darkside | hxxps://github[.]com/obscuritylabs/darkside/blob/main/0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9[.]zip

Analysis

max time kernel
285s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20221111-de
resource tags

arch:x64arch:x86image:win10v2004-20221111-delocale:de-deos:windows10-2004-x64systemwindows
submitted
28-12-2022 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/obscuritylabs/darkside/blob/main/0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip

Score

10^/10

darkside ransomware

Malware Config

Extracted

Path

C:\\README.76ec830a.TXT

Family

darkside

Ransom Note

----------- [ Welcome to DarkSide ] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. Data leak ---------------------------------------------- First of all we have downloaded more then 500GB data from your network. Included: -Accounting data -Finance data -HR -Employees confidential data(photos, benefits, taxes, etc) -Marketing -Budgets -Taxes(sales tax compliance, property, income and franchise taxes, etc) -Payrolls -Banking data -Arbitration -Scans -Insurance -Reconciliations -Reports(monthly bank inventory, monthly financial, claims reports, etc) -Audits(DHG, insurance audits, etc) -B2B clients config data -Confidentiality 2020 -2020, 2021 Business plans -2019, 2020, 2021 years Closing (full dumps) -and a lot of other sensitive data Your personal leak page: http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q On the page you will find examples of files that have been downloaded. The data is preloaded and will be automatically published if you do not pay. After publication, your data will be available for at least 6 months on our tor cdn servers. We are ready: - To provide you the evidence of stolen data - To delete all the stolen data. What guarantees? ---------------------------------------------- We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one file for free. Go to the site and contact us. How to get access on website? ---------------------------------------------- Using a TOR browser: 1) Download and install TOR browser from this site: https://torproject.org/ 2) Open our website: http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM When you open our website, put the following data in the input form: Key: ug8lgpX3WrFzlEJ6HBWlwJnf7jemhfnlxBw9porj1uuYFTgKbxJQJLYiteQS7DwgZn7dH0fs7qPPWmZ6inPv5GTmSJZNAjGLVIjd4SoiyTdGyophf0zPBxx6uEAOJxM0Woo4ZGeKVoUDHtZsqZNnhMF7aPh54VnKpIJXiZDbZZw4P06xTuw1UMeiTE7wdg7HWZMepAVTzEI2W04RbkPFQHfUgEDcslDxbr83BvopYTYGKFRmtNUMH8OsOZQrOtv50xWDaOfbqxbzfHMJm30QGaGpgylJHQZsscz3XBnwIdvlwBJ9KN4DVgFgziRdvwJrfCP6YN1CYTOQgw1rzqmIU4G1xGYv7rE3jiBY1s4D3Y26SbppTceAVMu1mKx5CFIE3EbtcAsNtEqLHDbPnMCvU6Apwp17TXGob8xXJpEDBZhIzdTaCuybcprwcFNTOzccjbIH81W39MrcJi9mNO3kHRe5fxmIFKvc9v8aQDihGyC65DtdabyBjidXI1NyNONT4PTyrxYqgffPsNDFuzz2yMrXiTAwtAQPqny5BBJQsfVhpLXTtnLvWg1 !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!

URLs

http://darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion/162/thedixiegroup/LCfyHRcwffrYTblpZvoPO3XDbrYPcNu0wVAsH5p49LSjBfzTmtdXT48azXFlMu7q

http://dark24zz36xm4y2phwe7yvnkkkkhxionhfrwp67awpb3r3bdcneivoqd.onion/W57MRI9C7YZJUZEABBBYRQLSUTG22JZ9MAH0WT1ISHC405KP7Z2UWY3AI3J68DNM

Signatures

DarkSide
Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.
ransomware darkside

Modifies extensions of user files 6 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

acer.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\UseCompare.png.76ec830a	acer.exe
File renamed	C:\Users\Admin\Pictures\AddExit.png => C:\Users\Admin\Pictures\AddExit.png.76ec830a	acer.exe
File opened for modification	C:\Users\Admin\Pictures\AddExit.png.76ec830a	acer.exe
File renamed	C:\Users\Admin\Pictures\UnregisterSubmit.tif => C:\Users\Admin\Pictures\UnregisterSubmit.tif.76ec830a	acer.exe
File opened for modification	C:\Users\Admin\Pictures\UnregisterSubmit.tif.76ec830a	acer.exe
File renamed	C:\Users\Admin\Pictures\UseCompare.png => C:\Users\Admin\Pictures\UseCompare.png.76ec830a	acer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 12 IoCs

Processes:

acer.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8FE373924026D77D63F520328AE9C865	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8FE373924026D77D63F520328AE9C865	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751	acer.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751	acer.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

acer.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\Desktop\WallPaper = "C:\\ProgramData\\76ec830a.BMP"	acer.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies data under HKEY_USERS 40 IoCs

Processes:

acer.exeacer.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History	acer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	acer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	acer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	acer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Sequence = "1"	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = f9bb8b1646f178eb3aaec6c1830e28c0d5852b6999910c1f1ee9ddcbc80e9309	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = 56652bf6f37f4afa8857f41509deb1185d201d0d344ebb055d166e001294fffa	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = 55bddf82368cf1e8f5aaededecbfb521829147b06e528386ed814b74918dc0e5	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = f6e2af1f6b13693f4a3ccdcfdb9b5a46ee8d976c6a2e291ca1811df0136a20b8	acer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	acer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 5c005c003f005c0043003a005c00550073006500720073005c00410064006d0069006e005c006e00740075007300650072002e006400610074002e004c004f004700310000000000	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 5c005c003f005c0043003a005c00550073006500720073005c00410064006d0069006e005c004e00540055005300450052002e004400410054007b00350033006200330039006500380038002d0031003800630034002d0031003100650061002d0061003800310031002d003000300030006400330061006100340036003900320062007d002e0054004d002e0062006c00660000000000	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = d3fac1576774e6c3666a1a286a00c5bc7554a0e9167b1a490e6aad3572d4c6a0	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	acer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\76ec830a.BMP"	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = 0c214a330e0986ef4330a3adc36f0b6e1bc8ecc9bd48126f0216a907bb4d0637	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = abbb8ae50d364448e19aa9ba0a17f0a84723c2b75b15615202527805b477f404	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = 31e912dc979fea7bfbe9f00356005cbb2bf600a8f167b897c9f2dee30a172afe	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 5c005c003f005c0043003a005c00550073006500720073005c00410064006d0069006e005c004e00540055005300450052002e004400410054007b00350033006200330039006500380038002d0031003800630034002d0031003100650061002d0061003800310031002d003000300030006400330061006100340036003900320062007d002e0054004d0043006f006e007400610069006e0065007200300030003000300030003000300030003000300030003000300030003000300030003000300032002e007200650067007400720061006e0073002d006d00730000000000	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\Owner = b0110000f47ebd4c921ad901	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 5c005c003f005c0043003a005c00550073006500720073005c00410064006d0069006e005c004e00540055005300450052002e004400410054007b00350033006200330039006500380038002d0031003800630034002d0031003100650061002d0061003800310031002d003000300030006400330061006100340036003900320062007d002e0054004d0043006f006e007400610069006e0065007200300030003000300030003000300030003000300030003000300030003000300030003000300031002e007200650067007400720061006e0073002d006d00730000000000	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = 3f7b20734b88f8b73fa7a1b701429e8cee89f02c6e51f2cdc37951f9cba391fe	acer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	acer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	acer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	acer.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\SessionHash = 8eaf6ac997b95d4d819ec83b4f4349f45aa0fbca966783a3432f29b61836ac1a	acer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFiles0000 = 5c005c003f005c0043003a005c00550073006500720073005c00410064006d0069006e005c006e00740075007300650072002e006400610074002e004c004f004700320000000000	acer.exe

Modifies registry class 8 IoCs

Processes:

firefox.exeOpenWith.exefirefox.exeacer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.76ec830a	acer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.76ec830a\ = "76ec830a"	acer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\76ec830a\DefaultIcon	acer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\76ec830a	acer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\76ec830a\DefaultIcon\ = "C:\\ProgramData\\76ec830a.ico"	acer.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Temp\0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

3084 NOTEPAD.EXE
1248 NOTEPAD.EXE

pid	process
3084	NOTEPAD.EXE
1248	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

acer.exeacer.exe

pid	process
4916	acer.exe
4916	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe
4528	acer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3940 OpenWith.exe

pid	process
3940	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

firefox.exevssvc.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeDebugPrivilege	3916	firefox.exe
Token: SeBackupPrivilege	940	vssvc.exe
Token: SeRestorePrivilege	940	vssvc.exe
Token: SeAuditPrivilege	940	vssvc.exe
Token: SeDebugPrivilege	1756	firefox.exe
Token: SeDebugPrivilege	1756	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

firefox.exefirefox.exe

pid process

3916 firefox.exe
3916 firefox.exe
3916 firefox.exe
3916 firefox.exe
1756 firefox.exe
1756 firefox.exe
1756 firefox.exe
1756 firefox.exe
1756 firefox.exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

firefox.exefirefox.exe

pid process

3916 firefox.exe
3916 firefox.exe
3916 firefox.exe
1756 firefox.exe
1756 firefox.exe
1756 firefox.exe
1756 firefox.exe

Suspicious use of SetWindowsHookEx 28 IoCs

Processes:

firefox.exefirefox.exeOpenWith.exe

pid	process
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
3916	firefox.exe
1756	firefox.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe
3940	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 4512 wrote to memory of 3916	4512	firefox.exe	firefox.exe
PID 3916 wrote to memory of 2188	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 2188	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 112	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe
PID 3916 wrote to memory of 5096	3916	firefox.exe	firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/obscuritylabs/darkside/blob/main/0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip
1⤵
- Suspicious use of WriteProcessMemory
PID:4512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/obscuritylabs/darkside/blob/main/0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3916.0.1305111526\1941058671" -parentBuildID 20200403170909 -prefsHandle 1700 -prefMapHandle 1684 -prefsLen 1 -prefMapSize 219944 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3916 "\\.\pipe\gecko-crash-server-pipe.3916" 1776 gpu
3⤵
PID:2188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3916.3.1758071793\951154200" -childID 1 -isForBrowser -prefsHandle 2336 -prefMapHandle 2448 -prefsLen 112 -prefMapSize 219944 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3916 "\\.\pipe\gecko-crash-server-pipe.3916" 2436 tab
3⤵
PID:112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3916.13.1213439077\86976645" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 6894 -prefMapSize 219944 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3916 "\\.\pipe\gecko-crash-server-pipe.3916" 3636 tab
3⤵
PID:5096

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe"
1⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe"
1⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe"
2⤵
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4916

C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe
C:\Users\Admin\AppData\Local\Temp\Temp1_0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip\acer.exe -work worker0 job0-4916
3⤵
- Modifies extensions of user files
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:4528

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README.76ec830a.TXT
1⤵
- Opens file in notepad (likely ransom note)
PID:3084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.0.2120943691\1342819917" -parentBuildID 20200403170909 -prefsHandle 1620 -prefMapHandle 1612 -prefsLen 1 -prefMapSize 221990 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 1700 gpu
3⤵
PID:4220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.3.2022048984\1308887039" -childID 1 -isForBrowser -prefsHandle 2512 -prefMapHandle 2504 -prefsLen 353 -prefMapSize 221990 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 2508 tab
3⤵
PID:4208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1756.13.1653742013\1058573235" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 6509 -prefMapSize 221990 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1756 "\\.\pipe\gecko-crash-server-pipe.1756" 3460 tab
3⤵
PID:4812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UninstallSearch.mp4.76ec830a
2⤵
- Opens file in notepad (likely ransom note)
PID:1248

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\00595E9CEA112348330EE318F42E2CA4A115B406
Filesize
19KB

MD5
db78e20089dd717a246bfc209f6c0bd6

SHA1
4f019f10d902b3bdca56fd46d28953fdc46de801

SHA256
ad6746d8a2914e1d435f317effe9299dc2bb865790a441af382cd9a06cda18c8

SHA512
80bbd81248786a86f90bcbd7a5b865e3cfde7ed4b28cf0a434cc4e8545d80a89775d9a70d3245db405b74052c79a01ed9dd56a11c041b4d077bb324c08cdb2bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\047E88F017748A97FFBC527350DC6218D1422741
Filesize
13KB

MD5
73c638dbf392f4d7a5a5b994c8b785ff

SHA1
b834d2429ba3c051077757dfd42ce7d5d481ea7e

SHA256
0eb00e5c51c93d052f60dc2586c3f57a3d8c342d0f897d996247aa7811d24306

SHA512
37b01dd6cee0597426e68cce117ef2f8795567800ff5a20214997afd8b7575aac7cb17950afb3306c00ffefbae2dbd172915ec5219869b425b04709688f843e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\0CE9436468BF8EB99C20A1C07F463CB5BB8389C0
Filesize
53KB

MD5
820a9fa7df383e4aaecbaafc65552c96

SHA1
8cd5cdbf407ab27e3e9e5260921f14cc73bbd776

SHA256
8dfd3ec2192b9d75ba5a4fbd5cbda65b6a931abc7894bb549b37edac716ca614

SHA512
40e25b657e07da3a672bff2eda0da7a82b2d986bb8ec74936384df31fd623ac6a2f59b30e8c6de63fa66d97f922f504f1863fc91254284428c99dc067b555d48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\29B65974EB36DFF6C399A63B19D3BACD44AFAFAA
Filesize
13KB

MD5
6faca1350aea126c6ebc642d2cb771a9

SHA1
b99aee065a2ae1a784ef25bf621ecd7ed9cfb386

SHA256
c60c1f532a70b99dbfe18d44ca4fae9f322ba3e4fa6a4455e1b535e43a0c36c5

SHA512
eb48f8924824ad4e44670ae6878761bd8571cd0710a2b4b904db9d3e47a25490f49f8d3c10a509af2c3d5eb35258e0c8d980cde0e24e04ab44f12fba7857d9bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\318F343A506A2318AE27019E96CDA0D1A272F380
Filesize
13KB

MD5
4a38fa9dcd3f5db3152428bb26ec6fcb

SHA1
4cb05645101ab443415a58efafedb56c19a64d1c

SHA256
28e0d3fca9190760bf7dabf01d9e58cc09b4839335886219c48ac748bd1c71c6

SHA512
4df550a0a2a2ece4419bc38ba829e5fc55a088fa5df894663ded3968c99160627e8e7512d5d44d2a75ed2380199e6893f24eeb2afc19350929c44493039cbf16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\36DD76ADD0ED797E4C46E1149E61D40192A132DE
Filesize
13KB

MD5
c42955352375e4f09459c5929b22527e

SHA1
47728dd0940d8301b23dc796b297cb45625e398c

SHA256
b8bca3d27183654b2f434a48b9f6b45e3e072bf992c556fca12ba518106d5f20

SHA512
503619b2d97f0cb9d3c7f88840155ee73a9eae352206e1fe1b224819c81781fdf7d3af300af0a72332ed687d4befe240a756aa5e10bbf1d6b51bd9d8668050f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\3E8DAED6B1701921F58544F5A60350EA114A215D
Filesize
13KB

MD5
3294b4321fe5e9addf5ee7c3f56d7cf7

SHA1
e66d6cd976ee8b15921c329fc3dffd85ff9a66ac

SHA256
c2b61996742070c24607409f4925fe08e6e1d7da05a225a123f11257ae7e744c

SHA512
816bbaba60141d931611b4ce35e8714bf688deda05f2c4d3c1e0375089c895544c2630a2995dde667acb22dcfdfd3ec880b34de17c76db912e6a327be07969ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\48857FEE47B1F1D4A6193797AFBDA762D204B357
Filesize
15KB

MD5
090d81be9a5fbaca3b71a47ab45a6cbc

SHA1
cb68988a5ae664e88f2c62c1005d8cf9ebe75300

SHA256
4f8b5536295f0199e59d87dc353c9fa45b355e1411a37d60caaabd8d0110ff3b

SHA512
f6d7dbda9af7397f50bcc084f0f11d39f41844b9f1d7979e8722f756ea445a7313343a65532ca346db9d57f6769d13be556dc7f1a9e62ef2c9bdbc87627c097c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\4903E7ABE348ED39D98D1C844FB81A906D5ECA16
Filesize
9KB

MD5
c146db20e82600b8806ec4080697dd39

SHA1
bf6887fd658b72d2711112a04b038fac9f3d7d24

SHA256
4eb37abc5486395b2a037596c9fd859d5710f101fe037055137deb8f8fd02d9d

SHA512
cbb0fb3c767fec68d8e540b504b809592767a148c4a1897ccc1df107076d8b1da1a3d33932133519f31a57976ac1cf90e79e5777777c3bcce1350dac6f66c868

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\68D4D7E06A6BF6E79918C8FC3251A9A4B7447724
Filesize
29KB

MD5
3f6deae537a927b15813b67a8aa04b27

SHA1
9891efe292185c3a35bb165f5d1759f9616be311

SHA256
7d27f42ce218b47d00042436f19e1fb727481695c0a6b6069eac56f88042349b

SHA512
c314111f7b8501d65879028a050a3eb3f2b2b9d4c2c6a2ea5186a350573675a09a30c9a7b0926a954b12527381918785b8b5e4c276f489430f73a2fc83b823e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D
Filesize
326B

MD5
a9c84a64c083425b8ecfb9afc204f58d

SHA1
483d35a46cb53a7901aeac4b717c4e2461aaa74b

SHA256
993aa7a22cfdf9654dc9d56b8da1fae569d03d9bc0d747e60aa35fa7e62c2401

SHA512
80562d7ba1936b728083b80baaf29a0f73bf8f0df90820270d56f8dfc6f4db8fe428321c47b21124bc74df7f42203bb2585cfe051d7ff295d598f8720d276b4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\6D4934FE31BFAF4563C9C133D9CEB4B986FB5CA0
Filesize
8KB

MD5
3152b610f5a95bbff5db914d14902bc1

SHA1
0a2cf99ff4c348eaf0b3ab97be2240177118a621

SHA256
fccced387bfa1053c0991514c7453bc9e08ff52b5db0c1dc139723b153c242b3

SHA512
396d09e32946ed0261efabb9af246cfbd9402181310654f2e6fb4b65b05bb3865ba22aee454d1d9b915e5b81d241c84caba7e2c906bbf3905d09e48686337da8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\6EA89895D316A7645148D3D9325B388766BE7322
Filesize
28KB

MD5
ee516bf419e9975a0370d29dceeeaa29

SHA1
e6cd06c8524545a34581dbb382d9fe61df7afe52

SHA256
a4cbe575d0451226d8bfcc8964ff6efd3ef15212beadfa2a5d252d58f849b0dc

SHA512
a5acf52e99cb018f1c095dcb7949612552acdbbdbe0a8f332b31515c822165146de208ba193aaa62b75d0ddff08d36f69c45226d766fb78a8f4e684b81ef001d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\761BC4795F40A731844CDEE1F186FC3B13005038
Filesize
13KB

MD5
cb1c41c7cc7c8a9e2ab19bf256083985

SHA1
267fa56b7d16ac995d565626755be30f76f99776

SHA256
2d886cf2de5a6fd47cf83d11b2d862746e548c077203f26e67ba6f65aae50a8d

SHA512
8e451119a8c976097c33473c7e5a9e90cab970a0b3887782b74368b404fee14ffd82d3834ff0cd129e077714bb6b6568d4d5a778ebf29a9e527a85e81ef15931

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\9424911789D670DD0E9829A5213401347DB089F6
Filesize
12KB

MD5
1b347b146ac184ebdaaec40ba31a35b1

SHA1
c9f4b8e37ce79724a48b2274b9ed2f50f0298fe8

SHA256
f8ebab7934c6875de93c8fc31c0df6970d77c76cef95c977e41e8f592651ebb3

SHA512
9a736a8eaf1c192ce17196b2c6cf5f454caa18f8ec3e6217872bf7043681b1a1316b6a9d2bb33d221380d8de59c962ab148aaa854a3d9a973a6a50e2c0998996

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\946F164FA20F467150411989547992C778BD05DE
Filesize
40KB

MD5
562c5d43e4bdd07d1fe9f0ad2ea4e139

SHA1
9f6a04ac46e1e6056af28c47435a76a1900a98b9

SHA256
eadff63ef60912169e566d2fe37bc763dc9d5f6b05ca2b21ab8a84b139c05e5b

SHA512
cc1a184f076aab53f40e2eb5de06a3bbf89dcf4d16c11e765100e0e06552f8f3b8cd86927a2d21ee0ff189c3cc0408151d8d47c20ad0e591b3ae3225a26738dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\97A272094E3AA41ABA32E391DC15A0F813CD6642
Filesize
14KB

MD5
a10e6c0e279789b36a7664a3458096f6

SHA1
344f713218a68e1355fe7b28041d8fe256594ad5

SHA256
5d58978aeea0b1332fbb0f797b15c1022386011fe43a45897e81b1e3bc3d4c35

SHA512
01296e0a2077357e59c62ed807154c78777bad3c1a36a4da1eddd2ee60430f5634ebc6a63c55f5e1cf0c1e614981b122abb651f1172812d9c3000f462ec568dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\A2AF4AB145FF33E08371F441A276A5B22F6FD84E
Filesize
12KB

MD5
0166ca9247207c7f6743187a9c033e40

SHA1
fdf69a81b6dae2c14e141b372a992ce358bec2eb

SHA256
8156a72df92a70f9b50e09531a3f8ef4080095bca327045e758a1c28a4cac784

SHA512
1f4bdbc38ef71c69a16f7224783189a2a02ef8c8996ba59e86fb8dc0e2ce14ef948ee372a1f836d0645633b7c8afb93707ea8846a49b7b246bf063ef3e41dda5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\ABC2A2A76B53F79CE1C7B68B12D6E053A4770894
Filesize
14KB

MD5
7bf6d628b162ed31d8f7fcc44958fa9e

SHA1
036da8e8b004c49cf92bec205c9777bdc7d99043

SHA256
56b5c58dfca3c33f7c01a1251d24799bd05bf059aaa665988f91ce78d2e57fad

SHA512
128740ac1ca3af13e433c7c8d59ac83ef57d856de67e3168e13b91027632e0db21fe0eb38a9cbf4e244c4294c7312c6a4cee07ac88b563ea7f6538d8c11ff92b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\AE16DF8A4545476CA2C1406B0066369A46E71AE7
Filesize
14KB

MD5
68049f3ebf6e28134188b83f81363b89

SHA1
c7c66b302f2a6a819e576c758e84f4bab341f978

SHA256
45d055555b6d5e53542611c0362bd32582efd40c89e2b24ceb259809c3072b79

SHA512
8740e43a882d4b67f26454fff570dc774e4c5621791897577601c831fe955bac910e5079f463ada5ebaa3041e915e5af41c9caf8e51a370d0891411ba0e091a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\B1CA8FCB59419ECBBF0488196115C31C67869960
Filesize
13KB

MD5
3237ab1c3156c48be5f1a55c32684fc7

SHA1
336bfc06d5398e74477f3870166ebfe4e82aba14

SHA256
6da48f5d956776bedeab1ea6bd11017173336fd130ba2e5879cc6f157fc113cf

SHA512
61231a016608797451cc5aa545974b53b846e64f9e5c3e3dd383be093f9cf3e58ee84658fa78809549416bcb149d9920c2c39126bcad518d87299cee935820de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\B7903FBF2ED51933538655DBC968E69D5DCEEF8B
Filesize
13KB

MD5
78e6bc01ee2afb081559866c654d2b96

SHA1
bcacb8fb24a45f767c53ed5ecbabc21989d01050

SHA256
7f9763e02575f8fffe6ed0e17861cae5e1123cc73dc19cdd95ac6ecd234f7dae

SHA512
e2386ce2db3f9eb210751989feb8730f8cf38c2d085ca2ca9796a034fe5bc82c1d26ee78d75fa102302e18dd0e0349cdbb7f418d4de37dd5d83ff9d819b1d0fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\B826D626FFCAC0E08F0BCACF9227CC3B5567F8F2
Filesize
22KB

MD5
203a5517489050e670cda9592a5a21cc

SHA1
667d9a9442987232bdd7ace43c53926e6a343e27

SHA256
65fa360bca95ab8496e8a3576510d5566f38882f2e5a9cea7f10a8b22ce304c1

SHA512
3b81190d41f271252ba38833d0b41b08bb2f4d8ab95ef1a3dd8d798665fbf8e50e590f3ecac413ea289803f4d49d4caad68149e9e8be1ed781aa5f5677be464f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\BA884A69F9C48CFBC486305ABE07F4057E5F88E2
Filesize
12KB

MD5
e96e400c5b723d3da0694613229cceb7

SHA1
5f6f56e920bc30f7af26df84888514bf90a8dced

SHA256
266216aeb12086efb76a477bbe919db0df2930aed8751cebabe602afe0b08053

SHA512
c7e9ffcee5eea2cf6158bd440786e37a00c2bf5a8bdada75762afccf6cc66eb1e4b7b7a203e7d4330c2af49fe69b28e8430a8b0aa903f38a509f17b39f9d08f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\C200D868446D08616DA9F08E19F7F3610E9A707C
Filesize
28KB

MD5
0c41621d4aff6798b09991c91fb4cb7b

SHA1
51f198b39d4dd520d2fd0c6dcb140f7d9ad6bc38

SHA256
0620853c65f7b897af8e90a4a96ec42ecfbdddb152ae953f08f26de3160f69ed

SHA512
cd17606c12471500d6676819a656444c8d709848a7feb5eb04b14bfebbc63263b01d152aebda1de945abbafe41c8715f8f0ad1da5a1ac82c5d10dc8cebe84f94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\D1C2C20DA1DB12BC9C46E87A814FCD12398783B0
Filesize
14KB

MD5
c686f4e8558ace01dcbd78e2ded591d9

SHA1
8b3fa935fe35d9b56d07bc17cda8a6b141e61f25

SHA256
4cf2b4251c205514c6197ac02c15c79fa17a40565e9df7463d7ced60188a3f2f

SHA512
575a7a7df6485a2f4184a9917ba3dda21fb9d9967b7cf7a9ec75091c0d3af434f868b747033e7f97d8af5f719ac3b910de4d485be20047c50e7356b2bdd208d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\D267CB43EEDB24FD03280AF7B77A5B35BD5DFCD5
Filesize
13KB

MD5
bbf3e8460f98357bd12a426139399387

SHA1
39be67a44230721de93cc738ef5277f3a53eb7a1

SHA256
fed986829c6eb3d4d7f68f0fa7b820825b33a50cf4959095ead00e2e229d5b7d

SHA512
6ffe398ba6599b7960d221b751644ed688e0bc064db27beb46df07ed2c0d8e7cc443c076a14dac6455751d69a220b1504f5691a972bdf5add899c919c3c75e33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\D8E7B8AD682EE4B66805C4F6271501E51297179D
Filesize
14KB

MD5
e395e90bb522f4348932f19e3339410f

SHA1
ffaee4171ddafdfdb989a66732f21132981fd531

SHA256
8923c480d66b3fdc45efc6be62897f087e9d327011918ed9b3775ffd6de500d8

SHA512
5f52e5fcff0e0467e0243d762004d5f1878f38eb28a88d647128d65148bda68e761d391c971c3319f02325067f3590683aa849de907e7dbfc98bcd2c6586c7ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\DAED4FDF25BD80FE694537E71187A42F27491D3F
Filesize
15KB

MD5
3a483a75275a504108c1ecbd63bb7618

SHA1
c763ee2cfc4cbc8542f4d30e96d0e385dbd44b5a

SHA256
4b02d042277509ebec4c760d9a7765b3a43417f25660512c11038750cc2f01a0

SHA512
25f56866eaf3e750439ab2c7fe6fb6bc964f7b0ff918e3e6df4a485499bb45cc39f6dc8ad738fe64bbfed6cf6ab9926c457db02a003b2df25a7ca490abec72a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\E4E6210EC1DA51B53F22BEACDC09736041A4A62C
Filesize
44KB

MD5
b14ba5983db302a0f5fdfa9fa0727e27

SHA1
f530f0c69e61df69c649bc6bd7076ea7d3100639

SHA256
3f342fbd840a49e0dc92d731d96b579b2e8f2dc2cc19f8d68d7439bf4b1e0470

SHA512
5e4ae877a81fa483cf142b8b5f2452f904f6db9c62c4471344a53402978844380dcdca203916e9af393be73bc5ce777fbe02373693dc45980f2c99656c994098

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\E8AAD14998EBB0FEC0E3646CC052938D57767578
Filesize
13KB

MD5
af3176d459da56439c65e7f3ae3a3b96

SHA1
1c030e334bfbac2363f4c694cce7c51d9b66a321

SHA256
80ec5a2230a09e93bf7263338eb122a26b88f77d2a7161561cef3567278e3b8e

SHA512
297e23eea1449b3eb8b3a99fc1c0403b8bfc0f62ce1d3f851b6bf48adf269fe90cc45089d485e0f5a5abed4f7f113842e4078edd2bdb839021a39a081f8d1b8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\ED07F042F4253F704BFC7070ADB92A3EDC4588A0
Filesize
8KB

MD5
96db355bee8c07c0ac5d54ae7e080266

SHA1
8782cec8414b7914e1cd67fffc01f67f5e74030c

SHA256
a837d552bd2e0e8f9f2ce7aa271ad7fbc744174c2154938323d784044ece2b30

SHA512
e6b1ecb7f0962ff83c072e609baca3a49c4f0084fa4d6be53de82b85195a00f89b06b4180cde90fbcc3cabb5fd118319716e08779cb58a7bdaf1fcbbf7a0dea8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\ED780FCE6306EEF769D4E560C7A38E6F56FC2297
Filesize
13KB

MD5
9eb47c917752735c6a22ca855ac7ab5e

SHA1
02c37230ad49badd09da7dbda91e2dbc1477a989

SHA256
e0dfc469bdc5319058d74df19d636bce2ff6b50235b9722f84dcc63c0c28b107

SHA512
0f64bd76eaaaf8ddb6a3d0e0ab5031e44e35271dfd3253d8ded643fae43febbb36f5d06335afdae91f73536fb34295b4e7e51393794fb32de2baa27fd925ae97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\FC19ACAD799AEE94C2ADE09451264E5DEDCB03DF
Filesize
14KB

MD5
ab050bf2db9ee7566d19266c019fc05f

SHA1
c5926786cf33c49c58429333ada2f7d48604474b

SHA256
71818d65b092f22adf03d01c662515d140e7dc56adbcd9d26a6b922c2ffe20b9

SHA512
7568bb57b4256f7d07d55a4f59eccb63466626f8a27076c122b4cd6eb4a4c3a2676d45beb3699ed78345f9ca48726ecd871e3bbe6b92e141117c9a85eeceea34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cache2\entries\FE15886832836BD9C820828A45A17E8850599F80
Filesize
12KB

MD5
5c25095cfc0a813a13e31510941bed3d

SHA1
ddbe9651d1a3ae260fbca10373c5de61e56692f7

SHA256
b40ddec7d39e4f56f63277786be55c316c612cd31a322cdb663049240fbe9948

SHA512
fa0fcac61064ac90fa98a2374c0c6a9bb20cbf641d37203c99ff29149fb13c17bd455b1e678a91aa69ba885d61fd0da3916ba8742f0df6a408b6601f065a5cce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\startupCache\scriptCache-child.bin
Filesize
665KB

MD5
ff1cd0db5c196089298093f5432c4d41

SHA1
a07f46b5e31839f86adb8b6b27b8c8c99063393f

SHA256
87967b75e9e3e81065cbb9c275f3e41c8f2686279673d7ff4871cedf7c52d270

SHA512
d29a25acb78090d3887fb109e82c66548baef00f3f3d4eab697c18cafbdce2d05c1d9e45b6c54b29e7aeb5bd9919250eb842b3eebeca4fec49bd87c5c9b668c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\startupCache\scriptCache.bin
Filesize
6.7MB

MD5
f44163eac2dbd32078ec8aa42c543907

SHA1
f40385e1b25141a0ef3f23f2edd3c43b07bedb3d

SHA256
f5c661f4146b474d2940f645425cfccea47964a55b82302ffcfbbf10fdd63d0f

SHA512
becdb9db853e4a0e0f3bc8e96204f9c5846c010141ec450122fd31ff1c7115762cac25f750da98c81b3158ca7c1b363ea39f9b1a73531fdca223d7a74a309795

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
c5cf103cb93f5c71f0dd7c21adf145ce

SHA1
de93bce304f04840a0793f816bc361690f366a25

SHA256
5175c1b81d4057b739343a71f2802639573b9003d52dab950be00a91744e4a2c

SHA512
588ce528f0af1874a0fe9a5e5b87243e2c25e2417e7c29a58a31673feb4160244613086b06d65b196b67d4a449b4c5991a21252e56fe6018524a3d399ded3f8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tkblmjt0.default-release\thumbnails\ec9084c5b60faa67d9fff68954103740.png
Filesize
18KB

MD5
ab4dfc7879b61168aac19d3ab0bf766f

SHA1
4e644c64c4cb30af7aa8b43b1e3f24ecff06fb7e

SHA256
3288e58bc514aae2a7b40b24393c6fbfd8d737da41bf7d0514a5da922539f841

SHA512
2f5238c5044b79da3cb1eb881dc4d21d5c201c89d90c85f8f4949bd9660141823216d41c27ca2ab9c87b141cd5cb8745e0f01088ffc213c7a8f8883b4f1b6b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\0a0c225f0e5ee941a79f2b7701f1285e4975a2859eb4d025d96d9e366e81abb9.zip
Filesize
32KB

MD5
36f7a0ba7055ad89a76cccb1019ce2d9

SHA1
4e86f8e7a47535a3f417ab9acaea553e0425b950

SHA256
23244f1a10efd5c452432abce1e998c09b8bb5b56afbade932f24c59e9d5bf04

SHA512
d2c35c6d2fc45d177275a2653666c8fa4af2e6d6d52469649e38b5ba07d08599ac9acafdde3cb254b34a749dc32f88ad33eb0de776f9e0236820436f4cdcb020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\TKBLMJ~1.DEF\cert9.db
Filesize
224KB

MD5
b18b9dec215bafd1c64ceddd5fb7d71a

SHA1
41e8089d7070e688c3ee518b9b6d5f109a941e14

SHA256
829619e8a3eaef2de19ca3b83b95da9d70e0344828b4c5a659dc71f5474dd1e6

SHA512
26d1c8c6c0b53e1ead710eed8a9feabe61dd447a4480f02464edd5e4021819c80f852a0bd05b047bc0ef4eccb36aaa86f96ca369a65729cbf78a38154990e6d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\addonStartup.json.lz4
Filesize
1KB

MD5
bc4bd0071af0574fe57b6756f0b26071

SHA1
dfc6af6b87b58391f67679a24c28495503f9e75d

SHA256
2f0cb964330decccb1375985d126d6cd2fec171e344cdd6e21026fa9459d8ad3

SHA512
9cd3f9140a3beca18114253556281c48e0a2401d8e7bb01b518a0615caf6a1f4a8cece627c00caaf9cb3f7cf3a57a224ec5233682b5b3f8e933619b85488551d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\broadcast-listeners.json
Filesize
216B

MD5
4721bf73f2ab098ef32f4ccfed981ac7

SHA1
9eb77f78dd5c5ffec93aefaf98c3b810307babf4

SHA256
d677f72852efdf77924b6be091224b1c42672d1853465e0fc3323d83be0164c7

SHA512
2c9307870cf11e9ff328dc50a48d048254869fc42226db7c39eae5e920aed4e64aa8a175cf9bb345f2564dbe87c7303a8fdc3689f20d3cc51d3831e66937acfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\cookies.sqlite-wal
Filesize
128KB

MD5
e66b59d22ed5e6976fb06a09298169a1

SHA1
6233aef419be93db5029cb563e844158ae71f648

SHA256
0b1b8e151a2f25b9d45f7d97e0212d0af9409fd730c9cec02917b0b99baaa768

SHA512
98d86d5f522100251b8fd7a510c8813c2a8b08ef749732456b94638010d3652fe502a7a60765da23fc41d6ebc40712953d0eaecf0e0b4453a8dd4bc564bae448

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\extensions.json
Filesize
38KB

MD5
56baf99a76945d48db911ba3fc3ecec9

SHA1
6287cd3e6b54917557cf07d8f6852eabe3088d69

SHA256
4cb0e4e5dfae4b0e65ce5a6a89fd121b8b0e1127fce37f8e48566aac0f1e6dd4

SHA512
aa14befda63393c7d7f64299cd9a598b85f7a3ac6b484af408aa9bc73eba8b3f48b66dc151584380cb0d2311c0d222121fe5b73d6c34c19111dca7d381b3ea28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\favicons.sqlite-wal
Filesize
576KB

MD5
a744f6b1a124936df604515fb692bce3

SHA1
3f5dc87bc406b45788f2653ae2a96fb0d59d1172

SHA256
c511749c83013f3bc46d660ffa7c0803ffe8c707b8bbf85bbaa0d8a399ba9ddb

SHA512
f413179b61a458a72e7dc65686d9a10f283be9daa0a6a97dc66b07b2784294dbde021b9e4df296919565d3e0ec547732d89a76ff31e19559b80585b768b105d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\gmp-widevinecdm\4.10.1582.2\manifest.json
Filesize
373B

MD5
69236425227c0bd3e5c21034285822e8

SHA1
2dd63dd2c47e00a536fade01d3a7cea26c2305ec

SHA256
e328dfab8c729a9398506cc3e29fcc0342f72298d54f476f33c9b352e84c10b7

SHA512
738b0bbbfa01b2fe8b987026860c22f3593d19d605a76683161cc5c18237440344dce0c16ba07b80953ab03885f06efa2d96a334461ee7acda76506df6a22ae9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\permissions.sqlite
Filesize
96KB

MD5
26798fc20156e52377e576ed1e3a0013

SHA1
e870000f7ded8f28f68b9fe762688976d20ea184

SHA256
4285addadc31e286bf9ac2e2813cdd04d90cd52e7c9f315d6afb0c1a2a42d94f

SHA512
bf938b12bfe762b14db9600dfe6f4d427ffafd786a3f9be66ee15eabb98aed6f81ef89c091de29372e4755a88e87d44d72e169ddcc0b1381e4b4c3e9f529af12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\places.sqlite
Filesize
5.0MB

MD5
1cb6024763ddd637d2f351482432430c

SHA1
0ecc545575cb3ae95dca4e7cd9dd7836a760c14b

SHA256
927847c390da24783d229f2432badddd3557cb13327b6f7d91863db2af0d6f54

SHA512
95cccc90cbed72dc706b96cbe2fc322cbe95f0f6cd4251cee09b6854eb02803cd4f078bf0a0157283b23959df8a3002f5b0aed6221073cc23e86a7db6d37fd58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\places.sqlite-wal
Filesize
2.2MB

MD5
22ed5f369dc3bbd49d5620de3d1d273f

SHA1
0e2ec61a2e5ee3db1b049c5ff2bc8d521a2de7f2

SHA256
24a944faecda416be2e6d4463dfd958c320776b6f731c28aa03bfbd85a9b7f97

SHA512
bd2edc83203c2232c6157d9494883f59d65457666606b860d69b44d0d381a85a53f399e73fbec119d1986de7c04d1ea03b838e5207957f301d72b981713cf254

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\prefs.js
Filesize
8KB

MD5
f4d5eb1e31c7a3da3bcd6e3b30a0edbb

SHA1
93e88984b5371e9cc672613f26eafb010472aa98

SHA256
a4f3f5d097c8d060dfad35b1661efe40811dd4aa40859b01b844a19cfd9703d7

SHA512
3f9799f5e817681f85c7fd1d2cab0ecfe7f3f8aa24b232210a51adefc9744446781ac5ac7045f31be56e01926fb047986e9cca27064b1b86624f42bf82b206b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\protections.sqlite
Filesize
64KB

MD5
6c050eb6d13675bfeab8bc7f09fd274a

SHA1
4d14b0ef1884a6b5c0b6860da3ebb8a83b398df7

SHA256
b6e55a1dfda381c4356952acb8aebc56c09191e4013ecc4980a847feb511f76e

SHA512
b52f418e3247d42cd7274163d1968630657d66380bd243ba8ca5077853949c75aed7a5af8a9425765aa0da501f42d713420f8434a42a3c391cac999144df5e0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\search.json.mozlz4
Filesize
2KB

MD5
8190b2d355b38764ed350007cf01db6d

SHA1
46863757e0ec7a9efd354687e63ca1b21e2636f3

SHA256
551323e899d7cc23aece218399f85d915544272e2491d58c239062593482c057

SHA512
088de3dd97538d50a7df4d86bddfe3cd31d5e8d2ad73f439534476d2d80b6949f1eaf79b25b45037ca53366043d7c4fa6326a198b9769192b3b52a05fc37e61a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\security_state\data.safe.bin
Filesize
613KB

MD5
6a5d0a54e218ee80f62f4997ac346fc6

SHA1
0e98f92d78350e1bfa4f7b03a4be0123ab316f63

SHA256
36c34cda5a74b194e976a6fcf5d7681d7b34a51160d25cc5fbfaff5a52e75d03

SHA512
c754818fa2872eb7e83ed65dab7bb37ec6a63cdd58d2c6618bdfd84f6cb3737c901c0a796b6f182f1ec941f9ea2b6a20bad50409596c816b78601679dbf8b856

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
01183fd2aaa2b9674453ef9dd4d7a5d8

SHA1
b35de86885c165a3d7ae596283d9cfc25ce48a7d

SHA256
b1dfc29ce29544dd5566e06431c17febf10680470afbcc394963732936715c24

SHA512
8146cd3569ca8da52c63125d5127998bb77089a9240c6c0f998d5435325842dd7ae9adfaff753f12203627c71b38c8adf0b79e74e3a5684c1562bd351b93cd40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite
Filesize
48KB

MD5
a0edcfa83f99220d9782b4a5d926a38d

SHA1
7f91f9a6517e9f8effe43390ba2e86c1c9bb9e06

SHA256
aaf948898785ae815d4016bb1381ad9ff6b8ee0b72216a65a41d31532c62f081

SHA512
13128c038e93cecb38680d684c6ed41f35b90146e1f3f204c0bd79210019c182c86480889cc9367e28660bd081b0592e1ed4515ee513100fa9a79498759ca7ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
13.0MB

MD5
45f4f9af423758816a29388cf709f43b

SHA1
7dad61c29e125b40f882139e9556bae873aceee6

SHA256
1c971723767861078479755293e9793dcd8d9a674ba993a8b0eea6290084e31f

SHA512
428c44088febf33a9c9edb4804af877575f491e7227b50accaebd7dd2f0b911420b1eebe4376bd7cd6f06a8ef5406a8dcfbe4cb49e5ee6a4b82fb2245ec35f9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\webappsstore.sqlite-wal
Filesize
64KB

MD5
49f5e9b479ddf6141c9fa70e66bbd405

SHA1
9bd4c35aad36cea3ab0369a9e1ebc3f32b7fc9c5

SHA256
1cf3e36e14e5c813a600d0c6756db1c4995ee9fbb5c4ea735a5d6e26edb341e5

SHA512
15cd7a34df9dd2f96a13aeec882c0dc8429e4a3fe5a8fbdfe400cc44620675728434affc3b47a2ecd8cc65a4f5488f11903e5b5afa398c1374934dbe49f3a663

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tkblmjt0.default-release\xulstore.json
Filesize
342B

MD5
344796623e6a48d1a9f722c65dbe9d68

SHA1
ff4801b05ffe61f76f83a460383ccef753c03a50

SHA256
21e4498dd5a2de628ee272a08edfc7c9337ec33a6bca85f1dcb4fd38bc1ed87e

SHA512
ca6da5fccd66a0469d0aa34a8b986a2e5f0ba3ce060803f0be6367467ee023416f0d96faa1c656f11542fca265fee9399a782cefa1c1d63efa4c69b705cce089

Download Submit
C:\Users\Admin\Desktop\README.76ec830a.TXT
Filesize
3KB

MD5
164aa420be8e0c2bcdef574355edaa32

SHA1
4336eaafedfc18a27cdf42bffad63b5a54ea8231

SHA256
b326d11dd90c2e4efb0a384981f71c2bd1a6faa0553d6389acb08945b699f73d

SHA512
fd1437bc4f45e3f4b5c3d0e7fca9383f45edceb5c8cb603d0b8ee98350a5f2468c2aabdb66f16bdee0bac49afefa4300a093a54ee43b1ff28a541ae612e34d9d

Download Submit
memory/1248-196-0x0000000000000000-mapping.dmp

Download
memory/4528-133-0x0000000000000000-mapping.dmp

Download
memory/4916-132-0x0000000000000000-mapping.dmp

Download