1290948df44efcfc44f75fc4717945c3c14ce87b66dc476bf0a2595e83e6fe39

Resubmissions

21-08-2024 10:47

240821-mvl6sstgng 5

18-08-2024 19:52

18-08-2024 19:49

18-08-2024 19:47

18-08-2024 19:42

18-08-2024 18:53

Analysis

max time kernel
343s
max time network
346s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-08-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Morenos FINAL 5-28-21.pdf
Size

107KB
MD5

449dcc66293d406d6d2123e215121e28
SHA1

e89e93a086ba60df9023151af2d0feccac57529b
SHA256

1290948df44efcfc44f75fc4717945c3c14ce87b66dc476bf0a2595e83e6fe39
SHA512

26b7bb24f437e77168ec01efe58c5e6d229867c8e11d1aabd4c4a2a609afc29e92627ccf5c87b97a68f110cc28667777ad6d6ed483b7326d9c9a84af5785bb05
SSDEEP

3072:x3B1PGaOeIPZwrQOXH93afJ9MVYtB/tVwR8WV:x3B1PtIA93yJJB/QrV

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	137	https://chaturbate.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b6a0d4d2f876301	19

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3648	firefox.exe
Token: SeDebugPrivilege	3648	firefox.exe
Token: 33	6108	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6108	AUDIODG.EXE
Token: SeDebugPrivilege	3648	firefox.exe
Token: SeDebugPrivilege	3648	firefox.exe
Token: SeDebugPrivilege	3648	firefox.exe
Token: SeDebugPrivilege	3648	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2616	AcroRd32.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3648	firefox.exe
3648	firefox.exe
3648	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2616	AcroRd32.exe
2616	AcroRd32.exe
2616	AcroRd32.exe
2616	AcroRd32.exe
3648	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 204	2616	AcroRd32.exe	73
PID 2616 wrote to memory of 204	2616	AcroRd32.exe	73
PID 2616 wrote to memory of 204	2616	AcroRd32.exe	73
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 3736	204	RdrCEF.exe	74
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75
PID 204 wrote to memory of 824	204	RdrCEF.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Morenos FINAL 5-28-21.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:204
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=708856027A2CF4BE1190352040FBB7B6 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=40060AE6F88AF3E8D6DBF85CBC7C7ABD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=40060AE6F88AF3E8D6DBF85CBC7C7ABD --renderer-client-id=2 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6EF0BA7776BD6E3E2862F7A72D6A10C4 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3368
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=080FDCDDFB4C17BF1489384AC4726227 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=080FDCDDFB4C17BF1489384AC4726227 --renderer-client-id=5 --mojo-platform-channel-handle=2008 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2552
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4D80ECA1FE90D1AC3DB2AF7711971F73 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4572
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F05536B0ED2C497508F74D744EDE6027 --mojo-platform-channel-handle=2600 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.0.1753683727\185934021" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {043524ce-1316-42f1-8498-bc3bc92b57e3} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 1812 20b7f1d7758 gpu
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.1.411581962\1215211386" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec39730-a4d5-44a5-91c2-4b1040f1dbf5} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 2168 20b78572858 socket
    3⤵
    - Checks processor information in registry
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.2.1465661253\1292195220" -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 2764 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {008d71c2-1d28-43d8-b6a3-9fc22a199630} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 2776 20b0799d258 tab
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.3.604584113\188624680" -childID 2 -isForBrowser -prefsHandle 3256 -prefMapHandle 1028 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57921169-57b4-4af7-8251-4350f8cf3e54} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 3480 20b087c7a58 tab
    3⤵
    PID:2740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.4.1890646468\1798232618" -childID 3 -isForBrowser -prefsHandle 3940 -prefMapHandle 3936 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a705df49-22fd-4c5b-b34a-d9ce0d69dacb} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 3952 20b08fcfc58 tab
    3⤵
    PID:4700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.5.755155612\68045917" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7625d6c-ca12-47bb-8547-96efe1b3dd91} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 4980 20b07a81858 tab
    3⤵
    PID:168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.6.1923271653\1277457614" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5000 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c463d147-da2a-4c6e-b017-c1152b7c190c} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 4764 20b09dbde58 tab
    3⤵
    PID:1108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.7.1798424339\2046396046" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4ea6b5-05e2-4bf3-a637-420ebe7143f5} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 5156 20b09dbdb58 tab
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.8.223042068\1245166760" -childID 7 -isForBrowser -prefsHandle 5652 -prefMapHandle 4772 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39bd3ff3-f195-4bfa-9add-021615fd1c42} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 4692 20b0bc3ff58 tab
    3⤵
    PID:3832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.9.1384260795\1927740688" -parentBuildID 20221007134813 -prefsHandle 5912 -prefMapHandle 5916 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {529e0fa7-89f2-4912-b409-accf5a452f5a} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 5832 20b0bf06b58 rdd
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.10.448982963\281328132" -childID 8 -isForBrowser -prefsHandle 6100 -prefMapHandle 6108 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1ae2819-75b2-479a-8f67-649fcefc56b8} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 6124 20b0c1bc858 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.11.386507665\1128446884" -childID 9 -isForBrowser -prefsHandle 6212 -prefMapHandle 6216 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {678e7901-080e-4860-a4f7-3aebb28d5864} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 6204 20b0c1ba758 tab
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.12.1839561181\224643316" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4524 -prefMapHandle 4564 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4401286-0897-4b2d-8a06-c790b4614cd0} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 5136 20b0d6c3958 utility
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.13.1580040576\1778761339" -childID 10 -isForBrowser -prefsHandle 10372 -prefMapHandle 10376 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9daec9e9-600e-44fe-8369-66ee58f9931a} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 10364 20b0de19658 tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.14.1699808252\668264323" -childID 11 -isForBrowser -prefsHandle 10244 -prefMapHandle 10236 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {924baa51-ef9d-45e2-869b-91e2c2ae073f} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 10252 20b0de19c58 tab
    3⤵
    PID:528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.15.1561727213\1555783523" -childID 12 -isForBrowser -prefsHandle 10048 -prefMapHandle 10044 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f78f7206-9c15-481f-8b51-2626f8048b88} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 10364 20b0de1a858 tab
    3⤵
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.16.1762353716\290240879" -childID 13 -isForBrowser -prefsHandle 5852 -prefMapHandle 5808 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71674c70-7082-430f-8bd6-5119c9f0440b} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 5856 20b087c6b58 tab
    3⤵
    PID:6024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.17.38684479\642540333" -childID 14 -isForBrowser -prefsHandle 6364 -prefMapHandle 6340 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee9a578-3fad-42e2-a4db-6fc772bd85fb} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 5808 20b0bc3f058 tab
    3⤵
    PID:5348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3648.18.2014475868\809973641" -childID 15 -isForBrowser -prefsHandle 5960 -prefMapHandle 10112 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6d1880-665a-4dfc-b773-f3bad9de1c51} 3648 "\\.\pipe\gecko-crash-server-pipe.3648" 10076 20b0bc40858 tab
    3⤵
    PID:5696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x334
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\10440

Filesize
7KB

MD5
c564a0cb186a46e8180496308110cbe9

SHA1
21d3a4a480d4183967f40bbf33a9327c7bfdbe6f

SHA256
dabdccd0ab7db16c0a5e9bc9733a855d171d2954590128839709b92d203411dc

SHA512
8235121939ab0d1652ecbd999aeb20176c07c6e6a693c8a5b88987dd22092491513c1fddde08b46463f8bfc3ed3dce04b1e548717c47208a04442e44f8a87b62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\11529

Filesize
7KB

MD5
6c519a9b94b2ef1ab2f73994553074b6

SHA1
696eca4fdbadee55de95e6b6c37afb51c07fdfa0

SHA256
417a7ac9d5220c5afaa0842e91c62bf78142bf57b3b4c5c84970d108c0e5b13c

SHA512
32c55c6a09d9cb7884d8c12ba097f2973185017c68e28ffa2ec337b70db449ba5025776c4aa506534c3a819e70db0a7bb8400c9c322725e19a3d468b84d4e57f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\11730

Filesize
7KB

MD5
97ea20816e29ace9569633d0845cc9f7

SHA1
08546de1eadc22700df75fa153cf8fc0196058df

SHA256
94f987adc3299907a07baec133928d464a1c007102d36272df891b39d17e3082

SHA512
4c759cb392beddd8171bb77d99030826259f9d0b66c94b53f5ff84912b540ffdaedd833728ac5abfcecbbdc4a2d10333ea62772730440dfaae611aa0a854f059

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\12065

Filesize
7KB

MD5
b9918409aa7f51a97b827ba9f8974c56

SHA1
d68b9ebdad4f0a05f167135568377417c7a39a00

SHA256
82655d3f5225bc489f244c7fa8e12eda78f2887e82921e8ac1fa093b70cff656

SHA512
e7cf6f74e4d42d5405b41a0faba2161bed826e3c63afe90c24172a46bac265360cdebf5fd1dde760ee8a94eaec18a0bc676f053e30b48bebbc7e436586b37cd6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\14577

Filesize
7KB

MD5
18171594c71585dd184d7dfa881b216d

SHA1
29a95d91ce5dec78e4669579c931029012176383

SHA256
e6a2627c39571f3b32b02290975106f7a042331ff027e212c1c3f76a3b1686e2

SHA512
aad5a6c52cf156cab5232b0c6a1011ab477a1534768159401c43072c3424782e2135bac8fce006a5ccf13152e518a03a3918fdfbff660763bd9ed2b6f68775c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20559

Filesize
7KB

MD5
e2009b72fe893f7d2503d24594f196e7

SHA1
4feffe6b909fda053c2a7e938e9c3d9945fef8a4

SHA256
388de510cfaceaa2d2aaff2ff374c81593356993b4122640dbb47f9a878b3039

SHA512
cecce41ded7e98c84f867addd9d6dfdbe797fcd34db5d37c71265c9c41a54430aad8c8225e45fe8cde41d5106733f5c2f60bb1b9131cbb03e22395dbcdd700b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\20873

Filesize
7KB

MD5
c1adfbeacde498993c194a29592315cb

SHA1
753f41d699de5b5da1361324098b69efa8c45246

SHA256
c14e3e43d29a07e37dad5b135b2de4d3e3606b648fd7e2d47c36cc149c79e7b0

SHA512
e270338a0f2b76743fd30de113ea903e4ddf469efedd7821319818222c6bfb301d0a2f1a2c8a520178887325cb6e830ec6c23e82a5ec37f2d889c60e40911bfe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22051

Filesize
7KB

MD5
3b5994632e9ef55145ec3a5e25783dc0

SHA1
06b4d934f02e46a5613c33d4097ca3cd9bf07935

SHA256
e42ef011f9155782e55a59cc0f08083b59adbfee94ef42c43caf37f140289646

SHA512
bfa55d3a591716df33e33951fd98bd7bfd4f64878570bcdd0fb061debc854c274206a1e24fa342630ee267e76a2564c76c9a0a7716fc46396da0caf16529dc2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22109

Filesize
7KB

MD5
7f19ff9c8f7d60bee88eb4b695a24482

SHA1
a1a5059bf15521a38bbeee94b9ffd8b2de428fd5

SHA256
b5ab3d137f941be7e485c58beff79771c7b01b41d14b721f27d9f9f8e52a9c6f

SHA512
fbe35bb943a215f18af04977b42b5df1402aefd0eb87b407efbc3bc8c1747b5ed0297f2553e94b0278822aff7b16b825d13aefe0dace97aa369413a4c8d193b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\22751

Filesize
7KB

MD5
b76e61ffe135466a3ed56b08aa63b959

SHA1
35bccab6bbf8bb1ce6034f9febfd95b1e570d40b

SHA256
f2ddef06e14c341f9cfa989686a4fd9684a2f0556e9517303ce14dc0eeabba7d

SHA512
5b591716e7977d83569f87e4e12cc796e852177d640a82748820adba3595b2a6fb6859ce1aa569f4967123de2228754531779646228fd19bd5df0de9ecafe34d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\23198

Filesize
7KB

MD5
b8f5d6c3f85d5cf65824f7e7b9cc8559

SHA1
7b091fc424bfd54dfad217a0be1271c8e2cd0b5a

SHA256
6a8e162361112e02da9790abfd6831512f67a7a64525ddf0ebfaaa54a392f39d

SHA512
1d0233089aa30ec0a53b61ec9ee0ff6c6d24ca106a77b0b836faa3af58d71e3e374633249a1780b737a69eea0f8f6abc64c43080960a6f908a412f929229f9c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\27297

Filesize
7KB

MD5
709820a0967005cf175533bf370fdfad

SHA1
a180e29c3f0c86eebab719b4847fadd2cf5fce66

SHA256
bbea7b55454df39c5213b2df8cb4eb7cadba9b65d1e2ec573d6c53854e26520b

SHA512
bf059c59f2c06d43e0a8c29e0becdb373b77bda48ebc460e590e90fe82e0ba780a75ff5020c08bfea3088a2fb2bb5dab16ca30ce602733f7432b58cf442e2717

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\29479

Filesize
7KB

MD5
836875262e57d89221944090f3e19ce4

SHA1
9eb9b2ce3fe9390733f9d486981ab1bc364d79d2

SHA256
7f137c568a79e89ab9c1096041c94072fdd7d880e2698b6c11682b979dedfad3

SHA512
cd4b9a9a7ca68c176eb4eb0b6dd54313cf7d9507adc6cc4374c654a51754eed4dbc2fc6b1a03620b8f9935d3b48471da96353bd7b5ee40badd1494e54da68d82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\30914

Filesize
7KB

MD5
2a565e9d143e94055a99e2694c1a818e

SHA1
82434c1560c1c4db94fa082748b81ef213ea05c5

SHA256
3a8a647917b70bf873f165c047df4047151a65ca97a1471f5a24a77a47696ef0

SHA512
8825e38eb9e0054babd0ac69740ad842b3ccf4150dbdc15869002d4461383e8f60dacb2e7410e478dc84c0ae5a8b00d0664444f8e950a68706ece16b1046e8de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\31702

Filesize
7KB

MD5
76a5bf106d30411b4a464f91d108c105

SHA1
f897e2c049759f9dfc0681cb5f6898b051f4d4d9

SHA256
7c471c28fda69c8122a1cbe251b53e714f55c46ca72c1cbd195a68f3f9395ad2

SHA512
091d28a50c13920a2b08256df0d99f21dbd608e8b9cf6b54d53ad41ea8b4061af083ac737575e080aee02756e509dbd22ba6fdef9fece01664d88b42ddaa5fd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\4829

Filesize
7KB

MD5
0b430eb43f0eabeb118652f7c06abc84

SHA1
9a6226004faaeaf0534c4318b66229533a1d1535

SHA256
536e8f04958cdf5b6233cf66ee005c795766c6fc7ead293fa9a222cb3c351b89

SHA512
fc4833a7e9f3ec191ffb0b08fe1bb5d8edf157c56fab1a7a582cd347377011cd7f6c1eac01328081ab977b1046f5038e9e796fa09c7e3649ead9f69a7b14ad16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\6578

Filesize
7KB

MD5
a53afcea629010d794e2742b327b603c

SHA1
1e5fe51006fe5e361dfd38f9bd9cb597ca5a9a6c

SHA256
8fc87d8f24afbb1d7d6a37c8eeb4c874f6715d2c22911a6b110f129127e70531

SHA512
690f1b34ee9d9fa4d8b6a82269a5352ecdb3fef6470c2f4bafb6ac54d95112dffad11e2571765436f5b73c9387654f1cfedddee77bdcdecbf957a68ca9f55174

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\925

Filesize
7KB

MD5
906f24a49e46a5216c431c7a9aaf67fc

SHA1
415d63f377e7e2785c06a0073214ddcf3e8bec89

SHA256
5ec1ff09a845e1a3f9555144437d20a43cff07adc0c2db7aab4a33a522ec651c

SHA512
2a429f8abd1178d93bd6a38912a4a445779436d32a1db45a0d1e06872d7c6e0ba7cae86e63fdf7e71d38cce7eb6eab05bf3fe125cdc0ab151dc74d310f5519b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\9425

Filesize
7KB

MD5
4bc2f77c86d47f1d99107607f8d8f1c7

SHA1
e33f66b168a924b4e56876d7776edb33252deabc

SHA256
daca6822e8ba56124da98276aa9c9f3b635ae3acbe3986184105747421fbce95

SHA512
b964eada985bdf0289433d18f20b4d78202cc86f0403bf1c67d65154208636c54ffec625bae4ca8e390314c0ad367160833e8996a8d1ee500188c2cecc8652d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0ADADB63FF4347BE8882A41CB30B8960FA6A87C7

Filesize
38KB

MD5
dba0131631074a900e1a7139ba9b270b

SHA1
fc3dd1f02706ff921d23c7f4a928941acf22531a

SHA256
5f45f8fb9335737ec2f85424dddecb9c2765b14f68fa491ff7e2f33886ebec13

SHA512
9411ccee81edf22d3cc6ac576db7b7bcdce23b6e30c7f55de532f05b5d1c05a35135ef68e9df609ab690ec278dd990b44baf5650e0da5f995560cb3551253efb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\0BEAA2C2828F3EA47A4F5D0AB01734702D992874

Filesize
7KB

MD5
376b576356b88f84243843474ceb69c0

SHA1
ae998502eef6b134f656231f2fc6dfdc26d16d86

SHA256
f18243d135d58174319477c6d1022b0e52fa413e557aa1911cbafdd14ff21691

SHA512
99d7b678a51d7a9adcc2503c28f05ea8ffcf8b3a256148e866b63efd52bc9732f0d1437ab80b74f5ed4c590b2ced878b507640ad91c0c6f9f518bde79584e48b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1D1191752EB178092A722D50FC5601FF049E2CC1

Filesize
90KB

MD5
a5a6c9b66128cb43ec4e746dbcd38759

SHA1
1b6326971f6fb876d6ddf05148c16811469ed3fb

SHA256
16c73ea4607e8a96efbac2cf454402ba13c77c2cf3d4bd25b31aa7d9e148c274

SHA512
5a69e74e8535ecff5e598a186c8e92e553b09dd65f238e1bc0feb7fa650c937ebf76d0d37f29f5511e32a931873bd217d46cfee8e6959d52738435c0bb7e2423

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\1DAB4B0385CAC7C6237F95C54B69938732F0A93B

Filesize
431KB

MD5
02c2aa799fc07c0aa94abdfbabfbf0f9

SHA1
4f525f03e060914638f85f2fab569c0e034961d9

SHA256
63bf324e07eb6335affe53fe0c038276c18537215ab41ff320a0037a9d09ccaa

SHA512
d2a370d5ec018348ae06f649dce6a2382dd201e604cefce77dc56ad7869dd24d860c7723490372a845c86903461a9b7153ad7cf6c5e261e7bba03776176d894d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\27F8424B66A3EFF4CBE94BE8FE8260BBC5097900

Filesize
116KB

MD5
c05a42b2934055ee44d8f8babbfbe5b0

SHA1
d9516f0a1056cfa6fe8c91b525e335a8e12fcedf

SHA256
491756cc51c6bcf448a5670c257e384dda67192c6339e2b5303da74905136f44

SHA512
fdcc6f2efcdc044dce4f3661d7d30b3d2bbe86a9daa697b4012a7a795bdd6e386da70c98cda6a4f610d694cf24e2b2a0d6533e2ab645693e8844b2ec952fa4c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\3FE0EBA00A52A4991210B2DD6D0D6BEE4944377C

Filesize
119KB

MD5
2cfee784e11f24403d55f339561f6288

SHA1
a6ea41f09b3a26b4218789a3998bcdfd393568e2

SHA256
378ae0b15e36838a71475b25a715b10df0b02c73775c6467d0afa5a0b878661f

SHA512
20f7055442f820ca3d66c395ab62ec5444b5263e4c48cff03400bd0170154f48bd5cdab4f78d03bb348a3b36efe2edd72578b4a1972c7b833647ab849eeb19d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\42FE0AACBB2BADA17652DE803ED7DFCAC0BFF49E

Filesize
1.3MB

MD5
0ec0f029b8f9f4801e60d553b75a6a10

SHA1
257e52e4edff1c8d6a983caaf56adc84e25ae20e

SHA256
2a4db5d8d8dd6552c62cd8160976c3c05c8d2fbd64ad0e01d6782081ae7b9cba

SHA512
3c28a58230012fbc73e639e5c7ab8991338ca9d8eed6c880ecb824d9e5a2d52288db8e7df0c3e11098e15bfa27e388b239c64e4bafeb0b12cb71f7307757ed49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\535D08385AEA2C1BB9F8B696556943FF03C311E1

Filesize
426KB

MD5
5da7887a31d9a0e01961ff9ac1082cb4

SHA1
e2bca640ccbedc54c8b1457605c2593266c67d76

SHA256
6fe02508ca22a584c99f1403e6877dba62185974292a8910f86a9c120450a1db

SHA512
0212e851bc12baea806a1b3afb07f353e9cc27bd83dce38cfae5a53381258c3c2eb2e252fa4f12966d4c2daa8c478427710716d66b1419f66c485a3ceb127602

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\66AD53E79E3EA1E3C068881B56EF82E511622509

Filesize
110KB

MD5
6cc376f2d1ed65dcf2ce1e8ec11078ab

SHA1
f5355ec55cdb72ed7e815d285f03bfb0740e907a

SHA256
5dd0641e156beed170e507c4d9e9f0ef8552bd2f3a609e71e10dfe01983b2524

SHA512
139a5d7d5aa483d73e54649dfc2621a38208e67f5bd37db99c7912db02f0996e20c6dab7a0f10884ec7cfa142a7c1d778698561c0aa6b9f540d4449eb2785f20

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\680A03775E0E0A7DB9F8E8022B68BB639FC7B76A

Filesize
136KB

MD5
4895684b59150c3dc9e718d82ed56d94

SHA1
dd87925088f8fe9392668dfd0522cce94bf1d2eb

SHA256
75b82696cf5970b9fbe74ded87de5214fd8ccc53575845f02717527e6073c929

SHA512
053ca5901b6d3d96348c627764d1fb56996a8fc933a3eedb24a96f0c65243148947904e5f6a543b92937fbf997e2315f961048110ac74514ade778c0b1397591

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\732F54DD6AA1435688818E0578810188B6D6F89B

Filesize
38KB

MD5
96abc63346931a18216ee5af27219ecc

SHA1
0b2717b07a3269aa94d2195870c93175cd743a45

SHA256
a944ea209d0fd43a6347d3f70a7a37ce4304d034bf8f996e12cb3bc6623e8eb8

SHA512
10b2a72271ba16c940863773258b35bff864ac730bd1f8fbb4af4c627d9eee6cba1e21c591047675d569683b52eb561911fbc7be91fcbe4f31783dd4a4ae2c23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\768F8AA0799AB46DC7C58075132E6C381703E2D4

Filesize
41KB

MD5
23681b883bead8a2585352db10572449

SHA1
a26b1b93933ece4a824b47d9f6efadea5e2a073d

SHA256
2b2f0bc1015d48ce10f3db8ca5fa3992faacd784394518b1c69adae58a26ac98

SHA512
bff3f045c09858c736c36293d208989609be905cb2dea88a2c37ed4ac3052b6964791df772721facaa52ad3a65fa108720096e455a916ad9a736da7de65bfea4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\817B045298C513EB76DA5F17364A7440E0920104

Filesize
93KB

MD5
367c0cf9780ab8670c48e883fc5bd3ac

SHA1
b75abb9e822766f7370d9bf68f0c8e88d074171f

SHA256
555f4558b6acdcfb238b26401d5f3b97707dc101cf822b7220f566fb72acc19a

SHA512
1f877e2fc78318121b3c0293e67c714ee2c9b102f4c5fb35f76db4a0db51a71e5d2054bb22efe84fb2d9e667ff8552d8bb7bc27e5cb98cc9552a394927a831a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\AE82DDAE1D35F439253328F2182BE7B8C43D578D

Filesize
46KB

MD5
5a3abbfca162b043a8dde42c985fd541

SHA1
8b5774850d8064b31e5fd226c9adf577a76c8f7f

SHA256
2327c9b3537e032ab19df8771ee777df529c8c2a74c9a97dbf3b4c8b21b365c7

SHA512
2bd4d3389318483a135943bed1d9f365d72a53bfefe9edb36ffc635be1480e61155ad9d0162f774849a4440170c0e9fd40615fae9e6ca185fabf2539a09477ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\DFC2483588B70269E820B83EFA2710A88E855334

Filesize
1.1MB

MD5
b91afb19753952431d2c2620ec6f20d3

SHA1
3fafeaba3f037dd7bd6cec81c4f9362be179a87d

SHA256
52302610db65a22bccac55bbc3b46e675143cf4cd31ce63a66744007b0d97839

SHA512
902441de1da7207109acea71f69726e8e6feb8ee4a033ceed08364cad1632f0aa1c7ef5ac36aad2ab5bb1ae7fe7dc32089619c6a79ec1134b1c425726d2e4cc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E2A3AF84656E8E43033A35F9BF8BEAD398C52F2A

Filesize
402KB

MD5
42fd1a49d074f69fe2c120eace8055f0

SHA1
79e7ee082e2ae6f05e4c2b9d9fb407465ed8655f

SHA256
5e95316ebf8b3251bda3bb13f998480fe12bdaebf9be66dd1c0d177c9b3a8e79

SHA512
d6b77e0f29568af4fa7406087dc9207c715de8dc439ac967d9e33ef434ee3632f7f78ae65f18e5efd55d6dec8fc5b74793d653e54d98b643f9802f28f5c164b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
40268b6301fc94de1d6e3763533b62aa

SHA1
72aaf40a87d6e7db84cbb972f6b9810c6a588144

SHA256
6c0ea31fa2c2a7dcab37aa23fc2c32e5c5d439bd4c81c1eb6a4ffb253083c2c3

SHA512
89a110a2de4021c247210f1198d1a37d64418665c1d0800db68fbd36303ea06b829b5f0e5e318d9d6d9d7fe8a496a0f444680f444dc3a7e598928cdf48e13383

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
76610435feeb286168226dadea196028

SHA1
b3da8780054dd93b206dda61eb862a9435566e0b

SHA256
feefdc15dc52a343751a66887090c991f404015e4a25a69ebd84e371dcd42999

SHA512
6596f7aed41ad7fa36933f0ad81e9f6584f6bd126ecad203ae87e654b1ca44339ccc7b0988c3e2d2820c791e4c1c01c60c73970ad54ceddaaa68cf849ae85c44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e97cf331c3ef729782959403d45f0713

SHA1
cc38cc7c1007f6f5705b18bbf8cea104ddf26e12

SHA256
5cd36e7b5ade3c3a3ee579af8f436e62c518d85d1d95ed7b77998182eadd8c6b

SHA512
1511b812bc2f02040e7ce5b17b10e5bbb5a1ad108cc2f03279d1bd461c97e2d47fe8797cf827926902d10d3b2dfe464f772fc12aa3d6061f6ebec3e45c98ad72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\7ac1c01f-ea06-41e1-8055-097a9d7b591c

Filesize
855B

MD5
ea76131e3801ec11bf53a585c1e88a9e

SHA1
ad51011185e3c20ee267be68ee2418a3f083ace2

SHA256
cf36900a370dd0f8c15994168cddb98b38120e7001ee3083c47265cf84136e04

SHA512
fcf73bced9ab2c27e508d64f4327561286d938b8668b44eb74200102a6cc09431abda47e0bcb5939de30eabd8d782975dc712312193b7806ee216b2f99f325a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\844a770d-bff9-4400-a3ca-9de1250912fb

Filesize
1KB

MD5
ed17faa1182cda442cf7c39d25196bbb

SHA1
a27247c1403fa2cdd2c434b3d372344c500fdf55

SHA256
07dff222788e4e08267f6553e001f11d78b715cca907311d4e36175200c04f0e

SHA512
01e4ce13a2996bed7d970aa230b372fc1ece68948dce5b276b9bc6f9aebc43f97fa80bcedc7894601f7e591b193e358b27af687e12fe893e47a8f48a197846a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\c8cb404b-fe76-406c-9449-58ab2f30bfda

Filesize
10KB

MD5
1182c64b31170435eddeb6021bc93e8b

SHA1
c4b89f4868bf37486d2ab1a14d02a93859cd4334

SHA256
c86818708f5bb63bb3f4d34cc739676a6ccb61a290e48f3c2ae0b255ecccfbd0

SHA512
d876f22b5f16c72badda0c62453a17dc74f4f37fde67fa20fd1e2fd4d7d189608546c6d2e89a82fe149c74998092d77b51bbfe7a9aa9b828d4a38b8cb0036a93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\e20c8e48-9839-4724-9876-81de2c9af923

Filesize
746B

MD5
2290857664fcc46d99fd4337c9b43f16

SHA1
5867a8d477cabcfef4ce999b8b809f786cba4db9

SHA256
84dbebe0476d02eb1946d4331ef95561461741a9c1ac540342fd71254f892e12

SHA512
5a24f44f787d30ae232dd02383a426707879db6a5f46092e3fa63b43ca38408b9c3ed45486807335a7cb1d26c30c6b11a85acc174cfc0c2b7987887f9e00a9ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
73081972af267650108fe90ecfab155c

SHA1
981975fabf48d8f35388aae9cd45a733a388ae1a

SHA256
643fc6e519512fd1d21b70810a4e562ed36d4893364f72cc9cee9ee4bbd361b4

SHA512
7e6f0faf8d308eedcb924f3249998579df65e5440f28623eef4e02e6da644952acc3515303b43d37a2a415b5233c85d2beff36bae14e74ca6650aecaf2946929

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
712b7e6e99519c7eb97f93e7821d2db7

SHA1
6dc55c0b8128312c6fb5418b4ca2b71e1d4616e0

SHA256
625a5b45375781d80a1534008ac56e8a82a1f8e476595e59722d96c99735d457

SHA512
5a1e6212ea06c942e502c5d6368d2df6fad4d0153a4dcb8bb3369d37c58c4f8c8a2241a460112b5202d9eb28fb140ddb07829b386830837f68d736f32fa6b1c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
badf18a25ea5cd2dae2948c4432365dd

SHA1
3ca4de644abb673425044467bf878c65736f8408

SHA256
d39e133b6133963517f22c9972d594ba43f8e072a1b15de24109315128b1f8a9

SHA512
864057b52539f920d84436ee0a6a32199cd7a05ba08d91b52bd9966e5c72ca6d742d94986f92d638db8aab2f3164f7b980d4fccf89b8e470b484498b1d854ac6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
695996a494f834f9e9736d4de5ac0203

SHA1
4645464ee4fbad8d2d0cc8f6c769745d22ffdc21

SHA256
2678dc0ad59d82f70a74cdceac61bf544b3420b3b6510b29af40048f40cf1904

SHA512
d88196583986549303ef0ab6c02b8a4f0c6265a7d99c05e5cdd18c2d4e9406fa86aab02936154d34aa8fcc4de686b1b2961b0eab43ddd50ffc7466a7e53b475b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
9ca90917182d56823fb7c56db7f2aeef

SHA1
52ca9e5403deee91ade28d08b21cc04b07ff23ba

SHA256
8cf3b8aac9e2dd42fb83d171c7e435bcdbf21856807758afd1b5acbe64e203e7

SHA512
dc29544a05f94a628c067e4bc1972e78fe05d980925f79ce59dd8c126cddf96b82a7cb24d33dff8e2fe8e9db095dc0977bf4f3a2e6c45beb8657aad8f7ebaabd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5205016e5e4269294e0e18fb7760d6a0

SHA1
76b04ee63b866b69102a8e871e9c3d395586e72b

SHA256
146fb90009c216c96045f6700e9f5981f11aae0fe47a924ac48c57cfab96fe6e

SHA512
36d271f67811f8d80d7dfa87eb935941c74a19fa167ec0e92457bbd7942f3130b562fb060222bd66dd46ea027a710e4100c5e7f62a254d9f2d957d8abf2c0c15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d06fa91bef6dc857f2b538089bb36249

SHA1
d67e39af76071f7478b44ff5b693e2e0c292e889

SHA256
ae6a1c1b4a98c2d791cf7b0c64244d80cc9f92ab9f2e6d8c87c8a7c79b9c30d7

SHA512
bb0f4ccf5a3ded87f03408cdfa27e41d022f6947f32a747a103a7cf79780de809ca054a3d691bcce4d64958b4698f63485f47325678236855eb12f5b6db35146

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
9dc06274df7e54e12e273700d1d2d9bc

SHA1
c7bf59fe2fc43ae46a00c13c715aa222d5ac60d7

SHA256
0292fb5b6c88e51a738378e03c52040c8543aeff4af791e8026d137838afe1a4

SHA512
b4db536d0fe1f93dcae8119c18c133c38b070060361ce95a6596335836114a0f17721b1fb33b9515608f4ecefd8872840cba707c7549114edfe6a681e76b8fc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
10370cb1eaa6a3b6a38e72bbcb20160d

SHA1
370476f3fe426679b8bf5952f1fbdc32586ec444

SHA256
3648b6d7fa21853c7eb041df176b16bc292dc88d4c804bf4940dd558f3785418

SHA512
1aaa201a6737c66f1e28a225f28b0b514d55fd01abf53f1ec084efb15986b2fc611280e2533a1ca8518befd08aa0ca1800b0c5fe79a966ec0ae95230682fac72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
8c5e9d856e4e68077bab4656c246219e

SHA1
cbb1a99b1b8d90f8d384ce3290ad54d0c039a06e

SHA256
0f3f5885afa5bff2d7297bea54c4d569c5f45bd3b010eff5c098bd8c181f479e

SHA512
0babe603648356753ffc7d242b3ef870edd588bcc6de66fe9cf6b9819404389e77961d0cb4f0c1ed258c992da52c2228f3a5c60691d612c2ac89d89f4841072f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
17a1d4093f511ea50febee54a48acaf5

SHA1
1bf1d13be8c788d1ef15671b3dc73bf40edfb90c

SHA256
958d06a85dfc1d3f142e33ed830998b72a89a7e276f3b67d27dbbd779a2d9d38

SHA512
cb3c5d238e26242e5e61954a8491cfa8386e9665f4a516b972a4f53a192d7a9337538397904777f5886c8401df6ca092bd8a890a4e3c3b70ede27f5e81a3bf47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
ee03cdde2c15f242629d82494e15e856

SHA1
d8fa9c75aa0ea66cd52f587c7ea365ba54473831

SHA256
419c1271da640514b2656717ff12f9c31bc20ba6350fc0654c31491c83fb462d

SHA512
c1d128e5a7e3466ccc8320ffa6d204d3411a195d3e55817ef43b7bbd450ebe2ee63739a81e23ef44e501d519ea727d8f87c07617a4a68a741e92373fab83fbab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
8d98ad43e7eb8f1550344db58fbe2b13

SHA1
7d3c7d97bde324bf1d3d4b187a224cec1a9c06dd

SHA256
ab3f3881a0413aaa2ffb2a08971d8bcf197676c08b852359e573c6a4f4d03cc0

SHA512
62e6b44f66d9259da63e87893e722f5dc6b9800f71f28e7a086ae44d7bea81e2fbdc36106c424ebcd9dd5c743f5ee81a96eb638e20c96a22b2a8a9cb61be60d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
39afc84f7e1710b433a36d3e008abf63

SHA1
48fe5ba360cea71850f15997c1ccceb29cb4ce2f

SHA256
17f0481977b6d72d4db3ca61f8e5ce5075dc9c93ef5138e49d32701522bec3c1

SHA512
e9ebdab4706e4545ed3499ce8662b0ee05bf0e2240aab1608ebce7e33e2f0153f15a40f9689dc9a2ab59e9dc39aafab6a79cac0b2bd8482324901ee49e9bad69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
01174ed905e1fd815d2f78ec34106eb4

SHA1
6e76f45b7f6a664e04a083527255a93a7ca254fd

SHA256
71a8e3fb0b17c3b1c49bdf8977a168bd8fa1186a85387ff8b69e21c358388439

SHA512
12f23ba518a0472ff6b3d380e8cce5cb33edb6a644e869ccbe4e7258330108d30a9e0213991326fc2913bd1ff805450852e27d695f51bdf23cfab0f22876c41f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
8KB

MD5
eada7d68ad1fb3ea3512839bc3f2499d

SHA1
99fa12e107d55a459512905d86c6dd5b1fefc05f

SHA256
590229e89e0691c443f87a2456b46ba49b489742d5c2840b275b6ba10a1d6979

SHA512
fcc623a45d9379d054e43a541f6b019b81b7cb4ca54d7bb92b6dcc13c39e8d3700df2a9ebc0154cc3d2bd753007d6e4f0d71883b1d33ffbcb90462d5c02bda89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.pornhub.com\cache\morgue\177\{605e170b-6031-420b-9f1d-fc49c59b96b1}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\default\https+++www.pornhub.com\cache\morgue\223\{8e056d12-b5a2-43ce-89d3-4bfd1d26e7df}.final

Filesize
1KB

MD5
932479fe19d996a5e8f139bf51085149

SHA1
da374dfebb658802ee62fc8ec320c3442fc93192

SHA256
c57de29d8406c0e2534d96c4c23199b127d8ee9bb86dce5230bf8157894b4f84

SHA512
ddbc216c01474d8ccc4f73fc78d228e68600b2bc148cdf3b7d12108b9fbdce3f2c91fdddce4841e669b1a2a609a8fae927e2a551efd11877e6513f7849edc05a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a4627d94b477e3f653435fcf27e2663d

SHA1
d5dc31c0165277e469d92453c556786995e2800d

SHA256
7c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69

SHA512
7619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
1a3026eb1687ae8257cee6593045b2cd

SHA1
d8ab5048b565b468809066c53ea6ea29ae7943c3

SHA256
2f73922cdee4f6180b12531ad05cfc1b72a1444eced989d4e52803c78c7b86c7

SHA512
9c0f6e19f80a206ccfd575a06956ef7769caf22bfac753b97bc2d4e96905550c4ea34c654babd6be6c2a9fc8d15f9beabb7df2b7ca42f4650ae8edb5377c24b0

Download Submit