44caliber | 8160930de4b082c7f57d69f9d5cbe8f820d9054f20b4b11bacbd318cdd4b6552

Analysis

max time kernel
255s
max time network
293s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2025, 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Insidious.exe
Size

303KB
MD5

c43ddb1e9fd0b8f0c9c641dac61602f1
SHA1

b2da3dda97fb4d3244c8c29613b1cd36bec3b694
SHA256

8160930de4b082c7f57d69f9d5cbe8f820d9054f20b4b11bacbd318cdd4b6552
SHA512

ec26ab1b75a99d5bf05191d74aa688fce7689f4929f1da297693035fdaf4bd74aa43126e70fb93612a5e0c5e720213bf6d8c6d9906ff038827f8283ad3381064
SSDEEP

6144:hXt3T6MDdbICydeBimcmXKhJUPawkmA1D04+g:hXttpcmXKnUSJ1DCg

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1359941830325833781/Ee-iVoBJXHU7iXknLWKE1DQbAdhfEQ1EBs0-nU-V0FMyVWSdYMlkvENsrU--COpQB_Al

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
44Caliber family
44caliber
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	freegeoip.app
2	freegeoip.app

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4239789418-2672923313-1754393631-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4444	Insidious.exe
4444	Insidious.exe
4444	Insidious.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4444	Insidious.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4344	firefox.exe
6260	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 2644 wrote to memory of 4344	2644	firefox.exe	86
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5912	4344	firefox.exe	87
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88
PID 4344 wrote to memory of 5724	4344	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Insidious.exe
"C:\Users\Admin\AppData\Local\Temp\Insidious.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4444

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Drops desktop.ini file(s)
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1968 -prefsLen 27097 -prefMapHandle 1972 -prefMapSize 270331 -ipcHandle 2060 -initialChannelId {7fc525ad-a7cf-4025-a531-b0107def80e6} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:5912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2412 -prefsLen 27133 -prefMapHandle 2416 -prefMapSize 270331 -ipcHandle 2436 -initialChannelId {c043f63e-1916-45ac-9f57-ff6f11367f36} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:5724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3828 -prefsLen 27274 -prefMapHandle 3832 -prefMapSize 270331 -jsInitHandle 3836 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3844 -initialChannelId {bef4a5ca-54e0-4b32-971d-8611c526cb27} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:5740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4020 -prefsLen 27274 -prefMapHandle 4024 -prefMapSize 270331 -ipcHandle 4104 -initialChannelId {e03af928-c6f8-48c6-9737-3ff2d6905d8d} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1572 -prefsLen 34773 -prefMapHandle 3348 -prefMapSize 270331 -jsInitHandle 3336 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3136 -initialChannelId {128719c4-12d1-4eec-a3f5-3c592358be8b} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:1908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4992 -prefsLen 34929 -prefMapHandle 4996 -prefMapSize 270331 -ipcHandle 4916 -initialChannelId {7e52c415-5772-4f89-8ffe-b94aa0dfee6e} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4960 -prefsLen 32871 -prefMapHandle 5608 -prefMapSize 270331 -jsInitHandle 5612 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5620 -initialChannelId {b40411a4-9254-48c4-b726-106d42b5652d} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5792 -prefsLen 32871 -prefMapHandle 5796 -prefMapSize 270331 -jsInitHandle 5800 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5808 -initialChannelId {ad39b81b-9427-424d-9741-ae3db6a0aca6} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:1164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5980 -prefsLen 32871 -prefMapHandle 5984 -prefMapSize 270331 -jsInitHandle 5988 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5996 -initialChannelId {24e08351-6948-426b-80eb-d56d42331617} -parentPid 4344 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4344" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:2752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1896

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6260

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
c535dd04ee7a05b2a92471909d055189

SHA1
bd4e29b13ebfbb8ebec31dbba98ecc4117f10e34

SHA256
2c36a117020860023f1da0c53b2f137f0d773ab9f575bf02cf3af06b7cd6f18a

SHA512
be4e92ff4f18cf5ebefb5e832f891eec251c4e8485697b0771aafa3904a6f53bfdd2a3d467e644a705008ed00e8b5bbe09c3ddd24d6866ff26c178c63272b20a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
1b305123029aa650eb8f28a51521641b

SHA1
dd5bae0f737c6bd165f184f257009693a97ef5f1

SHA256
900c359aea1bf803fa2ea66c0d5877dce2c9b5a77c6c2d49aafd9917978474af

SHA512
e846eb1072ab729ab9315057ac579c992598b27a1af59519e9673b7c54689cc3722b7e9602d97379a901e9baec3d1e1f90c21e4a1442a44996911250a845acf4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\2d518ed2-aa2f-4ed5-87e5-d3dde8d76b30.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
42443383f62b4750f5e4077aaddacb6e

SHA1
c3311fdca3d0fad525f1f3bdf2816e8b2d9e0241

SHA256
b4f6bed52b8b56e5480846fb48fc25b03e024bdb96888e9b1e2b5c2bd56cad06

SHA512
2e4a12c65c46a6c24cc1bbd5c91ed96acbd1a5b47661bec32b7fe556cb52084ecb3122f079768dfabc75c2738b0c1f9a600c40c3e00c304d66223a2403892643

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
24KB

MD5
e7e18cfc1d9e536faebe167b2c15b299

SHA1
911f0bb79fc64c482613b723421fcb2c8689d022

SHA256
89030c4a1c78ff197092b529f8710a701bc70fc02a3de9bd375e6d336dad6ed1

SHA512
c338473f5ee75faaf8b210958d38daa6265468b3f65af80179aab99f620d4f111fc397c1f4a893134d0a4b99f62ae86246101879b44a52f4051c9ef1a0dcb91e

Download Submit
C:\Users\Admin\AppData\Local\Temp\65aba545-b2f5-48ab-b00e-ef05e64550b9.zip

Filesize
3.7MB

MD5
a01ab98e8e492a94bda40436e9f4ab29

SHA1
2c708ca98a781f2a25c3d9d6180f6841d0e4a036

SHA256
1a7e28993f226d933f911079c897e57fa40da4bdb246eef9040c920e2fe471bf

SHA512
6ee7de21ee2b5e48ce744a63cc487eccf62f291aef5f5acf63e1f6ce0dd72308003a4ac118b58fc7791a853708f2d44b4473047731fbe42900d9f01f25d4e672

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
f02145f18b7ed37432eea35c36ce535f

SHA1
3fd9839d68aa4bd8ab14351e3279504c9f315ad9

SHA256
9d8a491717ed0bcbdf66b620b095a1918abe0b2c24ee70958ba1d72ab01ff248

SHA512
f9e54f351c2a3be8183f5f9e7481318439c16667e66362e2ed6a1de9385bdbebbc3fac3e0979d7fdcca8d9aeda3c93abd42202130b7526effd628677e5290ada

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
32KB

MD5
43f992b5c7b5fa7090e3e018a47bf87f

SHA1
c1b349f36662eacaf6ff6219b90e636d1f5aa6d3

SHA256
0ae072631493c18933e89fce0c09a964a4082343687534b52d5b11ebb0a6fbaf

SHA512
e0effc6edb884a0a4996cb88a1d9f3d2c0501e41ab7e052c0e461b5cb14c8d5df010c69bd1468ff97d9fea47d665cfc3337471ba4beb3dff83cff4f964d87b8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
32KB

MD5
cf9efc4c462987bf1371fe3e411e47e7

SHA1
3522ffeddfafcb250edd3559eed8cb26cabdf963

SHA256
9cac753b1ebe89e1f0d75b3206501c4d86f88843875d7a9abc1f52a1963c32a5

SHA512
324cd6dcd1bc10b5ff6a63141198c61c55b8efa8a901479c9654f91e10d2161efb6ad058db5e218f64c2ebdaab0879e518adc1b19b03cb3e8325b0f69bae5d8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
29ad1e42ba919bad97503bb5440a8724

SHA1
8a1d20522b20c76ff8955b133c191f2d1ec98551

SHA256
a5df548e731a24a6782fc24e18c0ed868625d4d5dec151078acc34e13f6a0aa3

SHA512
a14338a4b360fa362a1c3cec49e8a125e2342c76afe7b3c16bec17cdac58607088d0fa91f7d8988bb872194b8d6e4d6e9e07ec0e892cc9a3057346fca4b27e6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\pending_pings\0cc638b6-58b2-4f24-acde-e42232cd9f50

Filesize
2KB

MD5
7efd9aa63ad5615d2fa53e8411872aaf

SHA1
53dbe4862db6bb795d868efe763acdf518b2b5bd

SHA256
16cfb634807eb76e881431136a6e9d96462f98162f4b41fac3889e6d22acbe7b

SHA512
4129e6495c848d9b29b6e538bba1342a642f0e0ba88e2d37b025c133137d6273ad00853fdfc05543e38cb034ee5f391c27ac494942a83294a66df75df83ad4b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\pending_pings\33053da3-0518-4ac3-9712-57629898f68a

Filesize
235B

MD5
a68d126c200183ca6c038f214c868ed7

SHA1
1b8b9f7c4320912e7c817d5245824ba9b3be693d

SHA256
5673b503be268cdd848b6e39d6d8fc7a1f009b86dcc95a0a451591916bb0482e

SHA512
1d5257b52927ecda3c2f10753488c713cc1a7e6803b3ef2c68b0f9586f8d6dad155170a92cc782b776a9a2f8f261cef2c8c303e36eced7a8b7c85076fe04ad4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\pending_pings\51d5e921-5d75-44d5-9358-63c0a1071704

Filesize
235B

MD5
c638c9e2d2196976fe3cfc96e6c76632

SHA1
6d562fb2fdf91c086c0f4443e13e8bd389b1e1ee

SHA256
373ddbfb754ab1ef53bb9c7a4862f7234c128bd64df4954c1c9612a13fe8fdca

SHA512
b9765dca872e73aa0e19a11541fbad12a19cfd6ffae1bd7e2a09ce1c28d5d5eda79e3e4069709955609edd10735010d4595567536125599856f121fa06bc40ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\pending_pings\d4f1f2e1-edbc-4715-b2c6-d2bfeac7543f

Filesize
871B

MD5
2c8ccb64f178526389b7b091801da2f2

SHA1
745f017ce2fec9dc6c765a1b7fe149de4e639304

SHA256
6b1056fda5c087f18bb9a299f44a5d56f38e4afd7f97e04f9d1d809708a2fb48

SHA512
13072690673d2a14a1a08f442e1242e05d999e09e94111bdc45787567810bafacd291b8322dcc62693d58bb2f528ff227c1fb7328aa1ba573abe06ed2189b5ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\datareporting\glean\pending_pings\f1e16da8-0baa-4ac3-8715-fe4460e71d49

Filesize
886B

MD5
4c4bdb67e812c08a72f86dd0e756466f

SHA1
8d10047a021f22182624cd2d1224927ebca00baf

SHA256
8b7169b0271ec9a64179d1090b8f6c0f47c8ed3d231532ad5853ca71cdc74e7b

SHA512
0681dfaa4303608c3986dc7b5e77e1659601a4dca5a33178afabcd85dffaaf68776f2384036be0d2bf5c9262ba0be335a873184ef6097d65bf31fcae67da63a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\extensions.json

Filesize
16KB

MD5
bcb9b855d7004226d823d915f274a3da

SHA1
842567f6be5f214d62ca35cb7a41c2530ea66e68

SHA256
dc3f72f050634607e0c8daa239b72575c41aca2b9af611d0246f40dbd613ba4d

SHA512
4ed472240725b463b8ff5161e72e3d93b909cbdbd88e97b4e95c15673a6ad0eacd609e8541f18857904bda34a073b03dcc32c8fe4eb06dc8a27efe2a7f9a2630

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\prefs-1.js

Filesize
6KB

MD5
5a4772acbce0390e47fa3c1a138cf72a

SHA1
4d03b1f3a89af19b45279c3f3aa7c4d250f688e9

SHA256
80118d04cf549e2a6d3164f793e3f39ed4134674a6b8a7b1b79add0d926ac690

SHA512
0d1a00dc113aac3465ef895491c70fdf58b5bab9ddb3ddd7f02249dfd77206b95a0e2825c37b958f9b201ccb30e4699910c882ede25965e8515a25bbce04054d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\prefs-1.js

Filesize
10KB

MD5
efc8c746b86db936f2d7a01ad9fb9455

SHA1
8f4f3872e72f858b681c04be4a16febfef059272

SHA256
6954510987070339ea04600b814aac7bf4b33ad5ca3deca117b5a9d3cc9185f9

SHA512
1fbdeccf69383529d71254bdac6d5d4c453c9bcfb4d505737f6ea66f90969b6b885b8c99f02a5a9260108e4ad57736384c7738e1a5f5fba87f7ab7bbbdedf76a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\prefs.js

Filesize
7KB

MD5
fcb96858775f3e5c732a714498e00f3a

SHA1
bd6e26f2c3271de93d44769181e1e93c1641b953

SHA256
1ff29fd4f1df92a9cfe9ef12eb440b3a1da949c65effdc555d863726a6627bd7

SHA512
419bb6e0ab073176f9703acaf20d9f3f90c2a7a26cd0f46cf96f136f221a8e23a90f9b640059e4b45e6ba553c6a286b5f173df8a4d277c20d984405d22f5bc83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\prefs.js

Filesize
6KB

MD5
d4afea666464140887a5a04f75bc4871

SHA1
db7cd015f5439239bfbf40c4c7a009bf1a2c40d1

SHA256
ccfec3cc6dfae9bfcdfaaf8b041880363a76de4768e452a384059bf363459b0b

SHA512
b891a0dc14211b5db61882f5b78f175a00cce0461934be82bf582c51f101eeb0c0c189c71b7b2b2ec0ffc683e1814629a4c0c13019d66e9dd56b499a92daba70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\prefs.js

Filesize
6KB

MD5
5446b093e5c41e2d28ecb0d4aeffa314

SHA1
c8fe58b1122476f7ff94716cf8d96ccb39ecad89

SHA256
51384049a521d70a882002d143c9fb5b29bf369a81ed2b5c5a936e9227a15051

SHA512
89f3ffe2ed6295145c294234aafb720ee31c8d12ba41235493dd298e5357a8f369498ee9b4d0e891904ab84b2a78ed702ee2e73404993e866dab6944da886f63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
889B

MD5
9a1c2989566db00eb7a6e6d70a0d22c8

SHA1
923af09447dd9a3b95a60913b3030d8efd22c98d

SHA256
44325ad78776ef874b29d7bd2b0cd7aec3b3940adbba278e74cb2c4534619a82

SHA512
ddb7f5c425f47b790d20a05ff164a311c0107986a6bd15be07f1fe3b84c06c78173fb385db077c29ea471b083f13283585c8f9c42653e2ccb87d75470f0b7967

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q7mf4ssi.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
10.7MB

MD5
acfc34a6d7dca4afaffbc78c65106514

SHA1
aea556de3a4aaa087e0db2e73eb4b37b7b02f5de

SHA256
f6bdfdb669b8e1fb8a11f5e9e0d37fce1639a993249b6c932255acf0a667471f

SHA512
db7d63f8fa5a88da8900c23a1abb50485bf5cd2e47af1e289133fe26daa3dfced0c94d7fdbb9fa9eb83bb14c3767b324ad748e1f617acc62b7f2de1b68cbac27

Download Submit
memory/4444-0-0x00007FF98A133000-0x00007FF98A135000-memory.dmp

Filesize
8KB

Download
memory/4444-29-0x00007FF98A130000-0x00007FF98ABF2000-memory.dmp

Filesize
10.8MB

Download
memory/4444-28-0x00007FF98A130000-0x00007FF98ABF2000-memory.dmp

Filesize
10.8MB

Download
memory/4444-1-0x000002E72C2C0000-0x000002E72C312000-memory.dmp

Filesize
328KB

Download