82307054fbe35ccaad98471133b39ae07f5e4ad3b54c81a7091cc06101b14f37

Analysis

max time kernel
332s
max time network
333s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 19:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OF DL.exe
Size

2.2MB
MD5

460579098dad837fe39e2db835e5db3c
SHA1

32bcd9c737a72df80e7d9a3f901ad868f9323593
SHA256

82307054fbe35ccaad98471133b39ae07f5e4ad3b54c81a7091cc06101b14f37
SHA512

31f85a1974cad43293215cddb233b1cd3249054cd730a4ec6ccb8e1d92b027053645e6b8850beb89613193c62fc9c092638b9cd18ebe21ab4a6d0f84f92fd8d2
SSDEEP

24576:3cSkBZvX+p+OgU36zMTMNNd+g5Wk78GBBjgrIQtD/JPjO3GL1jiVfIz:XEXCP64jgxBBjHQtDhP4c1jiVgz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3272	OF DL.exe
3184	OF DL.exe
1080	OF DL.exe
4216	OF DL.exe
4752	OF DL.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OF DL.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OF DL1.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1788	firefox.exe
Token: SeDebugPrivilege	1788	firefox.exe
Token: SeDebugPrivilege	1788	firefox.exe
Token: SeDebugPrivilege	1788	firefox.exe
Token: SeDebugPrivilege	1788	firefox.exe
Token: SeDebugPrivilege	1788	firefox.exe
Token: SeDebugPrivilege	1788	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe
1788	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 3052 wrote to memory of 1788	3052	firefox.exe	97
PID 1788 wrote to memory of 4428	1788	firefox.exe	98
PID 1788 wrote to memory of 4428	1788	firefox.exe	98
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 5092	1788	firefox.exe	99
PID 1788 wrote to memory of 3656	1788	firefox.exe	100
PID 1788 wrote to memory of 3656	1788	firefox.exe	100
PID 1788 wrote to memory of 3656	1788	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OF DL.exe
"C:\Users\Admin\AppData\Local\Temp\OF DL.exe"
1⤵
PID:1680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.0.1558657810\1333664015" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {127e2053-c5ac-488a-a08e-1fa0dbfec46a} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 1976 2c6b880c558 gpu
    3⤵
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.1.1563745638\1861717424" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61b67496-abdf-4610-a7f6-2ae45d6b89da} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 2376 2c6b713a858 socket
    3⤵
    PID:5092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.2.1259072206\509287077" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3200 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae8937c7-6d2e-40eb-b636-18ffc0f3dbfa} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 2972 2c6b7557a58 tab
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.3.1645069800\645014656" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3500 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0754fd93-c9b3-48c4-8cb0-270317ee0d5a} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 3576 2c6aad5f558 tab
    3⤵
    PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.4.1399497140\2087637141" -childID 3 -isForBrowser -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a395495e-0938-4988-9471-87355586e996} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 3416 2c6bd4ddf58 tab
    3⤵
    PID:372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.5.1179581766\611861070" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 4988 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {075df4ae-5f5e-4459-8fad-e4c6c5a85b01} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 5040 2c6aad62558 tab
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.6.876770513\1840826541" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08fd20c5-4b99-4d22-8347-e51fadc21719} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 5176 2c6bdbf5a58 tab
    3⤵
    PID:2312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.7.1138126774\154521068" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {344ea549-745b-4323-9dcc-603a06aab4eb} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 5368 2c6bdbf6f58 tab
    3⤵
    PID:2664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.8.656656183\627057813" -childID 7 -isForBrowser -prefsHandle 5948 -prefMapHandle 4944 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5aa8659f-0bb5-4008-8cbc-62b7cbac2843} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 4152 2c6bd972358 tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.9.1675716278\772727315" -childID 8 -isForBrowser -prefsHandle 6064 -prefMapHandle 6060 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f007d621-b239-497c-98ef-55e6aa280ddf} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 6036 2c6ba0cc858 tab
    3⤵
    PID:2688
- - C:\Users\Admin\Downloads\OF DL.exe
    "C:\Users\Admin\Downloads\OF DL.exe"
    3⤵
    - Executes dropped EXE
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1788.10.2106580316\854050902" -childID 9 -isForBrowser -prefsHandle 4400 -prefMapHandle 4384 -prefsLen 27465 -prefMapSize 233444 -jsInitHandle 1196 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eb99403-0e3a-4df7-870d-14055b193350} 1788 "\\.\pipe\gecko-crash-server-pipe.1788" 4628 2c6bdbd2758 tab
    3⤵
    PID:4820

C:\Users\Admin\Downloads\OF DL.exe
"C:\Users\Admin\Downloads\OF DL.exe"
1⤵
- Executes dropped EXE
PID:3184

C:\Users\Admin\Downloads\OF DL.exe
"C:\Users\Admin\Downloads\OF DL.exe"
1⤵
- Executes dropped EXE
PID:1080

C:\Users\Admin\Downloads\OF DL.exe
"C:\Users\Admin\Downloads\OF DL.exe"
1⤵
- Executes dropped EXE
PID:4216

C:\Users\Admin\Downloads\OF DL.exe
"C:\Users\Admin\Downloads\OF DL.exe"
1⤵
- Executes dropped EXE
PID:4752

C:\Users\Admin\Desktop\OF DL1.exe
"C:\Users\Admin\Desktop\OF DL1.exe"
1⤵
PID:4960

C:\Users\Admin\Desktop\OF DL2.exe
"C:\Users\Admin\Desktop\OF DL2.exe"
1⤵
PID:2092

C:\Users\Admin\Desktop\OF DL3.exe
"C:\Users\Admin\Desktop\OF DL3.exe"
1⤵
PID:4676

C:\Users\Admin\Desktop\OF DL1.exe
"C:\Users\Admin\Desktop\OF DL1.exe"
1⤵
PID:4456

C:\Users\Admin\Desktop\OF DL2.exe
"C:\Users\Admin\Desktop\OF DL2.exe"
1⤵
PID:1604

C:\Users\Admin\Desktop\OF DL3.exe
"C:\Users\Admin\Desktop\OF DL3.exe"
1⤵
PID:2668

C:\Users\Admin\Desktop\OF DL1.exe
"C:\Users\Admin\Desktop\OF DL1.exe"
1⤵
PID:2136

C:\Users\Admin\Desktop\OF DL1.exe
"C:\Users\Admin\Desktop\OF DL1.exe"
1⤵
PID:4832

C:\Users\Admin\Desktop\OF DL3.exe
"C:\Users\Admin\Desktop\OF DL3.exe"
1⤵
PID:2952

C:\Users\Admin\Desktop\OF DL3.exe
"C:\Users\Admin\Desktop\OF DL3.exe"
1⤵
PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\516

Filesize
103KB

MD5
a5451a00e3d335042fc514353ffae2cb

SHA1
db78fa7b9ca9849fdb3b192555cc0da2164989cf

SHA256
2c00750464655a64dc8bfa8726807bfca244a83fcbca6b1aeb0eb21f8b5e5106

SHA512
3dbb59701a3967e3334aecdb1a5a90770074938ca4dded6140f64f6cf860103487fbadf35f3856a40734d361ce1a6997f8cff19122619aad2e56740075ae3cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
1ce67b37c331c6ff54592ad308d4a07f

SHA1
fc6fcf48afe232827389967f79e606c444905de5

SHA256
8556d47a1942e590df6c114dd3a85f34ec06b6addb8dcaf47928a84b16e075ff

SHA512
7b86b6361f2cbcf5d6a81ecd65fb350dca99d06dc14a5adac8af54ab338e4ddae4f01899de3c7e50b51fccd3d393d9077f76c1273c52133d9486e6cc6d43c7ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
877c1e82c0481889834e8b878d1cb148

SHA1
c8138f5265b42ce5b9fac9727303a5b1f376dd06

SHA256
8d8692068d19a71ef4de20b9590934b41335dfa9fd4434e77df62d7e7a1b9523

SHA512
ed3d7120388531a14099e798b6209e696538fee327eaf2cfae27c6a01a4b7fa8eeac8681d5b067c80ecbb8e7eb3dfdcdead715df9b9c1acfa0f8cc28b56d4ddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2a420ed239bcfbb911d7574a434c425d

SHA1
c183a4a0a8be65c104732c66b81f10596cfa906b

SHA256
04d288aab8eb4936626b4dca23d53cc08641379ad1d150fa35075e8bef6369fe

SHA512
6b608e704dcdd3539a128d6c0db74159830a962f7167415655385e859ef0d026c839d2309334c0d3500cd30f4c13b1f04e68b957bec3967886bd1ff08bc7af39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\69fd9cb7-2e42-400c-a96c-9fe46254fe74

Filesize
11KB

MD5
53c5e85e2c88a69fb0fbad9ea6b6f68d

SHA1
f418130c54cf7ce588dd3041be7fff1babcd2595

SHA256
e3e3df5f5f821f4b2f044da18993a47ca6bbe38330e36a06e5da83fe619c0c49

SHA512
e4fc00f92dacfa982cb5a10ddc64a8c098f4bb7f78f1a634bffc816aad8dc0f2bc37cb2809becc18f87e25760e30eed488fc906a0a63c906b5852d34aa6f71d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\d6e9c7eb-bda2-4a11-8e71-71638ff0b1f6

Filesize
746B

MD5
d970ed6a5687f4215ba78b8fbf4bf273

SHA1
86bc5f9d68bca6ccfda55ee026abb4d4da553167

SHA256
5f847bc8215cfda6764cd79c909d8f61a351ee996a610acbdc70db73e5ff5de3

SHA512
0c85b1eed681c7b0b3248167a07595635afbef85f235cf5048192c93cca4ea260c55440b5a1eaef1870e4be0743f0fe3cc26d6983e21dcabc3bebcf81aff5500

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
5b7a6d705b469e5823abe48129d78baa

SHA1
977a9ec4677bea05295a86bb901ba03192ca5171

SHA256
85b9688a75a18b08e0492618e123c1355b4dcb726f47aa3333c3f323c7881739

SHA512
b9e45a11e40526868e4f134b8057ae96fec4cb1aa16564022f8c82345b115ebb0adf50b8c54a392d9498e012e8b1225ae8d249cf829e65f9a1caf601b1e4d18a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
2cb232d60b8b9afb9d167efc95a4e4c2

SHA1
92f951ab340aac3208dc721d4901a951a6226168

SHA256
586de8e02431b23a98e1e12bd58d95e19b5e15e395a9c8ee2a47e8cddab7533e

SHA512
1cf833c0979b584f13ed85663fea791d8812d19eafbd4ec647662e56f77250f7b3c31fdc02a4776b6e20ba6acece057a24625acd2dbd7cddd783c63d1d337e2a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
ae13d7e020d7f5f9189852dee9692926

SHA1
a802be1fcac459c01eac61315ad2c5b5a26e413b

SHA256
6a984e70e2b77f46430e3a378ac02cffd67622a6dc6bc852fb946621360579b2

SHA512
7ee0284f5c717f938a0fdde2adea9da6b2e1ef3c880125164c42c7e1c803ac75bc1d67f8a8eeb215f1ae478bdfd6a83e43efe6687c659b73694b670d7cde41f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

Filesize
6KB

MD5
de93f6e388a22219bb2f25c623d9e408

SHA1
b5e9043734e05fa286f7cdef6f39bc264576d76d

SHA256
160af6361935f2a9d7c3de194796f5ae8fc4c07ae99524361928b4e1b1150463

SHA512
12ba3d136603a70182cccda1261fcfa88b5a4d06df45fbf5ba6c5d5c090de778a8c2abc1dd0669bca941f38a5f8eb1fb078da2b2ce16a7a0e0e13f9307a39fc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js

Filesize
6KB

MD5
db760493db5ee62b4d8d773b6a315483

SHA1
0d9d89d8695866346b1a0671f0eb349f1d9c49f3

SHA256
1f7da709afe582ead40294cd1e32727f661e15a575de32c1dad7368621f742f9

SHA512
ce8b92fbde2fe34b2532c32ba98031a20077719464222397b5373621565f6f7fefe96eaedc4f6e71e78705a235faba430e8f17d83a05dacba1456ddc3b596a28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
e87817fa9723e0dbb2c7ccd676ef7ce0

SHA1
1a6df0697dfd7b1d1fb11a44d0f64d29417f8b3f

SHA256
9ea996d8fba8131a9f664742e3ab417afd31bb2ea15a57fab0f6e673ea49a099

SHA512
30a9a3be0e262e80653aafdac429cb8c2378be1c373486e6e5dce2154182c89eab5d2ec5ce6d6e43def4f137f829acd036acfd33a56b474db34cfc8e8d9993e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0c2bcdcd6f2cd5e961df05d57b8576ac

SHA1
90bb42b19278bb8047d1be2045f46b2bd3f6ee6c

SHA256
48c3bde322d7aaf0b4d33671e966573a97b2c44239deddaa161da913f9281a5b

SHA512
dbea22771b1fba2e7853f4a2b3f2a79b6e4a73573534b436eb71bfccf2825bc1682c91ca11b0e901b642c0ec48c9aed1cc10246c98ff1e2489c74f92cf17d294

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
a5f01179da924eb5e7de75963166a036

SHA1
6c3eeebae158f63c108beaf38ff9d8c0307037a3

SHA256
65a77feed394ca9c214103cbf0b62542f288bcace033ab49d0bfb3be4db6ca19

SHA512
b94e030afe815fd36b58e09e4b5992a9aa691e491cdea3ffa4271c6fab73ff2acee8111972898ec2d2b40cc5bc9f5fd65d018ebcc26dbfa9b423a14bcda60a92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
7c9315b041d318b9e2c524647acb92c3

SHA1
ebf80aad15f41185f7001c2161d86a89c8d7cf2a

SHA256
104b5a1bb67a3467806808ac47b7fe6c26d0adf637a3839f3736ed9ac8027400

SHA512
681d088a72de13e3f09df9e551c9eec49087ffc65fcec0a88cfeb9e35a9f3dbfda2d07333baa2f8c48157571de5556b5d440723cfc413549768d790a24e7825e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
b6d51f45f9aa99720d485dd2909f5672

SHA1
ed61f74549700f7e1d3d2db2d5eca2d03eb6bdf5

SHA256
7147429b950903879d6b142e9ed49c8d1735d1506f73fd968304a13cb8bde72d

SHA512
609a2d03d6e3cb28de9b1589f1db4f3f1575015163c5610999e80d58e570222cf819d4cdcb47ae0923b037790a4a6e5936b28d2542dc0fd5968ca50f9c647e45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3d4607d4ffa1557e30f67f63ef555d5a

SHA1
3efe3a61578b8ec8d4745eea2a5a63da39cf08f3

SHA256
26727f02059c4cfe11102884abc53edf863fbd2a85395ff29051531a63f33629

SHA512
56b61b15e8988257ca6fe927512b97e656e647858e31c4a4cfd93367a8e076741010009320ebbd4a6698ac45afce11fe330264914c1b44d84f977205c732b6c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\103\{69d5e41a-e870-430a-b2c6-26cb3abb4067}.final

Filesize
914B

MD5
42be2d91dc1832eaf1260fa229a36e5e

SHA1
8a9705fbc8e6b1d239e4830b985b446e8ba82824

SHA256
586ec9b20c107b3bc831af9a3999e6b040b13c0c140ac10dcbb150fe7e724c11

SHA512
ac5ba80bf723afc86efb632959236de0563bfc5425bdec4cc0039e38aa8c50848159577b1d7229da82d726cd93d069dd12e47c41378ecd5e51cbca2808b4e808

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\133\{767b3a69-c8e0-4b91-b87e-fd2f7b0af785}.final

Filesize
93KB

MD5
743e39e7609a3c844368dfc644fbf557

SHA1
5f0634a13459247850ddaca072260f5a56f0d476

SHA256
3355771f25ffbe9acf788ed9b3ab03610aa67c66eea75b04e43b61111addced9

SHA512
4aa83f42d887a6d92307f47cce20d4d6fea3e7316210c049030598aebab805797914a1e4bad29b2a2906383892319fe3bde361e3c12d2f4d121435aea4e97a49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\136\{a7f23fa5-feb4-4a18-ad59-1933d2405588}.final

Filesize
87KB

MD5
9845661fb0521bf4988b7b6574b5537a

SHA1
1b8865a502761d16777fa4c0bef6cb91ecf0322e

SHA256
519907dde6344d60d253272da1d00574bf1e2f0de8886ee6b491efbc310e99ad

SHA512
3c9255e51d46337370f6a4772eddb2947c975ba3a35c4bcccc78c84ca8b7ee76e44bdc2e4f24134bdfa0714b34240cdc6c1b32f758926f057d54dd62035716a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\15\{2ee324f6-33b4-482a-92e1-d96e4fc8c30f}.final

Filesize
2KB

MD5
0ba84aa237c58935f2659f70bfcff705

SHA1
be68e762d407f94d79e9acc56ad5b84b5af7ccd4

SHA256
045af05203ee319f712b9923f5e633be1d94932eae36d1be74cbf4ca7aec342a

SHA512
d985f8a17cdc3616465de3695193d2da58ee2aaff93f1b10361e456fd2e33c95cf9b7d0e88aee60fd7c8a8d4d6b5d3ed626a7c6f1a61930cb3c0ff447872e236

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\186\{9c0ef76f-7410-4c75-b2e6-df2d8e0738ba}.final

Filesize
93KB

MD5
fc226f50b5ccb96cf033a3e71e8af6f8

SHA1
1a95c3118c642858b8d42912836b60c4aa0759a6

SHA256
039d7f2061f1f3f48dc6c39e3f3fc350372a0d46d008037190184bc0db4d21e0

SHA512
709a56ddc2f92672744655e18d47be7bcb15ce6e711a7d31dec7f0602e98e57a3715c7f073db437f316ff1518caf7d7f53d1757d1b62a97de57722edf831805e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\212\{0a88f108-59f7-4079-a9c0-0305133b7ed4}.final

Filesize
1KB

MD5
405b669e8079d96f7bcc412bc1c2e9b8

SHA1
708cbb4f6beee3f4d5f0d371b081c5c251601fdb

SHA256
19c8781adef7b3758fc70b15072ad164095d8b7bc6f30de8e5919283b83d140f

SHA512
4dfbda91b86fe59b77bbfe1ae4d193b6677d1d6c9bd25f691da0c05b60c25d1d0d2aceee347c3324afff7e7071f2810f74742752407fbc04a0cf247c359815ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\215\{0a7db21b-dfc8-4327-825a-d46cba7b47d7}.final

Filesize
3KB

MD5
43a05488d04f26ce98a5e7a14ae2973d

SHA1
30b30ab31c45d686f7df02c9bdb2ccb3bd32972c

SHA256
50f1d8327b58679d2d1b14726bcfd722b0c01f4d65870e01279ea768288a48c1

SHA512
02024db1719b41c212e1bd0d4a4584f82681854b24b509ce65d6d1994c443eff2f7aa09bf086bec368db7791477945ae862cf6b7824d63813ae16d7feb2d74bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\255\{f09cbdb4-6a32-438e-91b5-904e771f90ff}.final

Filesize
1KB

MD5
1ca3cf57769dcc70bc5b5bec5f472f2d

SHA1
dcad2370499395ff807e5f2bbfab69d7255b0099

SHA256
82f8ccbabf81006933f2b4a212dc45521bf512ae513ffa04140a776753f52be4

SHA512
6d016cfe9586dc6926c6d93b704949b6e12bb9ecf1b09da83e085cfc4661577b718376fb8771bbf5c5df4c75aca0fc8df55f7314e45efd33e6b95e5e00a9ca2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\2\{3a1b9295-a0f9-4bb1-8afd-6f57b5f45c02}.final

Filesize
9KB

MD5
acb82f1af6eb8c3be48a1f475913739c

SHA1
d717d237cf123aa0d2b6c3a9cbeb32340e5370bb

SHA256
729bcbd4a7252bc21b611cc87b444dabf5e4b503cbfe0b940da96df0edcbd7c2

SHA512
3c2696c48c1b5fd3a8e070c151844791f59bd0029193330d611d38e398fbbb5bd164007004cdd637255506f32ac303619d9c7b08ff655707ed117fd5fb3ae4f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\34\{5d8d9961-f69d-4ee3-8bcf-5742baac8522}.final

Filesize
531B

MD5
3421849d3b9a524e93a67ff69ea8a106

SHA1
ee769a44110eae8e19e43a9c687af6ccee79f406

SHA256
06581a18a821de09525093dc3ab8d4cc00ba595b2e1f1ebf1b8c408b8f8a6f74

SHA512
f7a86c400c5234b791bded79193fefa0826fd9e093b1894521cd8318cc898529dd64cbdd3826b54dc3b1c9dd6f15d0c8c327e9484146896e7405d68d8f300f36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\default\https+++send.kubab.xyz\cache\morgue\73\{48a8d3de-e845-4210-8a0c-1cabf5644649}.final

Filesize
31KB

MD5
4bfe8e77bd1310f663096697db87ae6a

SHA1
46b2e8c8ae0d646535a4dea56070913cf354ef2f

SHA256
85dd75f0fdea3b8a116f833fd7a44f24844fbbcddb01f444d445e3461d46ba88

SHA512
3bdbd35512cf5fbf1856a3ba21fe2dbea03ea36480ff5c6efc35eaad703319daf271ff4c81198a1796e7f96f2a058a9c7d79187f88322b6a9ccb2557f5e212af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit
C:\Users\Admin\Downloads\OF DL.EI1GhaLq.exe.part

Filesize
124KB

MD5
e019f05a2031ccf165188bb83c1b7e23

SHA1
b06dac5f7b6c98b8e7b5f13ba8186c0c0f2548d0

SHA256
6a2f72feca9807de8f3deca727262a521f70c93f5b6304605bb7f4e207703bb5

SHA512
3b8c6077360385164d49d69323e033c7cfac5ef76413494304ec52b37d5fb6b047edb8b584ee2ff5647269ba6793bc75b9e2ed5d625ff9d8d97cab2a19ffec00

Download Submit
C:\Users\Admin\Downloads\OF DL.exe

Filesize
2.2MB

MD5
460579098dad837fe39e2db835e5db3c

SHA1
32bcd9c737a72df80e7d9a3f901ad868f9323593

SHA256
82307054fbe35ccaad98471133b39ae07f5e4ad3b54c81a7091cc06101b14f37

SHA512
31f85a1974cad43293215cddb233b1cd3249054cd730a4ec6ccb8e1d92b027053645e6b8850beb89613193c62fc9c092638b9cd18ebe21ab4a6d0f84f92fd8d2

Download Submit
C:\Users\Admin\Downloads\OF DL1.VyEooJ1_.zip.part

Filesize
160KB

MD5
5dbba9fe50b9b3accb6fda1158588fb3

SHA1
90fbf08c015041e729a02acd77331727a0d10839

SHA256
ebb4cab9019b52a56f5fe4d37a59d5828cf32c9b3dbd207544b8df1a947ce735

SHA512
2a5f8a65b043d8e9439f7b6553ee26cdeaa09dc2278c2bbc760c854aeef57b8715f1e67132d9bb51cb7906609fc14d24064c1f5b76c1f6e81a0b5ceb964850cb

Download Submit