5233e067e0204a3356be54e1ae8a3e6484009f17164898710db6312cc91809b9

Resubmissions

23-05-2024 03:53

240523-ef2zpsdb69 1

23-05-2024 03:52

23-05-2024 00:07

23-05-2024 00:04

22-05-2024 23:56

22-05-2024 03:59

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

020_jjk_256_28_018.png
Size

1.8MB
MD5

bdab4cf08aa821038ded126aa95f0085
SHA1

aba24f7d88e776f1866b4cf0c673374bf4b9ce43
SHA256

5233e067e0204a3356be54e1ae8a3e6484009f17164898710db6312cc91809b9
SHA512

d0697e2dff103b036d40de009a008fe1c8443bcfc76e4ed1ffd9f24e5e6bccc745c06a066746a79efb60fa8e0d1c01a130424ab9d24c0efa2521890bfd3e8efd
SSDEEP

49152:X7D3F5MzF5WbaT7hbILE8EoQGhmitQxTzrXS:X7D3npa7hcw8DQGhFQxTXS

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

328 discord.com
329 discord.com
326 discord.com
327 discord.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
328	discord.com
329	discord.com
326	discord.com
327	discord.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	3216	firefox.exe
Token: SeDebugPrivilege	3216	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3216 firefox.exe
3216 firefox.exe
3216 firefox.exe
3216 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3216 firefox.exe
3216 firefox.exe
3216 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

3216 firefox.exe
3216 firefox.exe
3216 firefox.exe
3216 firefox.exe

pid	process
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe

pid	process
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe

pid	process
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe
3216	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 4332 wrote to memory of 3216	4332	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 916	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe
PID 3216 wrote to memory of 3048	3216	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\020_jjk_256_28_018.png
1⤵
PID:4876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.0.636047503\2109650699" -parentBuildID 20230214051806 -prefsHandle 1724 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4afbde58-6e4f-415d-a38c-a10148ba5e9c} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 1892 27c91c05658 gpu
3⤵
PID:916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.1.1830498371\1748546551" -parentBuildID 20230214051806 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98f5f894-d4b7-4dbf-b540-85437c11323f} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 2464 27c84e85a58 socket
3⤵
PID:3048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.2.1365244161\2045988355" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7931a92e-8767-4638-95da-0b86e83c6a41} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 2980 27c943e3258 tab
3⤵
PID:2000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.3.86846441\1846041311" -childID 2 -isForBrowser -prefsHandle 4240 -prefMapHandle 4236 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6ec3aea-d5ba-41ae-acbd-91daf937938f} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 4252 27c96d20e58 tab
3⤵
PID:1984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.4.925287042\1745598599" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5108 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd87b6b0-5726-4672-b358-abf3f97fb6bd} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5100 27c99510558 tab
3⤵
PID:4372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.5.1589383232\1535435793" -childID 4 -isForBrowser -prefsHandle 5340 -prefMapHandle 5336 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5643f201-c7d2-4820-a0f8-4a0ee944fcd7} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5348 27c99513558 tab
3⤵
PID:1792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.6.1749007535\1519727249" -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5528 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de5e2a15-3267-4857-8579-bb61aefaee3f} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5540 27c99510b58 tab
3⤵
PID:2296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.7.349860653\11830289" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 4916 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5120c6d5-98d0-4e3e-90fb-25836de54d94} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 5924 27c90fd9658 tab
3⤵
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.8.1010606445\453663455" -childID 7 -isForBrowser -prefsHandle 4384 -prefMapHandle 5976 -prefsLen 28098 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57409779-d3e7-465c-97cd-2b6dc812be15} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 4928 27c96a7e658 tab
3⤵
PID:5212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.9.574824317\978645025" -parentBuildID 20230214051806 -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 28098 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1169cfe2-00b7-4c72-92a2-8d94862a594a} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 6092 27c993fcd58 rdd
3⤵
PID:1060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.10.415478714\375670284" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6096 -prefMapHandle 6100 -prefsLen 28098 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {015a016f-bfee-461f-b69b-399715e8be08} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 4384 27c993fe258 utility
3⤵
PID:4140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.11.444789557\1712905906" -childID 8 -isForBrowser -prefsHandle 7848 -prefMapHandle 7856 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90af09c8-e7d4-4109-bf22-598750042ee8} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 7984 27c995a3458 tab
3⤵
PID:5604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.12.117141023\1224044491" -childID 9 -isForBrowser -prefsHandle 7812 -prefMapHandle 7816 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfd28489-f78a-4eca-bb38-2ebbefe7b1c8} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 7804 27c9cf3b858 tab
3⤵
PID:5436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.13.339567315\50263313" -childID 10 -isForBrowser -prefsHandle 10620 -prefMapHandle 4396 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f96c6769-5b5c-468b-920f-a61db7616ecb} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 7708 27ca085c858 tab
3⤵
PID:5560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3216.14.79394830\2143031609" -childID 11 -isForBrowser -prefsHandle 7728 -prefMapHandle 10608 -prefsLen 31222 -prefMapSize 235121 -jsInitHandle 900 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edaf2dbe-5c76-44dd-8e74-537c1baaed17} 3216 "\\.\pipe\gecko-crash-server-pipe.3216" 10612 27c9eef8958 tab
3⤵
PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
178e6fb8b4b873fa3cd1f9db1e2d084c

SHA1
826bd935949bb0aaceff951961fdeb6f073940f8

SHA256
cd2c66f711cb00542d30b668dc2869a177a065168a1d485a6e4705a441ba606a

SHA512
cbe9922c273324d94fe0f52c7c3702f6c43a5e4d68c4f5b40d337f0d0e877244bc9e383bd2e5b29df522b52d00c3bf41a009335d97a01ed9b8e155351d751bc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\11473

Filesize
17KB

MD5
cea354cdfbd179f8b9daef5729bb5cb3

SHA1
6232abe5d367ed669e83464d76fdf2cb13d0afaf

SHA256
f3e85353448d30ba6312e6416609a42e4084e21f6fe647127100cc77bdbbb6a3

SHA512
93a9d02e5ebf80c604b7fc2a6f3490310d79071dbcb3e20639af078bffc1c617935b042648ffd951757140570d4be2a1049bcdf940391a79f4b2b4780c0dc093

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\1212

Filesize
139KB

MD5
ddedebfbfe7db682bd1590a10383aa4c

SHA1
033c41f76413b73a188442762b538dd4e3d294a0

SHA256
9ae696e18701459ed0e93fe1c0c257aa2071e793997e7b4c58b0a63ca7041e97

SHA512
4a5f451affbe0e466f873427db4e34c6e017e91c70df9df088b2dc66b37b623ec483c4993ea31c226abe7d24a6b335111bbe285f803af89e9a8c0b76385053bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\22562

Filesize
17KB

MD5
29274ed276e52e07c53392198f2b7802

SHA1
8d8607181c1e59ec99ef194397abb62fd4c21a28

SHA256
5472c4982e686db147969e5a610d534b3e0af55dc268dc323add6b1cf9fc1c66

SHA512
31e031609ffaa33e70af66907f21e5de03dacb35c6d970878f250d08bff7667fc24eb96cb1ea6fc0565d27c436634cf81ee6088558f01e8f3007e52f66301d69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\32749

Filesize
17KB

MD5
88c0153fd51a1cc47087092a2a22ce28

SHA1
fe7c0dce8461362669ef025ac533b6efd548ecf1

SHA256
45fc456c46b77325a02a9c06923043e9563c9db6cd1a78ca2414b1952752faaf

SHA512
197e3a655fdd675589353bd510977c1fe1edbb4b3b84bb8aa19958450ce8c922c09bb50db0900f660922d2bf634625d59d1f5febfb4a194d01954f8ca7a65ebe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\3565

Filesize
9KB

MD5
86afbdca5d519855bbbb4e4ef7663144

SHA1
13fa1346372052453628d8d162d61effc983f746

SHA256
d2bfe7677d452886ba4cd74b322cfdcbfafd642ed9093b6dfb890e1a902b751c

SHA512
f84af2df3d854323cde5bc4a1bfcf3813e29f35b5bc4ea736f3446f18fb0611ba7adcfd541b6caee8b2cdd7afba93081d0eccf1cce8827b68cc5822e4c78fccb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\5054

Filesize
17KB

MD5
57d7b020e2304ba7319d592a1d09d143

SHA1
7835c2d07258089fa017fc4ba574144c4098bd05

SHA256
41c1824900509b1e7edd00e380000328c6fc4912b049e9785468f2a021608036

SHA512
1345d4edb3c3dfe1219b7298946d06ada6d4a0ba17288e69e4ed71bd269d7c6b95e605fd495a33d694a98142133edce85ebee756454fc8e5a66fc35bd92c6525

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\7344

Filesize
17KB

MD5
ab73364b7ae5981b02a592a6f76a82f7

SHA1
8c8ed947326a16167f0f93acf856ad56edd733f7

SHA256
e6ed8541931688eadaa014a2ded8096a90146eebed3a55eab5381ef9b17e8360

SHA512
8f6b8d9c3280230f836506c71679c67f2cd67e1781ae8c625ded656c63cd9b70af066088fd2a172705545b73f2e3b7d64bf1ed75b3ed649af2ecb81d451964b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\9836

Filesize
17KB

MD5
e7a5875dbd46cdad0c536e4c99f0133e

SHA1
2ac4963d511a984d2a7296e064fa9ac92fab4211

SHA256
cc949aea633ce69259da80f3b7c7ee5cd1fbbab89dbffd89f7eb5dfd1080b13d

SHA512
d80c3756901201cdd1043a644854e66bf95822968c8ae6aa035236ebc7581a8bf11783fe86c50f9f1cc7e87f0d1088eaa81df1dbda04da31e9dffcfbfc6afca6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
fd63692e1ffd2867ab92fed3fcdbafd8

SHA1
ad6f76b23ea9350e9a0a1bd1a7d48b029469f691

SHA256
d968cbd0c99ade0b8f97cf7eb3008785ef018b298bf5a7b8f4c509513634e639

SHA512
1355193d54acb56c3e27352b2f3dcad1e1bf05af66aa7b0844f8782d7c3d51b735b7bb912e17f6d82e2503179b210ccaf0a1fa3ee81e710e9badbe76f1cee798

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\jumpListCache\fCaIk+S84OHflCnRXslBhw==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\key4.db

Filesize
288KB

MD5
96d88c216db3e6597b9e012614e29374

SHA1
3e2a2bfc11afad4d8e887e0b14433cae5992c452

SHA256
ba23daf23581644097321f4e233f58741d02dd867402591dfcef1516d81dc4a5

SHA512
e7a306f9a08c6e0a5cc0f9610d598fb8f4196de4882a8725bb065782b4c74e31d2ec4226106bd1c0d29624163c4d57603b1c740aaf5e47b6b88ea7fb5a56d07c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js

Filesize
7KB

MD5
9c94d998bb8802eae929a56be56c4ff0

SHA1
2aba3c6d50b792b681e866ccfd619ee2f3adbea2

SHA256
751522576e4f92072037c6783e5d4fab4079f25a5bc3e104fae5e93f7ee74938

SHA512
30906f3856bff21abe7c0e4525426a1b397d785e28e8938669043f3cafed10c501b40296d1fc2f9200a0438f2a9ac416bf22bbaff61d4d8deef1ca4931810b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js

Filesize
8KB

MD5
ba59395499453d9a1945e8ebcf850f5e

SHA1
cc46c7d229b6d480c18a839011151e68f2c26e5b

SHA256
321cf588a59447c1a84b9363bc6e2533b889208805fbf7b590dae48fd1b4e766

SHA512
2993a793f15298227346b4a4f363ef35c18932b2dd9c34b55afdf09aa33bb0ee4adf16042dbf8f813649be2890c5b2e1fb28ab04de369fbc7f065aaca10739ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js

Filesize
7KB

MD5
6685260aa9b9e386877059266f78ed5f

SHA1
dc9d53908e2fe30280eea499be03c4e54d4fbb8a

SHA256
eb1db0e8e8672a7b595da22ec03dec870007175a7cb22b527b6236e6d5065b11

SHA512
113a94d4bbce393a0ab4c9c8c2c77c5d0bd6e0ffb2759af93b3f512d6fac8775141bf040335297eebe0e59e8aabc73dd4e957d3e398191b2a8b58962a16bfff9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js

Filesize
6KB

MD5
b096a0cd684545f5f6eb4ef65ff937e7

SHA1
b02b8d62a34310f60869e3ce955241bece4c810a

SHA256
b8eabb228ac3d44e0cf2b10e1b6f2294b5d6cf215e1eba7176cd64b4fe15c736

SHA512
8250682aad9c3a42b0ff505ddd8f1acd0fa797d9e7c8cac47b1746ec7ac7fe97f9094abd9dc8ee6831ceb8b206d6a481b049665654c63de92a4cacf371c9ba9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2d44849f2c94d3d970a36f5ae1c9fe4b

SHA1
98def2841d880e43308e6cdd93ec530bac925449

SHA256
3631f60f53f17b95ea927fd9c927c049ef89a317322212aead069880807de882

SHA512
79ef6e9e1c1cdd8e5a145d63e8b5cb5b4f0866ef64b04624682e76e9d5b0b8c764cce3569f081c5cc388f22ff6082c52fee3d40e0d9515a08b6c51b0e376c9c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5567695c178582a2393304a176a2064b

SHA1
089aaf96e36cf71c40e5fcc5ea282bd00cfa983d

SHA256
de24d9fffdc6a9116a7880c39b7358b82fea57760ef9e2fa3a76688ad7ad8811

SHA512
5741e308305a644fbf0ae5cd4c99f3b96a0426ac9b838c6a87ad92adc6cb0664174e2f74aa0e6be22bd77617d72cdf0c40220a5fa1ce97eda3a84ed9065251d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
323e1f204ce28f918c0302d4c8feafea

SHA1
0e89e2858bf5335854301242c9ea1aa4aaa40cc0

SHA256
7b394ba92081392d494c7874e8ec5a69f5d098323c66ebbf844ffa5adf692f28

SHA512
c63161e8e7ede3db7e12bd6d7f3da4dcc7057028a278403eb83b04c43277ac6fc1709229d63c931be0f4aeaa36baa0feb4c54aa5f618d6a0d31e189751792832

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9da8d58ca979bba9ecd8b99ecc84cfd1

SHA1
32d9d9c5aebd22ecad245cd0bb767019959cedea

SHA256
06ae0f65659f076bd13a30fdeaabb533374dce2f5a447cba6a23da9fac0e20e6

SHA512
82bd5891b33ba3fea421d35a058444670a423f97e54b8fe3a1f7ccd768e250bb46ffad994de636cfb922b79dcc2861dccfe1390fe89b6b5fe17accad74f8a42d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4e54d08f8d2dc686fd807a4877491540

SHA1
6263fd0297d0b8ba5a1bd0c418e12f4bd652315b

SHA256
ba470239c4709a04b54091a91eb4053d2d96fc22ee79abf8153b9c77d00f8e1a

SHA512
0452e78748459fc16e4ddb751a432da2d45e9fed785dd34dc6c1abc1ebd61df24a73e583d699cebd3f1381ad3147a2bc0b5bbd3eeb3a10bb19058b8cd78d32b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
e3f64dc83f33b43e5e280a954630e6a9

SHA1
d234dd48aaba332a29b920b47a53609a8282994c

SHA256
12095cedfd965b4a3cb8efd13eaecbded8a32a4d6c9fe701d84db4f89c9b267a

SHA512
0d773dc3694e33df45b53e1db3c002684e170d98fbc57d57466c28b88a56f01958ec0c9f07f6fa205c86347d8a368ae3cf712701c02fd5405058c7f0b22ffbdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\default\https+++deepwoken.fandom.com\idb\3683324260srielfvreurs-.sqlite

Filesize
48KB

MD5
38a4b6658829d774a8e382c316f68744

SHA1
beb5aa7d835f777a42468547a214e8710c2b8833

SHA256
9c7a98141964be7a19af20d3b29a96eb8407d11eedefa15e7e55e4177c10ca0b

SHA512
20968f63fc296b46de544b8fea548dfbc8c20a979cdb9f497cc1cf219063a9bad282eb5f7b10c2b28489d342272eec1f0683a217f9df2bcfe16e2603e82ca790

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\default\https+++deepwoken.fandom.com\idb\3683324260srielfvreurs-.sqlite-wal

Filesize
16KB

MD5
9b08c0f9fca48a990bb193fccf1f3d85

SHA1
23233da466dadc49ca0c19a729754fa4589eb4e4

SHA256
701b67eb36bd03f242166f7008be9458cad0f10430c1afc453319bb10e6d8373

SHA512
02f62a71061bf4860dbe38f2dcf0a88b3cfa58b6d13474777236db1ae423c336f64fb186eaa84fa514d410d099da3dba7ad2e494633bb1bcb3a0aa8dd612c9e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\default\https+++www.fandom.com\idb\3683324260srielfvreurs-.sqlite-wal

Filesize
12KB

MD5
9fa20616cddd987d964fb0d4d38b2514

SHA1
0f5911f4a987dd327c7f2019ef81f42a8fc0a056

SHA256
cdeadef9a6c8338f90810931d2a8db4a872a49aab871aa0d709b0c5f489db966

SHA512
113022cb2a5abf4fafebd4fb33e99e575569a1ea49633733d2c161e9a22b66caafb892f8d80a60599dd4e171dbc2ae952ca090911ebd6dd10b03f85e16faaf04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
800KB

MD5
33d6cc3ffaaf6a8b9209f22e5c3f7150

SHA1
36a050c6126e894f87c8c0b52146498ed06ef358

SHA256
dcef3ff1a954b2f307b6d09e13d62de88ac317d56832a27ceb1aef168379ae41

SHA512
dbd14b4b5f00dad37f1365b3aad501fcbea98c31c7a6355a32450828b17a0dca344ae5615f1dbd795fea3d4f0708249c01ce8ab1eb97e02fe38aa6bb240638fb

Download Submit