hxxps://anonymfile[.]com/bV34W/free[.]exe

Resubmissions

31-03-2023 15:06

230331-sg741acc3w 1

31-03-2023 14:59

230331-scs5aaag94 8

Analysis

max time kernel
166s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonymfile.com/bV34W/free.exe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

free.exe

pid process

776 free.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

free.exe

description ioc process

File opened for modification \??\PhysicalDrive0 free.exe

pid	process
776	free.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	free.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\free.exe:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\free.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exefree.exe

description	pid	process
Token: SeDebugPrivilege	3692	firefox.exe
Token: SeDebugPrivilege	3692	firefox.exe
Token: SeDebugPrivilege	3692	firefox.exe
Token: SeDebugPrivilege	3692	firefox.exe
Token: SeDebugPrivilege	3692	firefox.exe
Token: SeShutdownPrivilege	776	free.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3692 firefox.exe
3692 firefox.exe
3692 firefox.exe
3692 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3692 firefox.exe
3692 firefox.exe
3692 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

3692 firefox.exe
3692 firefox.exe
3692 firefox.exe
3692 firefox.exe

pid	process
3692	firefox.exe
3692	firefox.exe
3692	firefox.exe
3692	firefox.exe

pid	process
3692	firefox.exe
3692	firefox.exe
3692	firefox.exe

pid	process
3692	firefox.exe
3692	firefox.exe
3692	firefox.exe
3692	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 4680 wrote to memory of 3692	4680	firefox.exe	firefox.exe
PID 3692 wrote to memory of 3608	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 3608	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4604	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4892	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4892	3692	firefox.exe	firefox.exe
PID 3692 wrote to memory of 4892	3692	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://anonymfile.com/bV34W/free.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:4680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://anonymfile.com/bV34W/free.exe
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.0.1820389094\1984301727" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8434bf3b-a425-4bcf-af60-6606e7b3b28a} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 1920 20daf1ecb58 gpu
3⤵
PID:3608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.1.327266390\498535788" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {353727d0-5b72-47aa-b339-57ae1d0029fd} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 2416 20da2271358 socket
3⤵
- Checks processor information in registry
PID:4604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.2.125518612\302661494" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3116 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0581a76-6330-40da-9ae8-c223db853dd6} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 3168 20db2ff6558 tab
3⤵
PID:4892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.3.412148708\729414360" -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 4004 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc51065-5cbb-42aa-876a-81002d0d8c7b} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 4020 20db4248558 tab
3⤵
PID:1004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.6.2084575630\118686456" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4836 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d588a19c-2b5a-448f-a016-3e1fac88d281} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 5048 20db5afcf58 tab
3⤵
PID:4044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.5.1233520996\1146747686" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4804 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49e63402-199f-41b1-b56b-4e01df415c21} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 4836 20db5afde58 tab
3⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.4.801290068\2111269471" -childID 3 -isForBrowser -prefsHandle 4788 -prefMapHandle 4736 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebe1ae4e-1ed8-4c0a-b166-36536d767c17} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 4812 20db5afc358 tab
3⤵
PID:1876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.7.1252269509\2110590920" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5824 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b923ce20-b73e-4929-b3a2-70d05f9c6d83} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 5840 20db1c82e58 tab
3⤵
PID:3780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.8.495706628\1446755762" -childID 7 -isForBrowser -prefsHandle 5180 -prefMapHandle 5152 -prefsLen 27116 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9b0ab42-b179-41c4-965a-65919205afc0} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 5480 20db5323958 tab
3⤵
PID:1968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.9.1258332926\922564527" -childID 8 -isForBrowser -prefsHandle 6020 -prefMapHandle 5468 -prefsLen 27116 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd06c28b-4f23-4915-983a-6395283f1b29} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 2892 20db5afb758 tab
3⤵
PID:796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.10.1791882886\2070333988" -childID 9 -isForBrowser -prefsHandle 4796 -prefMapHandle 4748 -prefsLen 27252 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a4b1c38-f365-4c3f-9bb4-1b82ad07b407} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 5840 20da2271658 tab
3⤵
PID:2272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.11.375823524\493964074" -childID 10 -isForBrowser -prefsHandle 4892 -prefMapHandle 5140 -prefsLen 27252 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ada8aa10-b05d-48a8-8fe8-e3231c89d20d} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 4868 20daf10d158 tab
3⤵
PID:2936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.12.1633792984\1094694792" -childID 11 -isForBrowser -prefsHandle 5036 -prefMapHandle 5008 -prefsLen 27252 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5d01f7f-6a34-4f73-85fb-60514455e39a} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 4984 20db4059a58 tab
3⤵
PID:2380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.13.303420653\1910925851" -childID 12 -isForBrowser -prefsHandle 5912 -prefMapHandle 5924 -prefsLen 27252 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2669a02-fcf7-471e-8a36-51702468f3c0} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 2208 20db405a058 tab
3⤵
PID:2324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3692.14.1340084131\1296461919" -childID 13 -isForBrowser -prefsHandle 4772 -prefMapHandle 5916 -prefsLen 27252 -prefMapSize 232675 -jsInitHandle 1484 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {615b50ed-a817-40bc-a717-825bd4aea5bc} 3692 "\\.\pipe\gecko-crash-server-pipe.3692" 6064 20db1c85558 tab
3⤵
PID:828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2656

C:\Users\Admin\Downloads\free.exe
"C:\Users\Admin\Downloads\free.exe"
1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
149KB

MD5
f15aac050bc1b95ee56d14b53f7eefa3

SHA1
8d81d080745aa414219177ae59e59d299d18a409

SHA256
626b57eec5a1ed1446c2738a68ebd58d2d9039081737c3d9738c4301a8c4a339

SHA512
d7dad47a5e3cd26d997790382e493e5d487f97b20141c0b86b35b0309e6510a247150ad5940bc13f023666c33532f2310a111baa88f8647377a5fa376450e146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\10639
Filesize
9KB

MD5
d4e12ef9e2652d260afb90456040cdbb

SHA1
ae9dbccd81cfb68c4e5e6706405afe24eac90f2c

SHA256
93109b5c0e413fafaa6457740ffa75bcb81e5ec2eaf8c491b288ac66d852d431

SHA512
82fbc3e164314af59f3a5b8469a86fc1b9a7db0f6f36abd888e35b8b2fa6321c2b5bc6f0532e4691100737e0164f872cbb066bb916eba16724d1c9672512a660

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\11773
Filesize
8KB

MD5
1127161707fb7e38ee7224f771f2e6dd

SHA1
998ec7cdc76255ef51a9d7155c50a30fdbf09274

SHA256
4e0fd2c57074e966080ec5ea98d38edcfd1528f5f238bf99625e59f512e3be05

SHA512
9625c1a58904ec8d3248b8c9eead01acc093a90d77a54f4c391fe284d62163bee0dce215f4732a2c63e606a3fe699545c57cc76b5c41697b74c6eddb6f9cff9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\13007
Filesize
21KB

MD5
43f908c75fa49909c3f9b52707f980c9

SHA1
c9930d60d49acb9db53ee02125794a3da43a5b0a

SHA256
60259ee24cee45365bb17796692d636c69a34b697e2d472333027144cfdb160a

SHA512
252d6d73c96a182e5f7662314572abb066bf07d7f0cdc30fa8f665984a1412b47efee69a5eb632ecb76afd213e7f299fad42172f70b632e212ee843777a08436

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\14466
Filesize
9KB

MD5
c7aabcf85f9286b72f8f49daa9084890

SHA1
1203987da6448af561a76ca925ac13cfce221d2c

SHA256
30d4288395b7f092aaa931b67b695c1613c3972d3465a04b11e46e30ad1809b7

SHA512
f2312ae7f4571a492ba4cde664c30d14987603816ebe03931a1f7afd2b9ef6bb4a9d83720a904e5d49010fb25e6995fd67cf34128346eaa29b181922e8ae8754

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\16946
Filesize
21KB

MD5
8c7ad0f68dce8e0b81137ee83ca1c7a2

SHA1
56afa887a94ecf8f66f4fe1adefaef41b9b3c603

SHA256
b15782ebf7ed30e6cbb7f613acf89fb6dfe88bb4c1f3789a6e314013d4565010

SHA512
8823960f7ab5285daf9710feb522cf3ae8c77b2d785a6a064ba7cb4caee2c523747f695a239373e5a9ce42bfbfaca5d30c89d8df045440d0137de01c473119e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\22042
Filesize
13KB

MD5
efb77c3f8ff6ed07f41b4c0393b108ba

SHA1
436f0a454ea1e1303b7daf15dc560e31d3e4364e

SHA256
5e8bfc3c225d04a34c635f357e9adbce371eb6b86350a4710be27945acb8dd5b

SHA512
cf0e7a11871e16df7660b066935da43b66753176771236ca0b8f740e19444f124171d05faecec050f3c2618f114fdaa1fbb98427af5f771ef4f411552305b2dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\22355
Filesize
49KB

MD5
3170f1d39d687a0fd53f6848876684a7

SHA1
f5827205af4727b96e4d32319db72b4faf5bd986

SHA256
99f7da6562a9cd24d729094dfe8df14be17e35f809cb14858e03a01accc284c2

SHA512
573a08df7a2eb2aecf49758b7be7404f25e6a2a1977b53a8e22a059197304cc088558864ad1c973f4ec58c408255c7e911112b6db182b71ab0c1616181fa66d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\26630
Filesize
12KB

MD5
4ecbc6502d9fcff4d1f35c42ac31b422

SHA1
c32934ce88b7f531e68bff24a70798975cd4cf4b

SHA256
b1b20e491bf2ca6cf1227b2cfb5d0451eb1bae93df468e3a3e5e6277173d50f4

SHA512
657d734882148b8f87da01b80f3504091a790367cee15fff30dac099a460a6e179e301667294b8004b0321caa3fcb53152b2c753bea90eea747b372f17839252

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\32488
Filesize
15KB

MD5
444372082d34986e68b1a049d0c82085

SHA1
cca530eb77644417cd7244a8b37e77915417a0c1

SHA256
30c571052676a36eac48aa2ce8c9c8796b81f1b832012440f3885c5461d90d39

SHA512
2caf3f97d07f0110d074c4d7e7e83cb87876c576aff06908513d50abd0d998b740970c434dd05462dda426bd70eece81dfc604b80e87c2d03203e9ec505a3ea2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\6576
Filesize
40KB

MD5
6016c1ea3b4c3e1ec734fec7e79a2f89

SHA1
438d5aa7f2eb5204a3f2d79abdf4767c4493479b

SHA256
fd374bed227bcdc442f4f1dfbc3f2b768067a280bece3e96b4ae2729d8c7bd9d

SHA512
a221596964627087dae92399c8dd7749c0be454457a326283ec55e204298fa7b010a04a0179e39fcbb798f5048213afc3135e655cbc5a3c7864ba47e6d376b98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\6801
Filesize
12KB

MD5
b2d78cc5c91c9f78a65ffc6829b6ee89

SHA1
e104c2e9d6e30ff5544b5d4becac196795d88f89

SHA256
d0a22d13833c2824c1680f655d47ce6529432c75fcc5a422aa29ae3f56c337b5

SHA512
4cb002759986043065edb0e524bcdd34f81cece6ff395f15b0a390b40ccd4b91a464d186a375e52f0288d099408d18d1667778269b113236f7cc7844a0606819

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\6913
Filesize
8KB

MD5
0063feabcd2f685375721015e590cc3d

SHA1
be3ba16b62bc14b42d8da2a5e244b71312dff26b

SHA256
c017c8bac5cc36b2c504ed49bc65a8804ca26c9bb36d47f3f011c8086e98d003

SHA512
6de3f947a0c364b49f7ae820f21b376c3ae0dd91c16d1ed11899fd8e95f66bc84abc750510216c8df9f933a4d9e67223bc501ec21ce69fe3481a538fb7d1c521

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\doomed\8809
Filesize
8KB

MD5
231e449e844dceacfeb4e55a6eff2a63

SHA1
d1473a5af27b2f6ed9a9d2cb2545977b463e1f27

SHA256
824848ef527fb02cdfa743e5a6161baa51deb35c4302069da2caff4382430329

SHA512
e331774ed6157300b65e22a795635cfd0a0eefd3dc9cb2ff3623c4e7e3da9b337e7b433aeef7c601fde7b1321b67a35aa2712568ce5be5a1b293dc3ac61cc3e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\4487ABFE46FD3CD324FD1C29441207EC4CEF9461
Filesize
14KB

MD5
eb4647bd4e01145512b5373a64af7882

SHA1
7decbe1cb7719769e38836786d166fdd8e23cefc

SHA256
090dbff4e7652d4377fdb83046153835c293b8cc313e109d2900b574d3c6ad98

SHA512
326b2a15989a8115e39870a8171afffb3ec1ecf9491e8857ccf92c47bc52e6572f2ffe6c9617b88aee58799bd2cf2cb0c2007d34da24100dd20765f520b51b00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
Filesize
6KB

MD5
b7a9e7d45ac0cb35ee06f6762bab13db

SHA1
1f8b6edb78f21ff3a689f44cce6e04d70bab154b

SHA256
44b2f14f56b8e5ea38716bf0e09728936ba77260c18db11499c312d5d4087947

SHA512
5c83bcba342f51ee8d91ef7d87dbb8f7bc0fa190c92d69dd4a8daa05400058cae5bf144c3b0fe91fc0b031cb640e266ef572a93caeabb2b822c96d18dc5a9d8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
Filesize
6KB

MD5
763c56fdaa8f2fb0fe5429c9232ce4fb

SHA1
da17691d08c5cfd947b4b4d07e97c09e6bb4cc4a

SHA256
301502f434ea65220c9d1cc3123d0b812e6f13f07abfbd4a6061c709e0f40ee0

SHA512
50cb769dd102badb2228cb7a8f29b3d09775ac869f4580df87a8eb2fe63e98627b10984568303ba99076e008cb4d27883c45319a85991d16e5239f6bf5fed7d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
Filesize
6KB

MD5
9eba1bcbe3e8e7ce65f955282e61680a

SHA1
9082fd16934adb7237b23e28950b92afc9b3d05e

SHA256
0afa6f922be58ba758128cde36a9d24ea65f12712da2dfc2e85e12fb31b5ae55

SHA512
fffea5a35288f4f9aff0ae3803ade316a12cf55a6b4f92908287c267c05baf3ad785930f19af730f3d53aa79ff5a8cfd43011b7519fe36d29a38c44649e26026

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
Filesize
7KB

MD5
91315968f818ff3d6e0abef245934338

SHA1
ea3c3acce9dc59e0d9f8ceb0f7add45242157898

SHA256
19e4cb32cb6e5753b78bb5ceb83988bdc3bfb3c57d61d04ba05f41845d4a575c

SHA512
5283bf4dc0c81fe5265b176eeee760fbecf1530b3772b0c7ff5c1e8a825e6f98b2a10ec1630c5b5831ba080cab97f45f526e069cdf92124a08b316b50aca30f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
Filesize
7KB

MD5
95aef2573e8185d4674872ee2e2cf821

SHA1
72c66ea28c0469fed758e3c5deb9862cc559f095

SHA256
975493983577d8edf76f3d05e749ce356b44d756c159ddd3ad77c4241be81944

SHA512
dc4886358d91924f81815e9eba9f1afa17517cdb879221d80954bfef3c4e28819d2e6237f083d0ae7ee853d1981169cdd60f1d628da4cf70fdcf9235fa79c9c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js
Filesize
7KB

MD5
3ee548d697b5f5906ac1a75685624cb1

SHA1
532c83ebfaf734681300daa029c7433c2a0b03b9

SHA256
1bdc7345f2ca38f13b3935b0abf82862baa768a1d5e58293007490d7dad42fc0

SHA512
c9796ecbd2a99d7e986bd721cd9dd084a3e522a3f4aef19853c7cf97dfbfe882a9d9fb6192ff20d797fc336e5f4fa19e7e965e386f832f57076d61c6c3c0c6d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js
Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
28KB

MD5
82271e67ba20cc6b83c889f981078e0b

SHA1
a8275761993e0934b6e9727f1c969be40519a6b4

SHA256
b689bcede71311fa886f2a882a0adb3178ea87a5f30963d3778ff4c7da1ef1d0

SHA512
0e5db0829f28db78bdb48881e316262f7cea5690a7006b23b214f45a58285afaebb02f1d24b4177e110ad77648d927743cc70aeece273cd3c4fc042a9fe803e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
29KB

MD5
348816de794f08cad11b999f34d9d19a

SHA1
427eb82c79dca3d27d72e20c9a999b49a293f672

SHA256
db42d69e553a1f748bbaa88bd8c2bfef57004c3cfb9ae6c9984dbb2104da9bfc

SHA512
cd654cbd4807192752182cd75a2e39302a7f7252714b4119a37377c123ded14144232cdf14b13a0dba58bc0b584836f5d6ef929583a1ee20894f22c0e9f06985

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore.jsonlz4
Filesize
32KB

MD5
b9f77323b28bef7de3db8baaba4bbb77

SHA1
a99bc58db86194943510d0d656a0685031cf107a

SHA256
42873182212c3025e0a834b9e6f56a739dbe9416d7ee689bf49e863326da6a57

SHA512
8ebdf9909521f64eba579c4e602dc5d4444355e3e2c89b8dddac9728da11cc172757dd4900a283db8bd062957b53295038e388092c6fcc82d96fef7f865f2e39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++anonymfile.com\idb\3046956142obaDid.sqlite
Filesize
48KB

MD5
d1b1e57f2e896980f3f7bbe692ddec11

SHA1
3c81c65bc870483bf30814dc1f127bb482084e8c

SHA256
c5fb3ae5bb77f0db852649845527cbdde07887780d1daf5388a9b73ded09f356

SHA512
4be25b435fd9e94537982e6dfe6e1dbad509af1ef52f01e65e5ab0faf1200af16d54c266a443324722907f80d2153bd008f2f0c288bb517f132db54a785102d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\storage\default\https+++anonymfile.com\ls\usage
Filesize
12B

MD5
ddb63f2c64902ac82ee553a2047e4bb9

SHA1
ac5d6bfd439606ceefddacc102bd484475202068

SHA256
7206f8cd28e7d688d1b66118608df1d32a7a6d8413bad938569bb1e6df26c899

SHA512
1f12421d776093c5ddc556485ffc016846b090cf7dfb3d78d3dcc21cb11265316ae458c258d1b3a95507fcd4ec62c1634b3e8a84671e6d233bf8391ce3ca1e3b

Download Submit
C:\Users\Admin\Downloads\free.exe
Filesize
221KB

MD5
a083918dbf9fe0fe4dd0e4aa553d678f

SHA1
4bf49c54b4d002af3e6d1427a8fe53ba5db7b003

SHA256
aae9a7e95acbbe7ab48ee0d732f2d15866f7794cd7d6415eb68c57124cd40b27

SHA512
17f2fd252b7227557c23bde35f2709dea27f5552b733459d022db99f340fea3151f715dbff5e456ab4d52489f32c9a7496a7576c6b9a077279ed425fae9c9cf0

Download Submit
C:\Users\Admin\Downloads\free.exe
Filesize
221KB

MD5
a083918dbf9fe0fe4dd0e4aa553d678f

SHA1
4bf49c54b4d002af3e6d1427a8fe53ba5db7b003

SHA256
aae9a7e95acbbe7ab48ee0d732f2d15866f7794cd7d6415eb68c57124cd40b27

SHA512
17f2fd252b7227557c23bde35f2709dea27f5552b733459d022db99f340fea3151f715dbff5e456ab4d52489f32c9a7496a7576c6b9a077279ed425fae9c9cf0

Download Submit
C:\Users\Admin\Downloads\free.exe
Filesize
221KB

MD5
a083918dbf9fe0fe4dd0e4aa553d678f

SHA1
4bf49c54b4d002af3e6d1427a8fe53ba5db7b003

SHA256
aae9a7e95acbbe7ab48ee0d732f2d15866f7794cd7d6415eb68c57124cd40b27

SHA512
17f2fd252b7227557c23bde35f2709dea27f5552b733459d022db99f340fea3151f715dbff5e456ab4d52489f32c9a7496a7576c6b9a077279ed425fae9c9cf0

Download Submit