hxxps://untitled-goose-game[.]fr[.]download[.]it/

Analysis

max time kernel
273s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://untitled-goose-game.fr.download.it/

Score

6^/10

steam phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
55	static.download.it
56	static.download.it
57	static.download.it
133	download.it
134	download.it
52	static.download.it
132	download.it
135	download.it
54	static.download.it

Detected potential entity reuse from brand STEAM.
phishing steam

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	244	firefox.exe
Token: SeDebugPrivilege	244	firefox.exe
Token: SeDebugPrivilege	244	firefox.exe
Token: SeDebugPrivilege	244	firefox.exe
Token: SeDebugPrivilege	244	firefox.exe
Token: SeDebugPrivilege	244	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe
244	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 3824 wrote to memory of 244	3824	firefox.exe	82
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4948	244	firefox.exe	83
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84
PID 244 wrote to memory of 4712	244	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://untitled-goose-game.fr.download.it/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://untitled-goose-game.fr.download.it/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16514619-bd60-479d-a1a3-a86496b55185} 244 "\\.\pipe\gecko-crash-server-pipe.244" gpu
    3⤵
    PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aebaad17-7f94-4202-ab2b-3a115f861b1c} 244 "\\.\pipe\gecko-crash-server-pipe.244" socket
    3⤵
    PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 3048 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fffd7026-7ebf-4a21-9341-da9e41e666a8} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3728 -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 2704 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44b196ae-246c-4516-9649-c0bf0bd3bc1a} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4488 -prefMapHandle 4484 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ceb25ec-e4b3-4380-84fd-eee096cf031b} 244 "\\.\pipe\gecko-crash-server-pipe.244" utility
    3⤵
    - Checks processor information in registry
    PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5368 -childID 3 -isForBrowser -prefsHandle 4384 -prefMapHandle 4776 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad6a46a3-d77c-4b53-9092-6efaa157e6f5} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:3064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 4380 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc53d4c4-72d8-4fc8-9cb4-0c8bc5552103} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:4952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5728 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a91cdaee-0d93-4b36-b764-2a94ff5917ca} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:3180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -childID 6 -isForBrowser -prefsHandle 5756 -prefMapHandle 5760 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0a3f29-a27a-4933-bc08-ec3420fcc98f} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6844 -childID 7 -isForBrowser -prefsHandle 6848 -prefMapHandle 6504 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc598965-b8c9-4200-9e13-7964ae2d5270} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:2472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7036 -childID 8 -isForBrowser -prefsHandle 7040 -prefMapHandle 7044 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a62118-6ebd-4656-a3f0-68e5f0eecfaf} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7220 -childID 9 -isForBrowser -prefsHandle 7228 -prefMapHandle 7232 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d35cdf86-0aee-4ac7-aa55-24b0d4993ad2} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 10 -isForBrowser -prefsHandle 7020 -prefMapHandle 7512 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c10c311-e6dd-4189-b018-12f56f804d6d} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7472 -childID 11 -isForBrowser -prefsHandle 7568 -prefMapHandle 6784 -prefsLen 27220 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a22337dc-c815-4019-a00c-aac7bd33b304} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:2612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7268 -parentBuildID 20240401114208 -prefsHandle 6096 -prefMapHandle 6256 -prefsLen 33385 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd3cb3d-1a1c-4a59-b854-64d2624486a7} 244 "\\.\pipe\gecko-crash-server-pipe.244" rdd
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7260 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6440 -prefMapHandle 7536 -prefsLen 33385 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf4f6d9b-ce82-4a79-8612-b68bc1d63547} 244 "\\.\pipe\gecko-crash-server-pipe.244" utility
    3⤵
    - Checks processor information in registry
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7704 -childID 12 -isForBrowser -prefsHandle 7220 -prefMapHandle 7652 -prefsLen 27307 -prefMapSize 244658 -jsInitHandle 1144 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e00108f6-2a8f-4a45-9147-8fb8bb894434} 244 "\\.\pipe\gecko-crash-server-pipe.244" tab
    3⤵
    PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
6a68f5052db97dcd1bc34be9d0061002

SHA1
4a491895be98ea371e252ca44641bcee83143a50

SHA256
23704362db7ffeb01bf08c170c03ea97c3a4f56d6dee414aa446cefbb56bf199

SHA512
d546f78ba94397cf62b18cb555b483f9784a74acff58a67c4d86cc68611613a81064ed14906f9dc2c11fb1e1b777a4e141eb2619d2edc52883ec16232bbbea86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\000B57582A68C57E43A2DBD167C3419A456C4075

Filesize
44KB

MD5
f1a5960df51f727fe0424ffb45d8e1ae

SHA1
fccc39096a078817b62d0e44044a4800b2a35b17

SHA256
58316452c53a28c90faf0d66de65fd7111974c4d4ecdddb8289f103aca1dd079

SHA512
19501f1af4606f51383065b5fa1474d0bb7d2ac4c631494d7e91b82b3b9d7a15480cbd62f95cbf1b241cf90334807b95751fcb4089b0dc1349344cc46d681022

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\0A31601C0441A95865E355E4B5AB812BA877D55F

Filesize
13KB

MD5
82568403196f9bc2213812ed94b22519

SHA1
99bb8a6a4b76780cca0fa04fde6fe985a0a1e6cc

SHA256
c4b3c74c60deeffa8020d62a89a2ed707246ec4ec43875b2d35b264a00ce6241

SHA512
628bafd1630fcec5486a6fd7c885df3b9c55b96ee44799e915b3d216a4941ae86000b12f69e0d0e70aabf34ba81475f0b01e9c70d32cc2e0d7e42980c1cb49ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\0E62E1DF5C743A7105D8C8417F9C29954509369B

Filesize
1.1MB

MD5
d7d18ca14187b8f8b79029a6c1955605

SHA1
c5829ac11ce7f5ee7db7923a72e31784b5f1bf21

SHA256
19c98a2ef4e6716dae8b90485e9c5ad93c3d2f1e24f14b840c72fcba94607476

SHA512
2a42ea2dfff14a1c153db8dda1ff5f6f009710159e7b602b7009ecb37d3f31233b4998c752a02f1ba74fa5bf40996de4ac3c21f491dfb76baf5fd41a45b8b724

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\13114BF074938F07D4A07ED95F8DA7391D637D4A

Filesize
13KB

MD5
0869e4fbb2db44934cf1bc68c2246880

SHA1
5cb9b4e8af0ee24bf1de0d5e13b60dbdb34e564c

SHA256
c3644c04bc49e9fe17cc4d7992093b4aeb1949786824065a22886d2b73b99b22

SHA512
95da192f6f822afd4f487647769954e8c5199b2d6cf30735e561391d8a381a9d38660a71f7638b3427a53849b8a14d87a4feb1c7b65bb0fdf2bef5881d86dcab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\2D429557BFC7699D4F0FA8A4C8414E6FF516E4EF

Filesize
121KB

MD5
6ae60c34738b1881549afd880ebae952

SHA1
3455e090a3bb0432b764ee9a06673d433740b033

SHA256
bbffc63e8cd1a47cedb63e07579b63dcac447a53db058525a22583f3aa91a654

SHA512
474060cfb9076aa73032af62e5e92f44973d42cd057cafe053f023b3b5521a1d578ca79d60cec16cc781e94f8089811e9e8fc77647eee524ff243fa44c5f2fde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\7144D418C7F17422DB77D8975F130B4A0028B0BF

Filesize
12KB

MD5
9e52f1faa9d87cbc3c3844deb2f7d6c6

SHA1
7119f233f9557cf1acd7ebcc0491b7253ef61fa2

SHA256
0b6e7030a1e825c4d5ce77adf9e7a8b07c4957e189f1373721656b0af64cfb9d

SHA512
33abc500a1a4f40f7a68dc681035bdd421085a590405d3cd51eea37f666320ac965ea56d7948ad641b70f8eee4a79de7a5155c5e76dbf7add4b0c60a2d6a0e15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\93396E35310F4D9A5A9C553420F524F7E8475DF0

Filesize
214KB

MD5
64dd9bfa1d00f0cf651dfb7f51e78540

SHA1
e2330482715705bead668fdde921af3a07225e02

SHA256
e226955ddd3bae2393b0cf93d10335dd0bddebd131843ef2f68b76fbc0ade380

SHA512
df6eb09a4aea870898c1129f1ecb8a55201d39071c107e0a004419436760b0c1dd09ca620db1acd8b54a4e8e8fa301d72a6933f74ebab43f584dce374c3e325a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\98A05B4B1538AD629FDA4027E18F666FC4D6FA7D

Filesize
15KB

MD5
c513b9186c63ed4037e5003241acbc82

SHA1
2b6b1c2d5a53f9b2076e2ce0cd0436ba7290bacb

SHA256
78e12dc81ee5bb3722892b177f870be8f85df52eef450f77bacd125ea45a19bf

SHA512
9717e65563542c93ffe411d1282aa2631cb5c83b18add965c08e303cab39208df9a3267eb71601990cdfd49ea95f8e4e1927080d06df2544260f6e3f2dc4f620

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\A4D93D5445C1D2223AF69FB9AC4E8D750C847234

Filesize
120KB

MD5
b76e8b31d1af67de69c63fb4f6ac50c7

SHA1
7cbe2cd04d4e10baa4c8dc31caa1141295792e1a

SHA256
37ee0d1529f4513b0f63cc1b8758763a82a6ddb50acadcdc130f5ff7cc6ee520

SHA512
b3da74ffa9f47aef6220f81f0291ba0b170c8b5e9f7a68118b6d275b836aa612648eb9e3ac8fd6fdff8d156fd7dd8c726b907ba46417b4053e83d7a1884759fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\ACE082132FB1C183B4A0FEB740D3178FF00E3B16

Filesize
29KB

MD5
d7ec4615e4efb19be773074e3e6af6d4

SHA1
bc1750e4ce5a43ff9ed0e75812bfad0c229f566f

SHA256
2f67ab2f933f9bb186e8b457459d711fd3d0a17ea7fb3486c3321c78e3495974

SHA512
c1b7e10f83bd34cfa1b3d1eb4a2911726e00f644e6b904056a6227996f52a08e728e3a98713bed0deb75a974ee8f13b9043fd02df015f00f404458c444ddbe46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\CB5D7E15F2CB594CCACC62633702D044CD7929EF

Filesize
54KB

MD5
c3a5364044c9a40daab9db6db8934c12

SHA1
782140f40e14b299eedcd8030df30b2e9cc13041

SHA256
a7b640caa9da56006d39b4e6f5d2c93e6fc7dd1513399cddae19b9d9b2271147

SHA512
6b0c409c4b77e2a7bc11118338c66ff12b7bbf38fd996320674749cf1f11e23cf7baf79cceae2791bf08f58e886430e96df2dcfcb36baa6a430f75ca93bb8c1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\cache2\entries\CE12C58A0221655339A2D8512FEE97A1EF33DAC8

Filesize
90KB

MD5
652b446552b2e66c4fd5235c46aa4dfa

SHA1
b9e08498f1dd87fab21b6e9bac92e33aef0fde31

SHA256
b757acd3fe41267e3f5efa01464e59126f44caded06ca4efb527d7d21ca0f06d

SHA512
4c743765eb95afdf90fc0d2a448c6310bdfdf5ed189c2ea9bbbf1e07950eba4a1480006b45ee0229a48669c399a3f96225cbc6b7d67958a288d4fe6e36eae7cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7fmsgkth.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PEN6EXOZN2KOR4THDF5O.temp

Filesize
15KB

MD5
61becd8e6254f95b88a1614a73778772

SHA1
3fc60881c645520f0d220c14741af5d7e7d4e7d5

SHA256
673ab352d8a01303d90e9ad613c72ac53f99d557e951bb099828d10b96c411ee

SHA512
c23a9324655b83028bd1d10d1127515292390c83504f31415830f7b56b979367619dc9b1c6ab6193b7bc4efc2796ed3eef8aab38e66dbfd3e421ef18fdf3b3d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
31KB

MD5
4289beb58ce7255d16cdea872ae9e4e9

SHA1
54df7d758a4acd64ac2e371d99c52ce327fcdc20

SHA256
30d04782246b64b72a175b97fd47057b9dbf84656447a1e25809e97cbbf878c9

SHA512
a4d074ff04d35a91eb901bf998305375728ac45b0ee657b900e90e09ad35b38e313784e07738b993490cce22ed94238c727752278c4aae04befe5acb55309642

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
6KB

MD5
50668fb5b1853abe68e3129a4ec07759

SHA1
622df679b708a4b8cd0636a49e5f0f957d297441

SHA256
06c6b037d465840a6a01a27dfee64d1b654e9fa5c7c4f73d4f9ac2389aa7cc38

SHA512
59d39f45762384ae03f9f184a2cf298de17de0addef5c99613be744ebd1ff83bd69804431b4758c9f00e6ddae025c34fb6cfb40e67bd31d4d2ad1bf9b4c99ece

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
7KB

MD5
416c62c2865094c64444b84b079e9b94

SHA1
51c27e3f8a5c1d733681b389488387c82428ac55

SHA256
ebf617cf6c30d4b737e45c4890be65fe9fe116adb149508c213496810a7e0603

SHA512
4dd649aba06edc8b2b1b19a810db13e3cacddbcf465914babd0c47a9d7dd7a768eaf1f660aadac78857ee8ab46932f4c9fb52e5234547d8df18c0a16c7c16cca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
13KB

MD5
593b06902f070a3e1bc0d76fe3cea20a

SHA1
24c19763280dee2d2ca6f92a62cc205680ae913b

SHA256
b9c7daf45c4cbed0723f883accae7ee5e85e40ea17aff82cb962a5123bf03154

SHA512
f882bcba136eaae01bfef239122f573c66a0d713ddc8bdd47674fc7fd2a7fcf2ba2e8bdca01a32ea30edc2079bd3034e96834707b91bc6af66cf9dc29898e8c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
28KB

MD5
23228efff1aea84613a1724385969631

SHA1
862c6520cd0668c2cf4aa5ce7f508dee28d0147e

SHA256
6a73754ddd3a9ec44a874d181a4dd279ecb617a1385e81e9f86c62b7ba9afbe1

SHA512
22e6f79bc4fd75ae01297370c582f12308a24c570a7d17c2798942cfab11afa4cecfd91a0b867118c49eef4a62f7e3757a2c17252fcc02a35715d6d2d73bdd1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\AlternateServices.bin

Filesize
28KB

MD5
edc2272c3608545531c74cb574dd9d4f

SHA1
23bd44cf27a3ea27211b3c70e10581ce49859ff3

SHA256
f302a2f3d107849bb4278eb8a6a39cd4533a43d79c4090490fced8dba52099d5

SHA512
b72bf5a04dd49bf7aacbfbb0dcfa77f09b1e4b50511330b99ae820579ec975aa4a957a0659120e62a059b4de3fea6a15a431ce68d4e9cd2195fed11ac32ec495

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\bookmarkbackups\bookmarks-2025-01-04_11_8b5xwA3e+tTFYcTOOMYAkg==.jsonlz4

Filesize
1003B

MD5
4bd6ab0cf5a3088eb3b35b17269b174e

SHA1
27181bb2365d763490f1a986b6b3c458a494bb06

SHA256
12d44135129d8c80baabed5173ff1252788879e8082591b3c6ffbc5ee7adaa05

SHA512
d2366d02c4fe4f19afb33d7feea89e275b189948b4845b6d6b1f52beb2616ff1e15abb7c13ea95d097822db960b8870e7f73c9848dadb3362c18d6fd5984add9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
8df3c4d619e7a0af09d33514620bfa7a

SHA1
9d3499a27404df64e61ed48f94547f83778f4540

SHA256
03ea20abb82b0214d285488a810fd1e8931d4f754cad4930822181b0c1c7bf24

SHA512
064967dfe755833786849f37da3314038bd614eb0000ecc088c7d1abb1c28a89416d50cf13af8c478c98a6a9931224aeb878000a7f05b9414f6a6d057afac357

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
1f7306c43d0176cd507cd4bf3d43591b

SHA1
6fdd13dcb0d285d69068f8dbaf567b857d9b05f6

SHA256
7931717f848071dac416ee93c2d8bc572b13e5795458480fb2643ec6f1db5f4a

SHA512
2f872b4d89e706df66ff0f60ae0930302b234107ff82518d552eb320255e18ca80b01ff012d65b3120f1acdacbb7bc99a48513362f6ca6af3ffd944b961c9bc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\db\data.safe.tmp

Filesize
42KB

MD5
ffbef438897ba012e7a165318811adf4

SHA1
587ec0544864f171cc7a9ca309e2d7430a98cf33

SHA256
a3a737cedf1b226d0b4c2c60395449d8a0ed453ae5805e5d55877cfd5926dbc8

SHA512
b8e3f46e22b80f9d34c8f272d01f751ed64a7b2bf9a14011b1e5cc6bc42fdae3c9852a0850bb55efb3d692d633cf69e691fd48642751354860495ed0d144a658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\0a495c37-1c88-4724-82f1-728c0ebb6089

Filesize
982B

MD5
288ef210f41383dad698e249bf645955

SHA1
600b54e82b58c97a73052dcc06b5f6b81d20bb00

SHA256
3ebe0a42b2e5436ee032915b9d29bd68620b489e3091ba95845ff0cb36c32dbf

SHA512
a25331b1e7a45948201b321d54bcdff7846936e74ef29d537d178f4ace2612429511664178fbb0c8c10706fe4e558bae4f430b519f34e6393e2f76249bfd537a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\datareporting\glean\pending_pings\cc7ff456-35b3-4bfe-a8ed-d243f5e765d6

Filesize
659B

MD5
7de512eb822bb12993c07bbda06180db

SHA1
7fc24b0c935b990e3b46c47b4dea257aeaa44f41

SHA256
3e7bbf088dff5622e43d5820d35e39f346c578dff3062a63f9cb39074c7bbf8b

SHA512
a2340c99ea700f54285b4c0e5dee749f439f136ec01b69836b7a579280f3f6dbef0ad31b2b152fcef7edb61b9657e33a6d591abeb9542a695a4cd20dead806d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
10KB

MD5
ec5e243cf53a2811bad1ec939b542048

SHA1
33fc3d363ae11c499adcb64006c5f7cfdbaeb6fc

SHA256
c2eb0a30cb98c750e7c84d451e681288cac766de8405dd1fcb76287602b6250e

SHA512
da9be9bbf7ca1b4e283d2c72817cd4b82310889b42143a8dc10fb21ff07dfd03a1d8fcfc438043bea5715a927007b1e98db967dfdc7f6172204b9a9f49e3e7e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs-1.js

Filesize
10KB

MD5
3f134e7256fce1e887133a07683a220e

SHA1
438190c29110dba168e56d54cf210b17bf14662e

SHA256
ac98b779379041add250519d79b8dd3f7dde6a6e7f693c0a5b97d74c0e87c834

SHA512
c428b0019c631246877c33e7244586165f15a82fcc8e262f43a7230b70560c7bd2e0384b8b89cde123ce10537aa05a32f3342fee6014dddde0e3e7ecc83ae2cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
10KB

MD5
ae81b255a56c5e071fe6e1a283288603

SHA1
2fb44ad60b55e66f10b7e916fd911f362e1701d8

SHA256
16976e26e252296a500ad146ea14938f7e917c4d88da402a5be0089a367c463e

SHA512
989cf460b077a26193b29c75225f31d1f0b81ea24c77f0096409d33a4afc56b75d72c609e32746193aeabdad09a6c8db8d6a3a444b47602e84b028742c8c57e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\prefs.js

Filesize
12KB

MD5
d5c36d678eed55cc8d93eeb7e5ebe739

SHA1
6a9188ebea365c6b03573f99dff7839d2f0164b7

SHA256
35671f120a14deea4919fb2dfdd0a1868aa18f1c64cce7b168c1a34073026120

SHA512
8d860e0fa4d5b69d6cefbb81d6a4b57ffd5c5c4c32c53bb31825f92556b27e9f52ebd1babe8701d4d44e4b4a3bcd628a852072d6682ee4d793152c98243141fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
5711fe13a5c716e8ed3d2bbb1fe663f2

SHA1
2d08ea4b119c6cf66d7ee74405feaee2a8d24757

SHA256
d6c8cf63ab371dc79cbe61626474e10d1475881bd45c70c0181a962ce52dd2b3

SHA512
d1e8caa531ed9bf5a7d49b4d226bf51dcfc5a4e2fb953fe32cd59befeacda32992eb70df05d9ddfea94e5ab272354474f32b9fd5124155f079f67e939e7c9a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
7b07eb880a06623665fa460527d41f78

SHA1
a1abd56a74367f4955f0701ef28fca1d111dd322

SHA256
8600517a9df31df3689923f6c88b393735162a54e5b6c85df7da867bb0461d0e

SHA512
0ddcdcd60993e2dc2f81de837777d414174271d613ea6aba7a27a90512d4538660fa59d50648f6dc66b4cdec9d106343fd8ec017c5c72ee51f8634542a45b1c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7fmsgkth.default-release\sessionstore-backups\recovery.baklz4

Filesize
43KB

MD5
036c66ab58700beacd2350b2562aa535

SHA1
9d9a5c363e9550764d04435276a20363dee67117

SHA256
55360ae57c69f8d096601fee08122198a9dee5748781c04c86d254a72b04ce40

SHA512
3db0f79577642f33fbd36e3239d848f55c0ae5966a27e40ac39b7f1fe358522df0a732b5390287460fa9a307a4f03bb32c40de5baad098d6b7b3b655eeaafaeb

Download Submit