94fd6066083bb74ef63c40dfa5e98a0c2257086a55fe59b60aaf14de34b161bb

Analysis

max time kernel
943s
max time network
953s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wwise-Unpacker-1.0.3.zip
Size

19.6MB
MD5

a0f6c604a2e155c9d018ed97e3c3e0eb
SHA1

dd4884e91ad34875d68cf9892dcbbe504ccc9529
SHA256

94fd6066083bb74ef63c40dfa5e98a0c2257086a55fe59b60aaf14de34b161bb
SHA512

cb9eec1de52cf2214462e01a5f2f34bcbe9def9a7207d1afc453b6453b8b0622f01211650339f5ca242c36bc14745ceeee7d5cbf3bb792bbd1a66df5fc6eebc2
SSDEEP

393216:6FosI9jcj+pwvhaB1yq3rFtjPvoxn9tsUIfG06yrazk6HuU5ejF+ID:TsajcSPB1yCZ5voxn9tsUGDrazvHuUc3

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
1120	Process not Found
1120	Process not Found
1120	Process not Found
1120	Process not Found
1120	Process not Found
1120	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell\open	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.md\ = "md_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell\edit\command	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell\open\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\.md	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_CLASSES\md_auto_file\shell\edit	rundll32.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1584	firefox.exe
Token: SeDebugPrivilege	1584	firefox.exe
Token: SeDebugPrivilege	1584	firefox.exe
Token: 33	1524	SndVol.exe
Token: SeIncBasePriorityPrivilege	1524	SndVol.exe
Token: SeRestorePrivilege	3040	7zG.exe
Token: 35	3040	7zG.exe
Token: SeSecurityPrivilege	3040	7zG.exe
Token: SeSecurityPrivilege	3040	7zG.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1524	SndVol.exe
1524	SndVol.exe
1584	firefox.exe
1584	firefox.exe
3040	7zG.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1524	SndVol.exe
1524	SndVol.exe
1524	SndVol.exe
1524	SndVol.exe
1584	firefox.exe
1584	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe
1584	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1924 wrote to memory of 1584	1924	firefox.exe	34
PID 1584 wrote to memory of 1768	1584	firefox.exe	35
PID 1584 wrote to memory of 1768	1584	firefox.exe	35
PID 1584 wrote to memory of 1768	1584	firefox.exe	35
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 1620	1584	firefox.exe	36
PID 1584 wrote to memory of 824	1584	firefox.exe	37
PID 1584 wrote to memory of 824	1584	firefox.exe	37
PID 1584 wrote to memory of 824	1584	firefox.exe	37
PID 1584 wrote to memory of 824	1584	firefox.exe	37
PID 1584 wrote to memory of 824	1584	firefox.exe	37

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Wwise-Unpacker-1.0.3.zip
1⤵
PID:2868

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.0.1598733211\1338439078" -parentBuildID 20221007134813 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a935b95-cfdd-4192-b843-fed9db483b97} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 1260 46d9958 gpu
    3⤵
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.1.1928875829\484067233" -parentBuildID 20221007134813 -prefsHandle 1456 -prefMapHandle 1452 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e29f9981-99a6-4b3a-8a5f-9539c6afde94} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 1468 e71658 socket
    3⤵
    PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.2.29777114\600579786" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf56a25f-f4fd-4a1f-98f5-378e40e2cb25} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 2092 465bf58 tab
    3⤵
    PID:824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.3.69698947\1213051875" -childID 2 -isForBrowser -prefsHandle 2404 -prefMapHandle 664 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0fec3f-38dd-41a6-8d1e-454159926d4b} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 676 1b352158 tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.4.1957207645\1540131309" -childID 3 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e722a6ee-a359-48fb-a83a-a3a3266fff29} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 2848 e62858 tab
    3⤵
    PID:792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.5.1387212336\975279997" -childID 4 -isForBrowser -prefsHandle 3696 -prefMapHandle 3648 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bd7855b-544c-4a58-aa4e-8e168b942eaa} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 2444 1b818158 tab
    3⤵
    PID:1616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.6.1459528995\397633428" -childID 5 -isForBrowser -prefsHandle 3808 -prefMapHandle 3824 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccacfafa-0cf1-49b8-9c74-684f8ae95761} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 3800 1e892e58 tab
    3⤵
    PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.7.1242771447\50834105" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20e9d400-dc2b-4f08-9565-65883db2072e} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 3964 2181c058 tab
    3⤵
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.8.1203942083\896162265" -childID 7 -isForBrowser -prefsHandle 4388 -prefMapHandle 4384 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf1ac9a-d6ce-46cc-800b-f4d8083e675c} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 4400 2284b558 tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1584.9.40298114\899400682" -childID 8 -isForBrowser -prefsHandle 3752 -prefMapHandle 2952 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 808 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e6ff413-f4e4-4061-9574-b0e275763183} 1584 "\\.\pipe\gecko-crash-server-pipe.1584" 3768 1b818158 tab
    3⤵
    PID:2684

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45679767 30922
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1524

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\" -spe -an -ai#7zMap8665:102:7zEvent15357
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3040

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\README.md
1⤵
- Modifies registry class
PID:1188
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\README.md
  2⤵
  PID:2572

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\Unpack to OGG.bat
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
368a1927cb556bbe8b4c725d5e7e627f

SHA1
4d9f2f14bc04071e42bd214190883d564e71c8ce

SHA256
39035ed08eba6a6cbf4d886736de2376584a1c075fed3491c88de166d51f0629

SHA512
c65d29a7ca307b2fc0c22edc7c82933860e1e1b311688bd5519a4bab57f73866730043e9c8763e8ac0458d2e7d8da68a8632e4cc4c1de2ece5f0a7b0724b89c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\doomed\12110

Filesize
9KB

MD5
2251fff22175d6651d3a22fe23b6f17d

SHA1
1f6c7e1a24242db2e790bd97a39794e21f09e54b

SHA256
be1b19c72b90de7f8e9a9158c9496c3dac4424e01b5a68c687a5379532a988b4

SHA512
08970aebca85eff17387fd50a31b726a2d2bd4e6c840f5f1d00a031fc0c50c3d01b3c0f95fc3b6e28b97a69beb74c0f15d7152823139541eb3272255f75de95e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\doomed\623

Filesize
15KB

MD5
c5c17c99d3c0e039b50652033f48f9fd

SHA1
c64eb6e0b086b84a585c80192ab7e1ce6ee68ea8

SHA256
da39959a07bdea87e7632f337505845cf70f90205e82bb1dfe46f5a6056df7be

SHA512
e5eee9180e7624822f70c7444593bcb2e751c727197fa27178b68b9c531c80b476bf40a6de2e13d14dbf5e3a1879bbd1a39945b5063e6607262ddb2e83acc45e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\52361C5F2FCB62491E12E504CA7A19549CAC5305

Filesize
13KB

MD5
53e5747b98a45f61f94c95c962a30db5

SHA1
87daedbf99981bb5b360eb27f05321e2a0b43ea7

SHA256
85243e131fb35f5d80a8dca9d9831fd43d08aea794cc62ff7d2b3a2205084270

SHA512
c7abffa2f621e729951e04162673b1e4d1651525cb421639debbbec5e00850fa6a0e14c342fbcc3e4918d98d3c34847aad4ad93fb919b0c2d06464169c4ded23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
14KB

MD5
991c0027f947667e8808d0f50e888ead

SHA1
2af98922afb7a32132bf2c864c10ed522c6fc00b

SHA256
4dd5dc8a78e69c7e29756481bce30ae2a7ab28e7b59f3a82f127fd70f885689f

SHA512
56d28ddd6fc2ba405ce86a57fdee44d493c7f3945d2e7debfd5c2ac754f0d61f9aaee96c13008d7c8205570533a1ffbbef076c9d864ecd37e53fe33eac59d1bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\BA4CA3A32A0AB365A9EF8564FC67AC4461845518

Filesize
15KB

MD5
1b6dd5c2fcde8b8f8ecd9848cde95afb

SHA1
9931a348ba6767b7f1035f9e8b7728b6f0b63c5e

SHA256
2eccc29701d06bf32730d485e26036edab5e5fb36c5270e9a48bd122d6139f11

SHA512
9fce1abd9b92735de60d3836dee37a07fb9e9698eba924b13bfe39d0d9ff9a727729eb4d83560fd1bc298ebc317c53becb6664057ed3989a18b37eba18ecf791

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
16KB

MD5
a9d9803d5f3487babe3c1bfb6d52bc80

SHA1
8f3767fa61dc5fccb8468531a09377a006e96bcb

SHA256
99e40e430dcdf507604720211ab52f0b38954b8035e20208f52a76d1832fdd6f

SHA512
b7bea9108a804cf9a5aa50f85518783b962bd54b8b7e1f697e2437b336c8ef0009e1d608205384ba5598997f24e824cb56310797162803f0568e26802729bb67

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
1451f62cbdc3ed13bd7047994f8aeae4

SHA1
1448116d5db0f832c3cc401590a8a6867feac220

SHA256
7d174e2e57972aaa3e0c9ea29eaca064e88d1e535689921ff9cdc6851cf081ec

SHA512
e057d9caaa638b1da982d381c9eebd7d1b91485613240cbb297728690e887d5cb10d416bca49cf9f6c32adb088b3cdcb1adc49d2c7967c0b3589bd9f1eecc1b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\AlternateServices.txt

Filesize
2KB

MD5
1d674264eaac184cca11ed33020c230a

SHA1
6ecda52521f29b6401b1d6096bd1aec8a02fe9c8

SHA256
0e3a97b1346361f44b94cc8c7b9d824b6c38d31037515d75fcaa18a3bf6be3ee

SHA512
a749dacb8f55f3870b820c430703cde312cf6e01c6812eb31ef13e27009b2c0d173749f7c50e744068847bc2f5175355aecf968bcd84a5f814446cc77b3d0e53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\SiteSecurityServiceState.txt

Filesize
734B

MD5
76d9073f3af7c5fbf2da0240df6ad3fc

SHA1
62c02e4f948501e924e467e241fbab9cbf72b739

SHA256
bab34025d48202957675ff56cccb36353211efc269863260bd5ae55355322684

SHA512
577f1acf59c6dbb95f2bab7467c0921831a2a208ead4691fb12e5db054228e0184018da227e19fd2cfb291e4db59e4ad3cd754c5d07b5853a34fd9c924ccabd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
35860b7440797fdf92b6b343858fae39

SHA1
62c24f43eedf6e71b226f0159dbbfeecc152f47f

SHA256
fa8d0fffa1b53a2ef40a65da9e28fe04dd91f053f4784f542714e60b4290f498

SHA512
5ae3d1a8279ae0fdf7954c3cf2279ea9c525e36547c4ed92049f741be6bd46bfef82b40763c7d01e0620dcf356fc9fc45b12be4dce319d4d9b354f6fa15d1a69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\bookmarkbackups\bookmarks-2024-07-27_11_5h7eKW0pE3Aq-pSa2dI0OA==.jsonlz4

Filesize
946B

MD5
895682c2fc2c07cda215ba62e57261b6

SHA1
fb66e4eea346617848114284d5f3c788ce3276af

SHA256
c156c613aaeda19ab4baead86896360c173d4af91d03c030b179fbda8372b4e5

SHA512
00a3f07045bed64190797c18db731015afb997f378005c0acda45f6e6ed412a5ae1d20590a3376e4a32a6eb12289e611ce60543702c078090a20ac7ca8914317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
3e0dca4bceb89b1299c113a27c2aba14

SHA1
d2c056b69c0155bbe1cdf04d8e7b225c9a47bb2f

SHA256
b0355026a11877367308bb383d2d7f1875d886ffed612547549490a9b2ec56ca

SHA512
8f6003193572562dc004a5a67d757a9b1464fae9e8eaccfcd1aa8e4a7f6e87e06f08f6fc305a508cf09886011bd6adf45a25527c21374c586af4f738482ddf28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\ab17041f-6441-45c5-bbe6-494c2cf93b9d

Filesize
10KB

MD5
d4062a77a472b7c4329174aab70df295

SHA1
df683c8420a04432674f55e497ee8c4cbdd02267

SHA256
399b79490a89abf72fdc56c50853919287a87f659ee0704130e498917297cdf2

SHA512
bfb3a1e291154b9cda6d4f7ebe09c7d6b791531dd5830562d81d63689d670ceb90dbedfb7526a348f4bc0881e1cf2552b9863792d971d93f6743d9826875527d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\fc9cab64-b422-4cc9-b269-fc9ca8da2592

Filesize
745B

MD5
3a98ed352a164ce832f05551dcb34cd0

SHA1
0b18e5ae3ebf076227749ad86561ae3177581efa

SHA256
c0ee34b739ab68642e826a6debf356d49a1770d5cfa06070a4e81c565b1bdf8d

SHA512
3dbc080d75525e0f45a20c74a242ecd788d84a23044922e0037ec56cb6887adf836dc47c49ee06e832a19276ad783954ca5b0001732cd97c8704b542f3a01289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
7KB

MD5
9767b14428661c98b81fa2b6be84f197

SHA1
a855159e8b497be231fd94aafcbcb3cd75192280

SHA256
5ac0e1454578885c8291053998ddd209baa0cd240e42a4fd1ffba6618ee84c6e

SHA512
3f986f3c925edde859dcb5f4dffd6e5162617b86c3f4136edd2ea0d4e1e11680bda9d3732926d3bde4634f7fc0f0486b49e1d58a70ee81d03e1691e43854e38d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
6KB

MD5
5091e6ac7ced6623f4147ca3feeb44c6

SHA1
efd1498a8c52f5f3ef7ec96a72982b6efe1dffbb

SHA256
2e363c8d42f2dff3ca0bb89a026f3a093dd26fe1c5534d30c305fdb3af630877

SHA512
b7b8cb827ad08823092537e3bb9df556a51f786bbaaf473658efa893bf4191e99bfd7ba9d1b56400dad09b29c418975718c4c8a384b9dfa4f27f536e6c4d9073

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
6KB

MD5
f10c13a7e631e12668b53897aa3f1d3c

SHA1
72416fbbaea9a3f9ba4a73d3c72bdd7793c0577f

SHA256
cfc0ccf86396bee4b0a11a4af6fddd82c98b15a53c93b83c5bab0e1a288245aa

SHA512
b935b26c2a04c363e8efea0db3c2a40f662497a5ec86320fbba3a37509378424dd932d6659f6e9d9c24370cde8a9d5aed454b35e58fa4f28125b34ab9b5358a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
7KB

MD5
a394bce3e6a9425e8001c2eb1091dad8

SHA1
4dbacbd3fc46da87dbac6137fca21fe78dee33ca

SHA256
d888f66a5836f42a2d654b7280978fc52cd0118cdfd09a07ed19ba82f30e92cb

SHA512
b20130fccf53aa9d29cd1b39d48183f18bcea93c2bbf13146a7c66d113548dca311a8b66fc86cf0c2a466acdc278189468ab43943973ba2fd4a7b6b5631a5ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
6050af3934277b53eeabb42a16528660

SHA1
efccfb404d02f0c635917dcebe8516bf76e7691d

SHA256
d31981fb1d6ba25c51bd17a0f631a45e65b1df5f20ed5b0e8fd85b42e7e7d57b

SHA512
9382a243e50bb3959843c2ca4aeba247346ddf1a6968cc2cb4bb160113c37b8d631e9a4d0d84687e0157663c78ec3cba99acd57706b6ce4fe30cf19633875fc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
67697574f948c36a353808536d135aa9

SHA1
d404dc6cd1c8973a34fd892d61d4a5cf0f2a4e64

SHA256
0e0716e0d6bc483cb35ef4a106de873c62e888324fffa81ad72b305078b32776

SHA512
6f60a4a289fe6fc1a45cba7afa2803323852b85c8d71664d8c697a8e0d973aac3ec7d79c4ff1855de7e06572bb3fcc828cdbca8db5546feb524afecfa5d40e84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
8aa1ef03d3f369f5a14cecc0b9667b1e

SHA1
cd2371cad2285e363aafc2f15a38cd739fdab3df

SHA256
ef0ce5104fcd3ef75ec81cce2a27aac802ca405d1d3ae9ef768c183e53c1dd7a

SHA512
dc706d2b90838157a954074a5d70ef8713a6cf9c6f6c02da86742850ef46afe64f4bc3acbc1cc171b89c3beb4fa15c5444536221d72204b203ab01367decfb26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
92b734c54092b868a1f3f79323379d36

SHA1
85a733cf0d4e1679d71d82d9f825cb6821e5c116

SHA256
466e6f4cda0d89faff3ca4e7e503913dc52caccdff2f9d767960d1743f4ad7eb

SHA512
7739b4b09bd5482a48aeb9758398ff89279695161f529614d7b1a8bd014f2ca8d88733923f17f3707824654745473e6930dc74eb1f3dfd6f379fe0a4615212c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
7d0020d911db116ff4fb1090e9581721

SHA1
794f9059be201d268df131235e88cfd4696d6a58

SHA256
ee58f1bd66db23012149d9180987a55decdadb1b55274d2835d66c9d61d363ee

SHA512
af2ac53488f2f0df68a35e48c633dfdbffeecc4e40120d16313dcc6582930604626331a92d8b57e9254ecd172c9725b5d1a002fef9f80a9d9cfacd50be5ba447

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\targeting.snapshot.json

Filesize
4KB

MD5
7cd1fd82f57c1c75c04bde929c305958

SHA1
1ce2ef1d811b065957b2530b8efbfb44e222e982

SHA256
dbe668a3321beddc311b20e42bbec6c65815cd5c34cad04c3650c3b697612e1e

SHA512
a7003d7373443902c6c80ea8211a6067a84c5f0d4e6906da3b4d2e65f6eb1825cdfb99476ebcb247d83dc4c57e988727478e478685b984b1f3d395ad4f195f9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\xulstore.json

Filesize
141B

MD5
8c8e29dfc7492b92903124e1da454a88

SHA1
09e1ea8b5a53255747809121543598e55e38f9ba

SHA256
08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb

SHA512
bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

Download Submit
C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\OGG\.keep

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\README.md

Filesize
2KB

MD5
2296c9dad026bb0cb0392366671476c4

SHA1
1dd955ef44f15557e9d9477084ebd8c3c026464b

SHA256
62d79f4f2e354303e756a4763d7e21bb2e42e8790ee1065ec1281445d32b600c

SHA512
91513ee5db7b24489766c6ba01de2823f5f50b4b75bed8a0900f17e01bdc408e11cc18a445f8b38057e2301f6f462892f8b7909df35ec946dec3c88dfa527a53

Download Submit
C:\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\Unpack to OGG.bat

Filesize
1KB

MD5
b3a2554fe9b8eac423566c9e536465cf

SHA1
ac56911159b595e70a380328366a7e91bda51bca

SHA256
490fa3ea14b7cf52419ed3bcb8aa947b488c7183db59e7421b65f6cdd4f12ce1

SHA512
7187ccf3987e8e09eb70bb69277e852ff46f5feffe874e2a1138f8fda4b0ad9af7b05fed619bed35eda66fc8b76b04a9a409ab1a608d900cecf6c339cd91a102

Download Submit
C:\Users\Admin\Downloads\Wwise-Unpacker-1.tZqX7Xtu.0.3.zip.part

Filesize
19.6MB

MD5
a0f6c604a2e155c9d018ed97e3c3e0eb

SHA1
dd4884e91ad34875d68cf9892dcbbe504ccc9529

SHA256
94fd6066083bb74ef63c40dfa5e98a0c2257086a55fe59b60aaf14de34b161bb

SHA512
cb9eec1de52cf2214462e01a5f2f34bcbe9def9a7207d1afc453b6453b8b0622f01211650339f5ca242c36bc14745ceeee7d5cbf3bb792bbd1a66df5fc6eebc2

Download Submit
\Users\Admin\Downloads\Wwise-Unpacker-1.0.3\Tools\ffmpeg.exe

Filesize
35.9MB

MD5
6653f5cbe03f90e1c484daf362514ab6

SHA1
4126ebce0c6b2d0f078357c226256b01c32965a8

SHA256
469b6b2f2c7d69bbf278caf65660d88be66818e8699ede4cc81e0256c3085395

SHA512
93b44678c3c7fe7c6be454aaf34f3e5a3f89b257369f40bde3ae614f4a57ecb3ac5e5315578e46e513ee896b708115336eaccb7ed8a190a113c55cd02d485c91

Download Submit
memory/1524-472-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download