stealc | 229632e545c7e955fd82b25afd2ca7209c5a0784822013dc1891f09263d0bfdd

Analysis

max time kernel
354s
max time network
317s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/06/2024, 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

snVG2I5B.html
Size

2KB
MD5

ddb243f06fbb723058b8cc22739d06b2
SHA1

a354d045d40dca1deed88ab88ca168e566be8938
SHA256

229632e545c7e955fd82b25afd2ca7209c5a0784822013dc1891f09263d0bfdd
SHA512

7a1e8204b22af54abe8e99b6b6cb4f464248942ff1e5f8b42a1db86118cc6edbe19acfc8a25d06fa083131db2894ae3af6ef845a05ccb8fbbbb116ca24ddf84b

Score

10^/10

stealc vidar stealer

Malware Config

Extracted

Family

vidar

https://aliszon.xyz

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes

user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Signatures

Detect Vidar Stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/2320-1173-0x0000000000400000-0x0000000000B4A000-memory.dmp	family_vidar_v7

Stealc
Stealc is an infostealer written in C++.
stealer stealc
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Executes dropped EXE 4 IoCs

pid	Process
3016	Setup.exe
2912	ImApp.exe
1504	ImApp.exe
2468	Setup.exe

Loads dropped DLL 38 IoCs

pid	Process
3016	Setup.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
2912	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2872	more.com
2320	Launcher32.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1504 set thread context of 2872	1504	ImApp.exe	63

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2168	2468	WerFault.exe	62

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\@!ⱾetUp_77519__#PaŜṨW0rd!$!$.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3016	Setup.exe
3016	Setup.exe
2912	ImApp.exe
1504	ImApp.exe
1504	ImApp.exe
1772	7zFM.exe
2872	more.com
2872	more.com

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1772	7zFM.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
1504	ImApp.exe
2872	more.com

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1872	firefox.exe
Token: SeDebugPrivilege	1872	firefox.exe
Token: 33	1924	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1924	AUDIODG.EXE
Token: 33	1924	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1924	AUDIODG.EXE
Token: SeDebugPrivilege	1872	firefox.exe
Token: SeRestorePrivilege	1772	7zFM.exe
Token: 35	1772	7zFM.exe
Token: SeSecurityPrivilege	1772	7zFM.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1772	7zFM.exe
1772	7zFM.exe
1772	7zFM.exe
1772	7zFM.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1872	firefox.exe
1872	firefox.exe
1872	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 2904 wrote to memory of 1660	2904	firefox.exe	28
PID 1660 wrote to memory of 2632	1660	firefox.exe	29
PID 1660 wrote to memory of 2632	1660	firefox.exe	29
PID 1660 wrote to memory of 2632	1660	firefox.exe	29
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 2736	1660	firefox.exe	30
PID 1660 wrote to memory of 1528	1660	firefox.exe	31
PID 1660 wrote to memory of 1528	1660	firefox.exe	31
PID 1660 wrote to memory of 1528	1660	firefox.exe	31
PID 1660 wrote to memory of 1528	1660	firefox.exe	31
PID 1660 wrote to memory of 1528	1660	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\snVG2I5B.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\snVG2I5B.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.0.1854195860\1616545905" -parentBuildID 20221007134813 -prefsHandle 1204 -prefMapHandle 1152 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f18b20ad-2385-4e62-a7cf-5661588304e5} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1280 10ad2458 gpu
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.1.1249665238\543455644" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81d7cb23-3ea6-40dd-aea9-a56e87478da0} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1480 e72958 socket
    3⤵
    - Checks processor information in registry
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.2.1271973775\873240153" -childID 1 -isForBrowser -prefsHandle 2020 -prefMapHandle 2016 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c49ac37-0160-4bf4-b3f5-15a6263b6472} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2032 19ea3158 tab
    3⤵
    PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.3.1211564217\1751474789" -childID 2 -isForBrowser -prefsHandle 2520 -prefMapHandle 2516 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02066baa-dc84-4954-9be7-0a61940835bd} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2532 17c7e558 tab
    3⤵
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.4.15277314\656929674" -childID 3 -isForBrowser -prefsHandle 3596 -prefMapHandle 3648 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbe9fb54-f463-4da8-b71d-be427c1bebc8} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3660 1d4bdc58 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.5.1357409048\103225644" -childID 4 -isForBrowser -prefsHandle 3760 -prefMapHandle 3764 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2747b30a-ab31-4866-a39a-a65468a75d52} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3752 1ec04158 tab
    3⤵
    PID:2148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.6.1277240202\169057475" -childID 5 -isForBrowser -prefsHandle 3924 -prefMapHandle 3928 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 888 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c52839-2413-4957-bfaf-0eed3c8f578f} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3916 1ec03b58 tab
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:1628
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Checks processor information in registry
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.0.868201755\339750270" -parentBuildID 20221007134813 -prefsHandle 1108 -prefMapHandle 1100 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cc5684d-6a91-41c6-80da-96030b9df22b} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 1172 e8f2b58 gpu
        5⤵
        
        PID:2656
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.1.96060483\868550973" -parentBuildID 20221007134813 -prefsHandle 1328 -prefMapHandle 1324 -prefsLen 17601 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa9f43fc-44bf-45a4-9d42-b2de3a49ce22} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 1340 11673b58 socket
        5⤵
        Checks processor information in registry
        
        PID:2228
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.2.1461886219\1654257845" -childID 1 -isForBrowser -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23700 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd77ba2-5379-414b-8421-cb72816ca3dd} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2400 1b0a2f58 tab
        5⤵
        
        PID:2836
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.3.2095396691\1688192789" -childID 2 -isForBrowser -prefsHandle 2544 -prefMapHandle 2588 -prefsLen 23807 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb91cdf8-4801-46bd-8291-4cc03805c6da} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2388 1cdad358 tab
        5⤵
        
        PID:2752
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.4.1555155053\1807139546" -childID 3 -isForBrowser -prefsHandle 2864 -prefMapHandle 2860 -prefsLen 24889 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7fdf5b2-50cf-4466-97a1-5f504e7f1ec5} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2876 1d0d4a58 tab
        5⤵
        
        PID:1852
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.5.1590510292\210316600" -parentBuildID 20221007134813 -prefsHandle 3016 -prefMapHandle 2848 -prefsLen 25822 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ad6ee1-e72a-4770-a7cf-794c484093d4} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2864 1f6f3358 rdd
        5⤵
        
        PID:1376
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.6.697095126\814449394" -childID 4 -isForBrowser -prefsHandle 3704 -prefMapHandle 3656 -prefsLen 32055 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8413c687-3ab2-4296-9db9-edcf98526cd8} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3360 15550058 tab
        5⤵
        
        PID:1316
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.7.2041162495\1719708996" -childID 5 -isForBrowser -prefsHandle 3848 -prefMapHandle 3852 -prefsLen 32055 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {561c3c7b-a6d2-490a-b189-98d0e3139aa7} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3836 1b143358 tab
        5⤵
        
        PID:2320
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.8.280978916\1909653915" -childID 6 -isForBrowser -prefsHandle 3908 -prefMapHandle 3912 -prefsLen 31979 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81f97ad7-6f75-4c90-954a-1d4df3aad9c4} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3884 1f45ef58 tab
        5⤵
        
        PID:2060
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.9.1241726366\198935213" -childID 7 -isForBrowser -prefsHandle 4272 -prefMapHandle 3560 -prefsLen 32014 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cb326a7-6be6-4199-82a8-2120dd661bb0} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 4292 e2ea58 tab
        5⤵
        
        PID:960
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.10.375598233\1125041480" -childID 8 -isForBrowser -prefsHandle 3328 -prefMapHandle 3340 -prefsLen 33474 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbbc9be7-f95c-4e7e-b468-4fce5774c4e8} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 2496 15829b58 tab
        5⤵
        
        PID:1264
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.11.2145900427\1214774618" -childID 9 -isForBrowser -prefsHandle 3796 -prefMapHandle 1808 -prefsLen 33474 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcb2c39f-48dd-434f-b75d-c05e61894f52} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3812 20c69558 tab
        5⤵
        
        PID:1624
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.12.614516163\872396591" -childID 10 -isForBrowser -prefsHandle 3868 -prefMapHandle 3864 -prefsLen 33474 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afbda8fa-d481-486c-91b9-3f1f2f898b91} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 3672 15f9fb58 tab
        5⤵
        
        PID:1532
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1872.13.1638022301\234955072" -childID 11 -isForBrowser -prefsHandle 4024 -prefMapHandle 4012 -prefsLen 33474 -prefMapSize 230321 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b3ff171-c9b2-4adf-aa68-e7f651365d8a} 1872 "\\.\pipe\gecko-crash-server-pipe.1872" 4544 1fdfc758 tab
        5⤵
        
        PID:2428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1924

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@!ⱾetUp_77519__#PaŜṨW0rd!$!$.zip\files___here\!@SetUp__#Kß+ÖyPaß¦¿$!!$--77519.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1772
- C:\Users\Admin\AppData\Local\Temp\7zOCE60E1FA\Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOCE60E1FA\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImApp.exe
    C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImApp.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2912
  - - C:\Users\Admin\AppData\Roaming\Hq_Control\ImApp.exe
      C:\Users\Admin\AppData\Roaming\Hq_Control\ImApp.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      PID:1504
    - - C:\Users\Admin\AppData\Roaming\Hq_Control\GJIFGTXBXUETOQ\Setup.exe
        
        C:\Users\Admin\AppData\Roaming\Hq_Control\GJIFGTXBXUETOQ\Setup.exe
        5⤵
        Executes dropped EXE
        
        PID:2468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 324
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2168
    - - C:\Windows\SysWOW64\more.com
        
        C:\Windows\SysWOW64\more.com
        5⤵
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: MapViewOfSection
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Launcher32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Launcher32.exe
        6⤵
        Loads dropped DLL
        
        PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
32afb190b66808f700730e6157e5b85b

SHA1
6dcf3da061f3160d8ae5646dab19942fa4b486fb

SHA256
ac239fbb578f685d08df34dd2ea2763143a577bbfc9d7513d7c027f0bc23299c

SHA512
f57ee094a9eb2fab74d9fb3ded72c622016ffcf450610b1f4f4a381adf89edc1ce74dbe03e6d3f7e902a57c5241729b3c875757b4cc955c68940d54bee4f3dd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\cache2\doomed\27893

Filesize
9KB

MD5
d8fae59fc886f5dcd1c2ae5f018c01ea

SHA1
15af50796cc91212a35f5009626742fe3ba9d456

SHA256
411e624d1b8a72eebbcd71a0a780e1cfc701216390020ada176320dc2e8251bf

SHA512
5de5c420d4370859e555810722c2bbfbe8a02c8be0eda5f82e40e2d521c68085cc23ca41cca365fc888fc6c9f20a0d6a72da35bb8c02c09504c3722f685999b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
7755f70159ff1b6a410877e46f5d1233

SHA1
410a4e903a2130cab2e9176bedebc0f06c721241

SHA256
a4120d203908c76b53ed1f149b3ccda0dd43df82ab747ff1ec48ebbeb49f64a2

SHA512
f035106a7f3722a9dead699d24c74511dc6b9b0322adda7d1faefd9f4acd40b351a4723e7f014b89c8a3239cc4acdbcdc05c271e1ec88e4dd7a366fbe6e38dd3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
2809812308149bfd481732361f213b72

SHA1
a3d9c8a130c0575bc8c6b3faff5823802df8770b

SHA256
c4b720c27679d3c9d67c440435140d894cfc0f36d4deed5460961edd2c71e584

SHA512
30a6bdbfbd9166c1e6d0236a7a6ac142e873d092a2e284e055af1387bf6906f9883f34f10ec744742ccb057159b025e8126ec180b3d6ee48f40726fef767c89c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
bb33348c488e58f51a6c51707ff09d04

SHA1
3000d095572c000d090bc544510864c15e144ca0

SHA256
550d9ce07290a3f5ccefe57d09cd589f069c9061323240467234cfd5b5ecb94b

SHA512
58b504719bd177041bcab4fbe168c045e12904cafe9a36061f90a55e8ff7c821afff2f7f421cc8a1825b8dc86b6832e4d1252372c8c64b7603abdd6247d03fba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
b300241bb918653df3849bbea0d7c880

SHA1
e41e0f49deed0a259176fd517c9e454e3b988004

SHA256
639480a2509eb4fdf7ff9e1d02c13e093ab23bb90dfc1f905e2c03269113c39a

SHA512
7229a969c72d4a7f9e0cac384cbf06fc5ac533290dcc8394734f9469fba2f56df5d00c4e059125025517126df2cdd17a35518777786cbb453862b5e2904dbd7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
5e1c6ef69b3ac2ef144241fb2afbe2ef

SHA1
a6b034bd42ed52fc2f85923aa39fc4b2d01115f3

SHA256
513bac49814ddf027324b1b0b8182b20a47df7974f855d9213459b363ee14461

SHA512
245ebb8d7fe335cfc5148f2f13761151f81d8c5c7800b7e9858021890f318b899b6ad4d0cc1a3871b037ced249fa450189ae45673bebb682004ad440dd6de15e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xkoyglns.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
8e262bb7c19ff485dda0fd489978eff1

SHA1
f325c45026c10bb6a13c7cbf539bd13be744848d

SHA256
5bfe8e4b73bca4c1b7ffd098f7535c962437cd39f8a1576dd74b7660e76d8ae5

SHA512
7adaca2eadeeb57e686198a1454a97bb8c77bc95257d51676ac370c8f2f504e022d31cbe1470719be638369e2b2f642b1b61740032250c3c3f6d98256d043dd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImABU.dll

Filesize
310KB

MD5
2102382908725f195ce2c3703caa0c5f

SHA1
1b2817c66c9e98e3286498382a7136f1232fc67a

SHA256
c56d37f20069e48eade31236b4d3aa5afda2621bd77760e85964f1e6834be9a6

SHA512
80986592a58856b2e741c88f3d0d89512fa05fe77d2a2ddd2c411593875568e842eba2e8ae2ccf1de52bdf21b6a7227156bf69e40ae1fd20c5d592a8c814974f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImDbU.dll

Filesize
86KB

MD5
8ae8bb143301934a023bc5c9bb160b56

SHA1
228c965619b188cc3c68563bd33691158699416c

SHA256
db890bb2555e0bf3f82b38dc12ecd581348e40e53f9a51dd512149075c7df0a4

SHA512
827729a19f68c732f9ab9e4de90dd5c8cdce9993487c9016ac646c3c4ab966431c51b999e45571efc0ad0380e5d280aa32bcf8b07a73cc52e70a11935ae5356b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImLookExU.dll

Filesize
262KB

MD5
6527be4d6a3333dc5a49218c4f80530d

SHA1
97c8965b01d2644fb17a0f818af59bc0471e38a7

SHA256
908ab22cb8fa1b9125cf5746e5591fd84e4853326a812b9431ca1c0b9e997e1f

SHA512
69a57cc28583861b97a02968106f007d56c2b5826fc5aa843978f0bf3a3f155ad9f2b7dfbe8260e38c2a7b1ed759f6f6fadbeef32cec9d7c4ab8f541f645dc5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImLookU.dll

Filesize
606KB

MD5
3ea6d805a18715f7368363dea3cd3f4c

SHA1
30ffafc1dd447172fa91404f07038d759c412464

SHA256
a6766c524497144d585efa4fe384b516b563203427003508f7c8f6bffa7c928d

SHA512
a102f23741de4ca2184485d9aa4ddd1a36b9ea52cb0859cfd264d69a9996293b7e29b325625f1f6f9330d6c80ff415e09e85e1ae838c58acef585ae8dffe3070

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImNtUtilU.dll

Filesize
94KB

MD5
bb326fe795e2c1c19cd79f320e169fd3

SHA1
1c1f2b8d98f01870455712e6eba26d77753adcac

SHA256
a8e1b0e676dce9556037d29fd96521ec814858404ba4cfdd0db0edbe22c87bc7

SHA512
a1ec894151baa14e4ac1ee9471e8606bf74edd39f7833d9a1a44eee74d403f6b52780c135e9718ff9564fa27d7128c22b8410b21f77e6d804f698cfb4eda65a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImUtilsU.dll

Filesize
1.4MB

MD5
a7eaba8bc12b2b7ec2a41a4d9e45008a

SHA1
6a96a18bb4f1cd6196517713ed634f37f6b0362b

SHA256
914b1e53451b8be2c362d62514f28bdef46a133535d959b13f3f4bf3bc63df3a

SHA512
0ae7fbdb2677d92c62337aa17b60a4887240a4a426ba638c7633587f4582adbcda2bde5ec824aab1a3f69acf2b391118763842acfab856d3d9764850961a2ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\ImWrappU.dll

Filesize
158KB

MD5
cbf4827a5920a5f02c50f78ed46d0319

SHA1
b035770e9d9283c61f8f8bbc041e3add0197de7b

SHA256
7187903a9e4078f4d31f4b709a59d24eb6b417ea289f4f28eabce1ea2e713dce

SHA512
d1a285fb630f55df700a74e5222546656de7d2da7e1419e2936078340767d0bab343b603ba0d07140c790eb5d79a8a34b7818b90316ea06cb9f53cad86b6d3f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\MFC80U.DLL

Filesize
1.0MB

MD5
ccc2e312486ae6b80970211da472268b

SHA1
025b52ff11627760f7006510e9a521b554230fee

SHA256
18be5d3c656236b7e3cd6d619d62496fe3e7f66bf2859e460f8ac3d1a6bdaa9a

SHA512
d6892abb1a85b9cf0fc6abe1c3aca6c46fc47541dffc2b75f311e8d2c9c1d367f265599456bd77be0e2b6d20c6c22ff5f0c46e7d9ba22c847ad1cbedc8ca3eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\Microsoft.VC80.CRT.manifest

Filesize
1KB

MD5
541423a06efdcd4e4554c719061f82cf

SHA1
2e12c6df7352c3ed3c61a45baf68eace1cc9546e

SHA256
17ad1a64ba1c382abf89341b40950f9b31f95015c6b0d3e25925bfebc1b53eb5

SHA512
11cf735dcddba72babb9de8f59e0c180a9fec8268cbfca09d17d8535f1b92c17bf32acda86499e420cbe7763a96d6067feb67fa1ed745067ab326fd5b84188c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\Microsoft.VC80.MFC.manifest

Filesize
2KB

MD5
97b859f11538bbe20f17dfb9c0979a1c

SHA1
2593ad721d7be3821fd0b40611a467db97be8547

SHA256
4ed3ba814de7fd08b4e4c6143d144e603536c343602e1071803b86e58391be36

SHA512
905c7879df47559ad271dc052ef8ae38555eac49e8ac516bc011624bf9a622eb10ee5c6a06fbd3e5c0fa956a0d38f03f6808c1c58ee57813818fe8b8319a3541

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\SftTree_IX86_U_60.DLL

Filesize
570KB

MD5
92b7e397f5b367371aa4d328584e0352

SHA1
8a4e452b5879569728cd39b42c49b8820b7199ba

SHA256
9f7b9b366a675b5647f8878586f1883791969cacf51117a63294f24135cc64c3

SHA512
9681eadf34d078139739e910a3e83436dd2210cc7a2e606311ebc36bb1f9a49d7b72f681c84d46cece15bc3ad53cd538ce5d86f3b6e2e0db8016548c62893fb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\finial.csv

Filesize
6.2MB

MD5
77dcd407766af4a876a5313f5047e761

SHA1
8f804904295205d48794b487dc9e6b3f6d783996

SHA256
e2e93730f634ccc62cd9f7225292d7673f8f4356ffaac13add176e8afb23bbe7

SHA512
b3ebb318fb9f5b1cad9c9dbbe12ca7d185d9f92b98803d5351e78369c934383570715fa4a14bc449032f4014547b3a0fa347efad4159091a6fcfd37d7605240d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\msvcp80.dll

Filesize
536KB

MD5
4c8a880eabc0b4d462cc4b2472116ea1

SHA1
d0a27f553c0fe0e507c7df079485b601d5b592e6

SHA256
2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

SHA512
6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\msvcr80.dll

Filesize
612KB

MD5
e4fece18310e23b1d8fee993e35e7a6f

SHA1
9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

SHA256
02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

SHA512
2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\slub.yml

Filesize
15KB

MD5
02d1879520f22f292a251335a2274035

SHA1
ac7043e5855195f4e311db9e06c708d0abb46898

SHA256
4628be205894281f1b65a1e5af6c19af2f85455ff90c04f72b8ea7af12c0e574

SHA512
02776ea36a4dfd6a3ae16b424ff04a340160b85d45d0c831f9de942bae8efa2994aae3741b0431a380ec267cd77ad5ada6a0aacb5fa8329ba36e27bc973f8ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\sqlite3.dll

Filesize
465KB

MD5
b7fb7eb3cb04e0a086a8d945ff45615e

SHA1
cefaba225deae05b56451f18f11581631147a081

SHA256
8567b0e23fd4178270ca674810755c9dfdae1f4028e01c0c74a4eeb7774a1688

SHA512
54238bb4d3ffb3135703627e53f59bcec25f1d4f73412bb30283c65ba627c42e279be2c3299497b191fe4dec1d1b0d4e4998091a645337c75aa13f1d5f46eee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hq_Control\wlessfp1.dll

Filesize
70KB

MD5
5120c44f241a12a3d5a3e87856477c13

SHA1
cd8a6ef728c48e17d570c8dc582ec49e17104f6d

SHA256
fbd4b6011d3d1c2af22827ca548ba19669eef31173d496e75f064ef7a884431c

SHA512
67c0e718368e950d42f007d6a21c6f903b084d6514f777b86aab3111ffe3be995949674276081c0281139a0b39119b84630a0ac341d4ae78677ac8346f371ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec9e248b

Filesize
12.6MB

MD5
abaf4621f56e531ce792025804797754

SHA1
964715d4503428a1045618d938aa27351049c850

SHA256
9f0a8dae44dad43a5db2204bb7490a570c8fb5c1000d0e0ddf3e12afe0134fb1

SHA512
0114946a9aeb9b42b3c26bc7d8e5e9e46adebe38a949f77d67b0b836ae0226483bfc2e061496a5bb757421ca297290f33e914eb47302536b23b02099a5b12fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\containers.json

Filesize
939B

MD5
94a3843fad8c45c48b0e07342df3dfdc

SHA1
d55b650208bda884d573afebd90830a3f4d7c201

SHA256
854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72

SHA512
4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\cookies.sqlite

Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
820bd5fb10a83f6c3ff60d171df90bc0

SHA1
7ad83abf2635ba23f6b65226094e1056cdd9d502

SHA256
3e4ec3f327dec6104f201ef5d1d651bfce9ffc18acc3add57703460397472272

SHA512
bcb1c0db8f41b949fe4331d7f9e11f25ee466bc84d1da2f3331f3e7c65f3591bec4da9c4f17476ccb1616118a0f8856b40680c15798f01bcac9501793a9fd1f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\datareporting\glean\pending_pings\5aaa713e-0dcc-4e48-b18c-068fbd80275d

Filesize
655B

MD5
f0de792c955e4fd13d0e60230458051b

SHA1
5e329fd1917be9ac86fe1c107441fd33704e1cc0

SHA256
b98adb9fe673a8e5df5cc850567f44b4d574a3245272a13dae58557a7848930f

SHA512
556a3a480830c0da6554447ff4a809dedf33226455115dde7090b941341aabcd74260342f9190c494654884dd215beecba855843df914825f4254781f4b2bbbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\datareporting\glean\pending_pings\e0e1c4e1-fec2-4489-82b9-4a77391e9aa5

Filesize
586B

MD5
03e08c1296b735d77f80a0b21955c391

SHA1
89f7bf13ac1fbff5bf07645f36739f2f0dc72300

SHA256
738266c091632c39b28153ba9f8806adf8e10e7b88894be482a3f712015a254e

SHA512
44454fdfcef7fa9c7b163b9149ad312dee50c2daaa57849c939911ce683c6c826db3a645b0043e9ebef1c3418544b5cbf2ee407217677c0dd6856b4ae1d9425c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\extensions.json.tmp

Filesize
41KB

MD5
61c47a5875cffad20daa9965c1acd788

SHA1
a0c1edf21f464ce318b342beb44953c3e993b7a3

SHA256
21b05dac4df6e7fedbc015caef6a24195a245c68cc93017f07b18ca625e5f4a3

SHA512
88ec561058a6f28f3b73f05d2e4377950bceedd7f592e2a31939c506225466b5dea242b9c7ba0d1e6b9713c3bad6cc538b8fe9097eccfa13caf09359455f3021

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\favicons.sqlite

Filesize
5.0MB

MD5
1f9f6d3360087c77127a4b1a90ecbb94

SHA1
278f479723d382fc69441bb35be9bb63f868cfa8

SHA256
68dc6f83a58553ed318ecad7f18371b79b8fb6043cfe84692c52a67fe458bb89

SHA512
b041bdddd245755d69858c111d202b5736fa0ee0e117cd99c491071466f9b1de3e3c80938461d4c49d30d137eb8cdd6687bc13887844b0c07482a7411b80befd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\handlers.json

Filesize
410B

MD5
e7a65c5ead519a7b802f991353c26d3d

SHA1
34cc3c1cf9bd4912dba5fa422010934e46419fa3

SHA256
0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

SHA512
2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\key4.db

Filesize
288KB

MD5
c6d0776e3fbf74857f04c2b86ac605fa

SHA1
d065f1de81cd3b186dd37602b4d8a5d37d04e8a8

SHA256
45fdff55d94a1ee1596f8014f50ae16b96d3a854271d9052cf884a36730423b9

SHA512
d51212d29a81e2ee5e29c8d93acb04843c70109fb1dc34d4a62215d0252cbf83e69b088612c2d468c65adb8c47dc94024cc10ad48af7844c3160fe34cd929643

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\places.sqlite

Filesize
5.0MB

MD5
a87bb0d74319f5d8cdd19398c9462995

SHA1
45532c9a1ac728dbfbd17b7e8b74a593d5e3859e

SHA256
82f44d1adea6136957645d5187f52a461d4f0a264b05537b333e6c77a93c3fac

SHA512
bcc72745e59fad44f0cfd86cf6d5db8fda7c48c637ae0545dd18da6dcac3ad83e1d898353c2ea4fbce501ed729abae9bd89d8789bc08aba78d73605ef863b036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs-1.js

Filesize
6KB

MD5
fdafeceb1a7f686f15cc18befb99c45c

SHA1
e6deb1d9daee2d698ef9f57d6df268070d1210d8

SHA256
0aa807b6086fef9ccf66d5d3f50e17bfc17e532ae26665bffb598fdc1e8b1ac6

SHA512
5470082e9903797a5f04dad8a8825d3b1e366f61bd86cd18840eaed048fbd7ccdd725f7b159d185c55a451b403580415a13818e323bb151148e6abe868d4060b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs-1.js

Filesize
6KB

MD5
f67337f7ffb4595418e3f3e5f79acdfb

SHA1
594e281afdf5b97d0334a9ecbb4d2786e25cc6d7

SHA256
4ce9f04ad04610004fb081f7d1e64755ea4423c642ec04f63d4e987dcd5fd070

SHA512
ec1b017aed230fbe8ab391ae0068da03dcd96e4f1d28a845627676012486a0817ce6a29f704210f39359e97429973f9b25b6ce9c49b747ef0a9919e741124467

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs-1.js

Filesize
7KB

MD5
3d46fb9da6d34485de9d166d51f32d6f

SHA1
99cb6a0460a815ed563899f80abd2317686c9962

SHA256
7424b88675d9dba262f42ecd76b9ad93eef3887dd975f984bc63abaf016835e7

SHA512
384a27e0a59b3126930a1dec69ee75698aa5200dc9e77cd8d5d8ce202c34b9c6b02e8953917ca1b2bf4feaaa44e6c8eec37ba0cb8030dfd3b8e29c0672f1a361

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs-1.js

Filesize
7KB

MD5
e4b5ff5dbc32099ddf342b1212e49a16

SHA1
e1077ff444da7e2f8bf61822196d2eaa83592c98

SHA256
7479c4171142eca6c53c7a5b1f28bad8bcfb8c11f30ddef96851e5e44abd5673

SHA512
d56b85b50f927f1394a5c4c83b91ad5846c5723bfcb90641df891e027176fcad6571187568e758f7a31abd48e1f771d9152f65104acc270777d86e8abc092aa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs.js

Filesize
4KB

MD5
8c29c37d86e5deea507617b69fd28730

SHA1
09c8a2017ec0dd238479a881ed7df36a7f41446d

SHA256
0518b6849bbb6206a839115c636a2ccdceadd85222b99feddc0d6a46e9b03921

SHA512
021dceae23b951698b5888f0af94b2f7d618dfe3ad4c48cefd368766e4f9b85b5ce2c98a98b2e6bf5f0cb8adc27c2b9943ea22456504fd27c6e6abd75fb6df31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs.js

Filesize
4KB

MD5
9a9c597eccab000412dc8991251f4c12

SHA1
b0383d97c5abe71a21a5f8dd1cc81a3b910eb7b0

SHA256
76afca43a7ce7ae58dfa06803cd9a6534f998f74dc3f93d8b7daffb95413ffa4

SHA512
9532a5dd3b078f3fa158e1bca1dc15cc9b5ab9188737902419de8692e4a80a717bc1f4c1fe5cda60596d9e2b98b0ed15ae7e44a3a516297834b9fb1eea3bfc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\prefs.js

Filesize
3KB

MD5
8726736ac53cb8bda39bfdd390f17295

SHA1
8a5eed74d61c48416ad7b812937dd42d07ae81d1

SHA256
17781750b1dfb06a871adf9ed94a923089c9c1f9a3f604c59ac68cdf994fd81f

SHA512
54541eff4aa9784862d95849a147946f679f8e3dfcef69851747615ba3728165f723e94e9b2fdcf0b30b197768cee6492bd9c6eb9aac70add43b465a9e7c5472

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\search.json.mozlz4

Filesize
280B

MD5
41d220d4783f67d2b57beec20c135229

SHA1
6e97765e77920b6010fac2cb4abf1e3cea106541

SHA256
5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc

SHA512
dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionCheckpoints.json.tmp

Filesize
228B

MD5
fae3defb81fb2eab079db50e3b2403cc

SHA1
1af054b516b3fdd85478843f55fa84a25714c270

SHA256
c3c5834927d59842d05584b648883d11c143e6f07110994c6c5b1bbea2027241

SHA512
6d281d27aabf0949b91fc56b710bb99e773cd487ffbe57cddfecd675290f2ffb1cee73b986d5bb8a3246cb3ccc20b63f61ac43de278435473af0f2408fa12b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
21e365cd1f30902c074cbd8c433c59c0

SHA1
51fae6b64dd6706e555d9105d08072c802add529

SHA256
1eb71373eeeac42b119b6fa31799a8c6969bcc29979e9757194d2a8a1b2d0335

SHA512
7769b8773d8624d8126aa2189ae3fae82342ef875d24e61b4df5743ec6d4ae740c3aaa9167bec03279d6da6718906bdc6079afb22b1d688a8235efdc5eae0dad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6a8f73678e588850b54ba87ac5b26ed8

SHA1
0600dd8d3a6ce97872a1043b9ce85a243f2d9f31

SHA256
72f3e0a3bd9cd63cd6f2c2c26bc7024d9121e4f136842ef61e9fb3aae6a78457

SHA512
1a43ac0044df631731aee7c994611e4e93f6ca4228e1fedebb87cfb2dc9d3681f18c5b4695aa6bfbdbeab9c89751f80517a98dd9133c68373b64929ef02643ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c20ced6d7e0109ba239043a5868fc5bd

SHA1
db8acff1bda4d52d51c96c43190d5a7f08b4d9b3

SHA256
2295cd3683fd1b1ba31460137d20b1b8701703c552eba2c36ce65676dfda2413

SHA512
6e037c70d3c7816a7c131c192d45fd74bf918d85ff8306857d3beb402905e766316420816eefe56ad19016b9fa497147652e943d2f1c24bd346b5775aae8e200

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c5013efe3926e7a704046b9999dd3349

SHA1
8e8895b9d53f9792436fff51fe2eb8ea957082f4

SHA256
cc919e6f01718b713251181c6831c87149be3119e5fe175cf9247cab67807396

SHA512
33173ccf06f2cd8928460032151d906ce8a3790a140d225a75409df996bf16936f8860f0bbc0a940dfe693b4b2efea9c454c7741e8242a92d0ab2e5ef6368647

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a631313871de081957d32e0414e467f1

SHA1
65331747bba9bd06221bf14419aebe14498edb0f

SHA256
71598bc2dc5273ca0a456e32363da2f34c77284fce0239d9adcec887c4354a40

SHA512
0693a63ab7ff67c50fcf16df9fb97e64582b2dfc90d65b68429a0a240be1ad0e1f92fe289f2c5de66f12d395a1fc36653748b54d67230ca1968790976a986b47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore.jsonlz4

Filesize
6KB

MD5
3408521d55a706faba2f785e28b85011

SHA1
dcb7864057db69f23bf7514583a30996cbf00b2d

SHA256
163f03307b5cce36d9a6fcd0d9e1505111616a482ff98d8ad6a2f6be11f3c05c

SHA512
710b02abb95cfc4ec6f0da0004c6989c73c1b27572979e67a3d5c1d36d31260a1f6871481bf7532778fd47c661e80bee78e95e682c86a81cb566d0976375f07a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\sessionstore.jsonlz4

Filesize
316B

MD5
e95e48a499560439b03fe47026222dbc

SHA1
21c4248c93079131ad3c5af1fc8f9a7dbb12f2f8

SHA256
71e115a030e214bf573c7c26e76a901c710ac3a075c6052ceea82fe7abd4fc26

SHA512
b298fb5f84631df7d2d7e87e3b417b427f93d767e4659d15f8c669391694c4649d285b3d12eb9670c633a8831964d3c10d30a3c14733a0c56b1ccad88cfa208f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\shield-preference-experiments.json

Filesize
18B

MD5
285cdefb3f582c224291f7a2530f3c4e

SHA1
f816c3e87aa007b6e6d31eb6a4618695a7d83439

SHA256
704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05

SHA512
8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5o3zrmua.default-release-1719511620435\storage\default\https+++mega.nz\cache\morgue\189\{e184865b-5e57-45cf-9204-3fc9884f0abd}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\AlternateServices.txt

Filesize
163B

MD5
087910ff7ddf66557b38ef26d7ef29a0

SHA1
49ef2da36825f559ab4545dec1b854dd0b515d1b

SHA256
eff6b0248878db2cbd2c6d55c4c23c9321c365a8b83166ccaa7c6db0d42c928a

SHA512
b949acf93b30b691a2a4be630c7067f2d5ff6058576de23835f9899cc15ea32bbf5727770d89b5983777b0eb6ada4483a23bd41e7d3e345802b02090c0dfef6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\SiteSecurityServiceState.txt

Filesize
324B

MD5
2d521b0a672fcff0adddf51e413c37a9

SHA1
b5ec19667fa607aa54f7a9af1bfdc2ceb92436fb

SHA256
fb09d6ee09ebbec63896f245eef5d1ec9f357b4e822652715ac4c39df49be98a

SHA512
de83ea25ca8ae82107e904804495278ad75c07f4837e33803a9eb34ad2bc36f6db3c96722805ecc9d9b4d2eff8afb0879b58c7e5f117edcc1e00fe75fd0e1479

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\cert9.db

Filesize
224KB

MD5
f088ad98871971334002be62094c43e7

SHA1
c737e1db8c1860f0020e9112dc7b81be196377ba

SHA256
289cacb51d37bc30d43bad7655ecd6bfac1d14597806302a9d8c0dc4720ebc32

SHA512
b2a9d16b6bab1c623c56cc47f69ee0f6df128bf05a221a740f6ba2a9469d25a2809d36f67506b38b33c3b278bb81012200ff65c7d25702ec54e4b7fb947525b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin

Filesize
4KB

MD5
b122ff8a0e846ce2da3df9d7dcdd6d36

SHA1
cf529270f481602cd7ccbc698734cf12c1370813

SHA256
07fe0bfdd6923f9ab3319c8a1483f689a0dba14695c95dfcb802f93c469ff0fb

SHA512
9eb695f044bdf153586ff581147026e80ef1ca49bb7297d81c0e834ea877facad6d6ab7bb69774c1554ca1b3eab0cfc5369fd69e01c684a9f70fa6b099067a03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
108e676593070dea4ddd144686096e79

SHA1
9b496dda842cb9d5f0266257c4b74daccf5e422d

SHA256
be4f179ba2dfc96cd37b655c9328a374478ec4b75d9d7a67a7ce02b6e111c5e5

SHA512
790a41e64c1110d05bab59015361dd9dff3652d038ec1aaf822f22878c48687a802bb1bc5a2d794c19e19a478e51bec21e6f81638e9ea1b3626916911207ae66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\bf572708-da28-4819-8c2d-b9e2f08ee712

Filesize
745B

MD5
a5d2bbeb7443454d97a9694aa3db1c3e

SHA1
38d8204e59c4da8ab089c9b2c703e53713f2f4a9

SHA256
d9606429996b37d9e2e706a3a831656c336721057532542c4c32ef51eaeaebd0

SHA512
7899f0496033f66b2a08ef1fac314cf53c4b52429ce98b63fcc07bf356f4b8cda93d321d895406fa4e2f96fc860d652b15a1cffa51aa21b3d8fb508323bba226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\datareporting\glean\pending_pings\ca6bc866-fa40-40a0-bdcf-6367c8c70fc1

Filesize
11KB

MD5
738b253a5bfd37b9e7f0448e002f0b44

SHA1
59cf6aba3201dca210c04236acd94486d0d482dd

SHA256
ce6c0ea01b0f6ab0257d8ecfcd3acebb9c20b12aed6ad10e5714ef7611131e2f

SHA512
0d7b2ef0a697c2cc7ab77735e024f321279ef65b0f6840aa1d13890e79d712ef4611fc4481a56471f21569cfa3b7e781cb0ae312406b322baffd41db6b33d904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\places.sqlite

Filesize
5.0MB

MD5
5f005fb98463d21fa2cc1db830b95243

SHA1
5c32012772743aec7b4b53e73d186b1c2bb7f380

SHA256
8215396974093aeb49630c3bc0ee0e2bfe3e20e17bfb26a7cd2d903514a41b70

SHA512
9b9cac3021e543a728d1382f9eaed37d1bf449c5a669e42cc7dfcdfdcd01b665677571b21ae590449dcfd0eecdac216fac100b3d4c74bea32f643deb6af4a8ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs-1.js

Filesize
6KB

MD5
241de6592f19c7fb2a8aca7141e01521

SHA1
d848c5e57c69b4c4c522b7ca9914137b91ca5a64

SHA256
ad6f9f62eef50159edb415c434ed0b414e03d2904751a5304084baf93abeadf0

SHA512
fcd765711bee82d295caee72b6d375957c740843ff2e87a2dd8a5ea5be41e3d5c2baa3422d1bb972638005518cca90f3e842a7a280f3fbb8776f94e6403c212d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\prefs.js

Filesize
6KB

MD5
479fa59d6dc026b9088a6af8218ce3b7

SHA1
cc6dbf165fb7a4cf32461b3202030375308770ec

SHA256
5f3b34e3eecc3cc73be0e6dd785f4bb8720776f0eb47534170e2ba3f40294b81

SHA512
b31b408235e7d399122ee1c9747e5dfab46b2992406dd7b36de5c0aa4940a5f4bc5b71a329ea54b16007f0aef81eb55da59f1706a830c09ab5697baa1133064b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b2e1521926bd4a814354788ea8dd84d7

SHA1
6b2abe6324a69f5b26bb0294707d7aa2d28da6fe

SHA256
e1b04073d477d0daf49e66faf8f3efcdd59b2ed653384373aeac1f43d9ede7a7

SHA512
21c1cbcb75b967694c820e5674660a14c67cbf99b35dd93386bbb8ba2edb2f5df3e2c4c7bb8cb8c08a8afbc46eed77bc6958d53fb39be8dee6b9959538f34ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
f1f6717fc85f0dc4d5f23e8f93955a57

SHA1
812512797f7171b5db717e1887f3e7556989a366

SHA256
0128f6c3f6ac1c9888117ac8d41a18ae7df3bafc6c5cf6147eda7e0bdd471566

SHA512
27d324b0a56bd0c2daf9767fa617d73329d467c164ffd1f5d2f254cba827a2f3c420bfc9f1c7e2991d97c921ef8e880d527d99d128937f73e4ea0ededdc5e3f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
553c3c15f76dd76b73c66d64691b02ec

SHA1
6366ed848ae94b344f1b34dffd4498a54eeea36a

SHA256
2dc79da7c965ba86b5b4e0c8715005304576cbe6243b4f96840e79ff46e87bdd

SHA512
9462d350aed7c42b0b29b5c5ce2a1a86fbe5db285d3ee6f16baeec4ef2356fa8cfca1008a7fbbe59774975dfd29556ece86c2cd72bb8ff1f4631ecd5a105fc68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
4320ce7420f98292514c38a19219b6ee

SHA1
dce25fcf96e260817b1ea364e92ccb44142bb95e

SHA256
9db1021823085cf69ee2fb20abadba274fa02c7cb5f26fef76579e3c55161b8b

SHA512
7396cc3f5e48b72c5dd93837e8abed8fd9ee705b3dabb00abf18670d119a8e781273468985af54f34a1bf9c77c2bceee14388d5fa7a793618e5100b0a34c33ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\targeting.snapshot.json

Filesize
3KB

MD5
5bfdee83b432ae3cfd6347740e6e5b06

SHA1
47bf9461dd9f6fe491758f86af8bcd3f2b504d9b

SHA256
27eb20ee72b37a759cbedf4304e7fb90cbb781a928245a521914529d92ac1310

SHA512
6b4e315399ec58684d13c706e5e528dc69ef1ee124ec10f9ed5e4088c2f7a55ba124a269399419e50f249dd509ba0d95ae70a542cb747dad9cf7c96104e6605b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xkoyglns.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\xkoyglns.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
5966a2130c3aa4688ad4a1378798fde0

SHA1
2ba67b57bab70233870fb45471ec6e6e920e982b

SHA256
426113a8daccdab3619018ca2ba2318bd7f05d4deee2ef67d28a5adaa1b21fe4

SHA512
ee28e7440ba70881716a1e4a157b044f31b16f2df489694393a4b6411552d25bc571c3128340c2ab22247564d76c2942eb967005792aa501b43e9e455267f698

Download Submit
C:\Users\Admin\Downloads\@!ⱾetUp_77519__#PaŜṨW0rd!$!$.phYf7QKb.zip.part

Filesize
24.3MB

MD5
6b73de9287f1f698bde5742925bdcd06

SHA1
7af7cf3205bf3a70a764831e6afbd6566872eecb

SHA256
2e63eebf9ca9ad9bf51cd1534b6945df8c173c549f38c865468aa597a80fbcd8

SHA512
cb22d025fa1d6134b4f86be851d8a4cefae77ac528f00d1e193d39e0249763ea14038bc7312042f8b0ec7c8a8e09147414b00fbab8323ce7cb281db8d1582891

Download Submit
\Users\Admin\AppData\Local\Temp\Hq_Control\IMHttpComm.dll

Filesize
32KB

MD5
a70d91a9fd7b65baa0355ee559098bd8

SHA1
546127579c06ae0ae4f63f216da422065a859e2f

SHA256
96d6264b26decf6595ca6f0584a1b60589ec5dacdf03ddf5fbb6104a6afc9e7a

SHA512
f13b735a47090c7c6cc6c2bf9148408ee6db179c96ee6428270541f27e50ad12cff7486f3a6ffac2ba83fd2e6e8e49661e6258f5aee97eb0f48771cbbd22aefa

Download Submit
\Users\Admin\AppData\Local\Temp\Hq_Control\ImApp.exe

Filesize
258KB

MD5
312707a513f86ed20642f43f8ef4dd14

SHA1
eab360e8a8e8e5b6bf139394ca1409888586d02f

SHA256
9b398917c796083a6005ab3f9d78243dbc0fad12be1e196be2b01041d4c951a7

SHA512
cd11b6cc2d058f5825bd90f342df22fc22fe19f5e3e1cbb197fbbe83a64367bbeaac748ce9d9685403f3c32a36b329e061fabbf54badc5486c442d5df7168f30

Download Submit
memory/1504-1152-0x00000000004E0000-0x000000000056E000-memory.dmp

Filesize
568KB

Download
memory/1504-1155-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/1504-1162-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/1504-1157-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/1504-1154-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/1504-1150-0x0000000000460000-0x00000000004AD000-memory.dmp

Filesize
308KB

Download
memory/1504-1149-0x0000000000440000-0x0000000000454000-memory.dmp

Filesize
80KB

Download
memory/1504-1147-0x00000000003D0000-0x00000000003E0000-memory.dmp

Filesize
64KB

Download
memory/2320-1173-0x0000000000400000-0x0000000000B4A000-memory.dmp

Filesize
7.3MB

Download
memory/2320-1172-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/2872-1166-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/2872-1168-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/2912-1111-0x0000000000440000-0x00000000004CE000-memory.dmp

Filesize
568KB

Download
memory/2912-1094-0x0000000000250000-0x0000000000260000-memory.dmp

Filesize
64KB

Download
memory/2912-1115-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/2912-1098-0x0000000000270000-0x0000000000284000-memory.dmp

Filesize
80KB

Download
memory/2912-1103-0x0000000000320000-0x000000000036D000-memory.dmp

Filesize
308KB

Download
memory/2912-1144-0x0000000060900000-0x0000000060979000-memory.dmp

Filesize
484KB

Download
memory/2912-1116-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/3016-1032-0x0000000000400000-0x0000000001BE6000-memory.dmp

Filesize
23.9MB

Download
memory/3016-1039-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/3016-1160-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/3016-1038-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download
memory/3016-1041-0x0000000073B20000-0x0000000073C94000-memory.dmp

Filesize
1.5MB

Download