

Download Submit
\??\PIPE\samr

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3276-570-0x0000000000FF0000-0x0000000000FFA000-memory.dmp

Filesize
40KB

Download