1f85431909b4ee610e5ec588f83c1f14526c0d92e85bff011c64ecf608b239b1

Analysis

max time kernel
28s
max time network
161s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01/07/2024, 00:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RAGEPluginHook.exe
Size

10.1MB
MD5

4c87b28c74d56ca170012cc49c8e2683
SHA1

31a1e99a038ca204d6367843b6e478f6035c61f6
SHA256

1f85431909b4ee610e5ec588f83c1f14526c0d92e85bff011c64ecf608b239b1
SHA512

af491551cfb4cf32965a23b17fb6e14e4e179bdf19e6b6260fa9fa03e1bda749a877008e2af8a90a693906118091ee4d994a238d24b6674b574efac188883e77
SSDEEP

196608:ZdmQ/v7kS7524LPq8+usGXJTxUmCwKIxW19DEpGqG+4zTItznvTBn:7mQ/voSvD+uF9XClyCpEpGP+STs79

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4176	firefox.exe
Token: SeDebugPrivilege	4176	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4176	firefox.exe
4176	firefox.exe
4176	firefox.exe
4176	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4176	firefox.exe
4176	firefox.exe
4176	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4176	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 5004 wrote to memory of 4176	5004	firefox.exe	79
PID 4176 wrote to memory of 4532	4176	firefox.exe	80
PID 4176 wrote to memory of 4532	4176	firefox.exe	80
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 2548	4176	firefox.exe	81
PID 4176 wrote to memory of 912	4176	firefox.exe	82
PID 4176 wrote to memory of 912	4176	firefox.exe	82
PID 4176 wrote to memory of 912	4176	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RAGEPluginHook.exe
"C:\Users\Admin\AppData\Local\Temp\RAGEPluginHook.exe"
1⤵
PID:4592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.0.1402744791\1428915485" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9196186a-3157-40d6-97ee-86933e6449d7} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 1796 25d172d3e58 gpu
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.1.1456038734\1291024347" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdcce8df-39a8-423e-9f08-fe518673e1a5} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 2152 25d04f72858 socket
    3⤵
    PID:2548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.2.1843268339\1380824992" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3048 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a468cb02-b0a2-402d-98aa-8841586fe2d1} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 2972 25d1725a058 tab
    3⤵
    PID:912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.3.2078179501\428518832" -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3708 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34876e02-5762-4859-9a7e-8763a5dce092} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 3724 25d04f62558 tab
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.4.46644174\1804688536" -childID 3 -isForBrowser -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a3fc003-1c1d-4030-b93d-19d3eec4ccca} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 3232 25d1dcab858 tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.5.141971915\441615253" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4892 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e88b4cc1-fcd0-41f8-9085-cd376c767d06} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 4900 25d1e4a7b58 tab
    3⤵
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.6.1467530187\1528138313" -childID 5 -isForBrowser -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5679a16-8baf-44f0-8483-ef509c39e576} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 4968 25d1eb6b658 tab
    3⤵
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.7.1995284432\1138636683" -childID 6 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f2eb15d-7881-4387-8126-5af134a4166b} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 5140 25d1eb69258 tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.8.721412341\1207132122" -childID 7 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {686c4747-70b8-43ec-ab6c-f6025b5c1323} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 5408 25d1b504758 tab
    3⤵
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.9.258423423\88096571" -childID 8 -isForBrowser -prefsHandle 4724 -prefMapHandle 4064 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9c1aeb3-7774-492c-8c77-0ec5e9cab111} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 3556 25d1f58b758 tab
    3⤵
    PID:4520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.10.647195743\424912129" -childID 9 -isForBrowser -prefsHandle 4852 -prefMapHandle 2652 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0e0e13c-8d2d-44ca-abf0-05d3405a9c26} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 4916 25d1990fa58 tab
    3⤵
    PID:2196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.11.991794246\1023708457" -parentBuildID 20221007134813 -prefsHandle 4808 -prefMapHandle 4916 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37168dab-774e-4808-a7d3-d83294ffd477} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 4184 25d1f718858 rdd
    3⤵
    PID:3436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.12.875302807\788791814" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4896 -prefMapHandle 4924 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bbd286f-befb-401f-8149-e26014b96be9} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 5024 25d1f4f0158 utility
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.13.1407591026\936328098" -childID 10 -isForBrowser -prefsHandle 5952 -prefMapHandle 5948 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abcc8cf2-3256-4f80-8721-2c6957571a8c} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 5964 25d1f7d4658 tab
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.14.1960053396\115511589" -childID 11 -isForBrowser -prefsHandle 5240 -prefMapHandle 5264 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {676d20f7-f72c-406b-86ad-c89237c09086} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 5316 25d1fe5e358 tab
    3⤵
    PID:5724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4176.15.795110362\1952502718" -childID 12 -isForBrowser -prefsHandle 3544 -prefMapHandle 5028 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46ffa57a-fc95-4a6b-a104-8e23b2bca86d} 4176 "\\.\pipe\gecko-crash-server-pipe.4176" 5312 25d1eb2e158 tab
    3⤵
    PID:5880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13600

Filesize
9KB

MD5
c670efcb5fe053bc703843aacfd1e58a

SHA1
b37d132cff89042d9632e8e4928f11802ad28435

SHA256
84e6c20d6fd7329b89ddcb0c2ff37b6b4798c95b348d9259f798eb226e28c37d

SHA512
4b4ce7ec9b89a399697bbc978d7288eb50d618bf2cdb6600da0649ebde87deca9e5c44bfc5a05f637e8c32d01c18185eb706e00af61de6121d8303de0048d551

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5855

Filesize
18KB

MD5
7b71242627ecf3e0eaf3c2b66de7226a

SHA1
d103faa5c9f67d7d359f6cbd0a4d6466d07add00

SHA256
e1c7f8ae8ef0af44a809b0968dc2b7d07d9f5d3a1d496a0ec4353ee16f7a2183

SHA512
1e935bd1d3a3f6dc1e76e17b733d9403291f5a3693fd806a68eb6e63fe22cb00feea919ba4102412f8bd9cfc335d5ee1bec7001299ff76aa9e745b7cb2c397bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\974

Filesize
8KB

MD5
0e23c3e1f5b19757819d221475f67826

SHA1
ceb9f10eac68b860ae796f50794e88e0804dec8e

SHA256
9bf7722134baf888640beee9d6d8ca40aa48b610e5b07bc1e0ec5991790766eb

SHA512
44ff62543db9021a0de47d286117a73eaf8725a0a5b9da707f4aeb808bfd2344d19845beaac66a1c31d6371bf1c3c128d97c1725170809f5f81fee8441813602

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C6A6389A9162CEB2E1F41436B370871FECA58F75

Filesize
60KB

MD5
651bef6d4eaea039a51c1ce52c542eca

SHA1
382257df24a4ddfd159b9f830b0191e0385b6d9c

SHA256
c4b4219c98ae83d8a03dc6cc35923c12dc228791516694e322fe94f62aeec61e

SHA512
419ee0179567334e978a7bff6e4eff8b7fc861736b0cfd5f2a5421e1c7f4741a192f62209845630edb184c952fd8aa6657d384651a5e095c029a4fd2810225de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
37e16945ed52d9ed64d0a475dcfc49ab

SHA1
d9b9e0c61c92b9af53f9b8509cad352f90584069

SHA256
d87bbc72a5ed58aec8a84397a09675cbce7490ea0918a77aedce70f5acb3d9c3

SHA512
816e64ce2b5ba0e8bb13a6a9fc16cd30dac50a30cbe25044846658ca4089eabcaa714ebf76a861c859c1d8e775ce9d13f7f76dfed33735e1a9f7d5dc1856fa6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\e4423e89-3fce-4baa-9a5a-8c8d90330bdb

Filesize
734B

MD5
af48fda13d00eaaedea8d95116ee4f2b

SHA1
e0f34c48c5271a9ba68f40789b12ebadfcade76d

SHA256
6bac683cf9adcc73e6c3dc12ff13474dc1108f4e210a7bfabed010f6e8f21c01

SHA512
814d790aa2351fa368a7ad8e97ee8abd0e95b4d555dd22df17232e92475d474ed87a10c84eb07ec51d03cffecaa97899b55e50a862562e46a2d84dda00ae18dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
dfb62bfc2394ad2ba933c6d034a96234

SHA1
bf8c132b26cc02952af20238feb954f86003fa55

SHA256
f8a3f70e3cdba8ca5da8b77900930a31982bc8d074d852ed68ffeb293ad4cfcb

SHA512
79631cea3f6feeac9c55d1a470e36d7d87ba2f433e94cac2ab0623a8ca23ab0def136a1a82e7973e7537fe656b08ab9c6e9c24fb3d761dabf8f86305069905a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
22431206d648a51272c24d89a9f26e2a

SHA1
6df7c1cb5e960dd2b11ac65ac2e54a1e58c55c4b

SHA256
d61fa24fc5b51669b2f7da79237db468131753c95e0f324c4fdae6fea76f8b3d

SHA512
637ccb915e4ef5df329df198fd185dbcf4e62e4e01dd072ebf2ab08d89632ca1d5796fa4d856f08686cdcf55f12628f3c964b5a82c3a9479cc9c1ba01e336210

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
44b6b8a0423fe6336761751ce7241ffe

SHA1
fbdca21902add190050e4a0d550005eb64557ea9

SHA256
41c8c7b2ae2910ce0b6aa56433ddb6691866bbfe7347e2d1e1cc6c3cad869ecb

SHA512
7bc80f0e5cc9942c60e46c2dee543ef0bd4a484b1f56239f3162fddc8fc22bcc0d7aa7cb3dfc5540b421cc4a6b85bc143149b086158362e3ded2bf73d8a02e88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
dc79fd3ef8b4de698b7e0b3aee6063d1

SHA1
e4fc95485115e92935844bfdfbdb901cbdb6c5b4

SHA256
1770c4040e0b50d8178f8e44ef2a5faaaa757357df345c4d7588406887810621

SHA512
1576721f0f215751311887af1991590009512db2476715e66efeac04a23edbb25ec8442ff344e78ad7f2849b0a5d892d4b0e2c0a4ac578aad4c38028d39edad0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
d41a0d3bd774b8c3276b391363790244

SHA1
891f4cca2ada94d341f7760c39c70dbfadf8a265

SHA256
d9c65f7f530aa9e0c6ae53e72c05ae8c21edeea70cb60a2b9b128a75af668e0c

SHA512
fdeb1bdf3ec6a52d71f0a36d9452ad6fc7b6283d0d81fc2317eba2dff03fc2ad98fd9703c49c15612ec25708f4107adc80054e4af337b33df2fa0f66a60e8939

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6f286b7a985c4b7170bbe6baaf810f0d

SHA1
e0487b4a15000216a08a3c75825abbccbca6c41c

SHA256
6a6a7be832accddf42d613f56ac01da5f29c581df4f53599de7d28ab57bbfe36

SHA512
6ff3a3ff97d6f90f6dcc5aa03a6550002f8002d69639cce976aa1d7e743ee8626f232e450429104dc12f27d2c67ab0317fdfcd91ffb5dfbfd5c89c30956887f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
975795f38d76c52659ee6127e9060e27

SHA1
f0bc90c655527c7d9656b570fa7f20097fc2cf65

SHA256
8d1b8983caf07498a185af933a52ff6891668d67bbea79ac2a197cff50bb8c1d

SHA512
fb2f131ee9483b015eb315d1996d2471838687babdac72bd2c4e1ae45198f47ca3071dab2a5855f0babaf433144256f039626104738daee617ce71ac98a42efb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c646fbbb81eb81c7e20601cd33c098ca

SHA1
ab0f549d87cc8f2f49d3bdc271e185cff0a5fd97

SHA256
1d0adc3291407b7b47e3aa347e181731036211e137feb6dae0238de1093aa93d

SHA512
06734c0aef4fbf073f7a3be638fbd464d04c9703bd515c135776f52ae65bb34fb58df985037ebcbf007314c22685d453de3f91198c829352e37f6f04eb5e7eee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
cf22f511a00a409249102e094263b919

SHA1
21aa772a41385febd17bd46818cc49eb8d69bb6d

SHA256
d20c92fd61b4ac816756d9fbbb53e54996bc877057d294bb51ddeb7dfb419c8e

SHA512
476b3a5a7bd166a5829a0dce710e79df1d7fc417e8824166d8c69b630b9b1778524da8f722ec4bb3daaec026b198c59363282d3d9d2ba91d8cb3a947930b2533

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c21772a724333ae8e6b1c31eee0a613f

SHA1
0dd1de5a41c8ad4b5571d7cc18452720317702ae

SHA256
5f7a2a01aaaeeaed4d045c3735fd26970973384a724b628f166d540ddfc10810

SHA512
6a7e30d00f12404e35bb8a91e185c7e26ec987096b4389c514291d3c7478144a9d3d4d0a607b1a9d01f698c97e3c677e34aba9af1535d49357110c68eb03f17d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2de845cd72b36995aad25aca322c7354

SHA1
7072220ff4af4de5fc3b6d8f7c47c06d6d2e4997

SHA256
0f83733dc833819002b005693316f7b8416159443d2be56b87a4605cc63b9a47

SHA512
2f76976070b65b6c15b5fd9652360cd1f8551b6e0258b693b0bfb0450f202fdc99afdbefe205de23464e5e68a568b35de53020ac26e35c00b499069bc36bae87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com\cache\morgue\15\{2f00f2c3-d923-4377-aac3-4959336eef0f}.final

Filesize
78KB

MD5
dbb60e0bdbe732f96cbcc4231882a525

SHA1
0dd3a292c363e36b49308f752853653c2ef90c63

SHA256
5896fe22baa869ecb6bc5b41b586e7d44502a0683aa4af514a99f32077ba90f7

SHA512
9306159f9c73afae946860984315bd9ee976b864412411039c261d8e298102dd56010217b67301bb71e73e35332d55240ea8a19b5478ffb008b4aa0da1fd8779

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com\cache\morgue\210\{7b0512e5-6bf7-45a5-b6cb-98a8a92245d2}.final

Filesize
4KB

MD5
b12b5ef131defbc1867c1dcb43da98e7

SHA1
249a5c1ca816fe8f18f054bef20f63f88b1d9f64

SHA256
bd4a982dd660399b9bef0776601ecefe47312154dee503b35c70a954d74beb38

SHA512
f481c2913184de12fbf276656a3f34b4fb7405c714d254b7b73284d9ece868baca471a13305dff5187bebda61575d9f6cc10b412c664ece3f17e9f47276771cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com\cache\morgue\241\{d19041df-f55a-481e-bd12-6775465758f1}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com\idb\1041510589yCt7-%iCt7-%ree1sep2o.sqlite

Filesize
48KB

MD5
b66fb13a66bcd2c78ece1074cc4d8566

SHA1
cd1e3a50663a887ad6b69fef80e819843db1a827

SHA256
6ddffe2a9d0f32e43571842ac82a22c2f46c15ee8367ef1b3c2a6c00e54953da

SHA512
41d490a19ad6113dbfd6a56cd7b9001bcad14f53592ae27d36aefc1ca6f64dc92352c894a7b88995292263b2b577d5b1e7520d235a6eeb4a2cd0df33fb576aa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
memory/4592-3-0x00007FF995070000-0x00007FF995A5C000-memory.dmp

Filesize
9.9MB

Download
memory/4592-2-0x0000024A2D570000-0x0000024A2EF3E000-memory.dmp

Filesize
25.8MB

Download
memory/4592-4-0x0000024A14AB0000-0x0000024A14B28000-memory.dmp

Filesize
480KB

Download
memory/4592-0-0x00007FF995073000-0x00007FF995074000-memory.dmp

Filesize
4KB

Download
memory/4592-1-0x0000024A123D0000-0x0000024A12D52000-memory.dmp

Filesize
9.5MB

Download
memory/4592-5-0x00007FF995070000-0x00007FF995A5C000-memory.dmp

Filesize
9.9MB

Download