kinsing | e447e0961b21df259aca7cd8fe13f1be657253d93e6141e4a576cc7caffa7f91

Resubmissions

25-01-2024 17:36

240125-v6qx5acgam 10

25-01-2024 17:32

240125-v4er3scfbn 10

Analysis

max time kernel
149s
max time network
158s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
25-01-2024 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_0108.png
Size

730KB
MD5

1568b9bdb6af8eea42f17f0d4b2631ab
SHA1

5bd8dbbd270eaecb9b0640183245f06e136ca607
SHA256

e447e0961b21df259aca7cd8fe13f1be657253d93e6141e4a576cc7caffa7f91
SHA512

aca20ce4a9977b6be2d23ef6ddfc357932dfbde407a646e23b5752282acaece2aafdcaeb59096efed86d147580248e96cf56166ad69c683d2927438a5b949530
SSDEEP

12288:clTGK+ppSeG5PM87pR9O6kdW7CP06focXHGozQZwn40oBXyH+OT3zRNNrMR+/r26:YnipSeEpvYwmP06TJYiHHlRjK+z208Ab

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Super Mario World (USA).zip:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1968775928-2924269989-3510977013-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Super Mario World (USA).zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

firefox.exe7zG.exe

description	pid	process
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeRestorePrivilege	7896	7zG.exe
Token: 35	7896	7zG.exe
Token: SeSecurityPrivilege	7896	7zG.exe
Token: SeSecurityPrivilege	7896	7zG.exe

Suspicious use of FindShellTrayWindow 18 IoCs

Processes:

firefox.exe7zG.exe

pid	process
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
7896	7zG.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

firefox.exe

pid	process
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

firefox.exe

pid	process
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 2804 wrote to memory of 4832	2804	firefox.exe	firefox.exe
PID 4832 wrote to memory of 4364	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 4364	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2660	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2952	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2952	4832	firefox.exe	firefox.exe
PID 4832 wrote to memory of 2952	4832	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_0108.png
1⤵
PID:4064

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.0.1420555161\1375409313" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed080146-2444-4e2a-bf83-4ef91c83db7a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 1768 227e02d9858 gpu
3⤵
PID:4364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.1.684497014\1359171506" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0773b484-de1a-468c-a2f4-c64636326095} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 2120 227ce072e58 socket
3⤵
PID:2660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.2.1047030291\1801283692" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {615e9c48-998d-442b-b4c6-0cbb73523cf5} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 2892 227e449d858 tab
3⤵
PID:2952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.3.1796012923\738015147" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce62d3a4-d83d-4f6a-b87e-6acb378c2482} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 3476 227ce061358 tab
3⤵
PID:2620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.4.894560266\665178456" -childID 3 -isForBrowser -prefsHandle 4404 -prefMapHandle 4400 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9650c448-4337-4884-bf21-709cff547b7e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4208 227e5484a58 tab
3⤵
PID:1436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.5.408949713\1674652996" -childID 4 -isForBrowser -prefsHandle 4852 -prefMapHandle 1568 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86acc784-9fbb-4aa0-aa2a-eb5c702ee8ea} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4928 227ce030858 tab
3⤵
PID:2872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.7.1753630925\1123480146" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bba22cb-3855-4ada-9cc8-0d497485879a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 5052 227e7047e58 tab
3⤵
PID:4184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.6.252715677\347377469" -childID 5 -isForBrowser -prefsHandle 5144 -prefMapHandle 5252 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53a3259-3211-48a1-bf0c-809eefd0bf13} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4988 227e198fd58 tab
3⤵
PID:8

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.8.1087187428\699562590" -childID 7 -isForBrowser -prefsHandle 5676 -prefMapHandle 5680 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b03cb9d-6d2d-40f9-b4e0-57537251c6c1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 5644 227e6705958 tab
3⤵
PID:3708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.9.129772820\955512374" -childID 8 -isForBrowser -prefsHandle 3484 -prefMapHandle 3488 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b752f1b-267a-4da9-a6f4-f24691fe3ff7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4592 227e6705358 tab
3⤵
PID:2512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.10.2026289155\1853985726" -childID 9 -isForBrowser -prefsHandle 5848 -prefMapHandle 5864 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be44e7c5-340b-4250-b428-aa592ac707b7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 3924 227e9141858 tab
3⤵
PID:5076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.12.1517621546\1315751690" -childID 11 -isForBrowser -prefsHandle 8588 -prefMapHandle 8584 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f1faef-5011-4119-9000-a742786a7778} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8600 227ec0bc558 tab
3⤵
PID:5144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.11.21373375\295944254" -childID 10 -isForBrowser -prefsHandle 8964 -prefMapHandle 8972 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ede9be4-16d4-42d4-8192-3d5167ec6584} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8956 227ebfd9f58 tab
3⤵
PID:5136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.13.1962836066\1723716793" -childID 12 -isForBrowser -prefsHandle 8352 -prefMapHandle 8348 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1f0644f-7904-4be5-acce-9e436ec33ce4} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8228 227e80c3558 tab
3⤵
PID:5792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.14.403472975\1127341379" -childID 13 -isForBrowser -prefsHandle 8088 -prefMapHandle 8084 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aeb2aa9-99fb-4cb1-b719-262b255d0d1e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 8096 227e80c4d58 tab
3⤵
PID:5800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.15.685933177\2145323504" -childID 14 -isForBrowser -prefsHandle 7892 -prefMapHandle 8232 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d0c920c-dfc8-4bec-a4c5-c0fc70a309cf} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7792 227e9a97358 tab
3⤵
PID:5600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.16.1480863399\94561671" -childID 15 -isForBrowser -prefsHandle 7872 -prefMapHandle 8988 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11729a94-ee2a-4396-a6e1-8485f771a59a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7688 227ec4b3358 tab
3⤵
PID:5256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.17.1567461268\2111976583" -childID 16 -isForBrowser -prefsHandle 7476 -prefMapHandle 7668 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {328e2c78-ccec-41e0-982a-8e54fcb981a0} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7780 227ecb87758 tab
3⤵
PID:5680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.18.507360602\1723986064" -childID 17 -isForBrowser -prefsHandle 7492 -prefMapHandle 7496 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {618b09b6-29dc-4612-a94e-cb41f69d6d8c} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7504 227ecb87a58 tab
3⤵
PID:5748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.19.1094568323\465006023" -childID 18 -isForBrowser -prefsHandle 4544 -prefMapHandle 4640 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50af2458-460f-4443-882a-30a2d6c33bd9} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4620 227e5485c58 tab
3⤵
PID:5864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.22.2049389732\1211992204" -childID 21 -isForBrowser -prefsHandle 9928 -prefMapHandle 9932 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd705058-e351-4b6b-b488-9e58daae5e93} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 6672 227e94e6e58 tab
3⤵
PID:6580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.21.621178399\1085123611" -childID 20 -isForBrowser -prefsHandle 9940 -prefMapHandle 9944 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac0e2f21-6971-4752-b22b-a1c36275a632} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 9920 227e6793958 tab
3⤵
PID:6568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.20.22804776\1716388299" -childID 19 -isForBrowser -prefsHandle 9952 -prefMapHandle 9956 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8591cc42-c180-43c3-bc40-ac9a0e889d14} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 6784 227e6793358 tab
3⤵
PID:6560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.23.614010361\711770803" -childID 22 -isForBrowser -prefsHandle 6856 -prefMapHandle 6852 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b9bb15-822c-4977-89de-4f1b09dccf11} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 7460 227e9761958 tab
3⤵
PID:6980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.24.80995467\1450905451" -childID 23 -isForBrowser -prefsHandle 10456 -prefMapHandle 10460 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6316ba9b-018d-4784-9cd3-49837c7b60dd} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 10444 227ea7f0458 tab
3⤵
PID:6464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.25.1001418116\1158196893" -childID 24 -isForBrowser -prefsHandle 8300 -prefMapHandle 10532 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e796d4c8-12bd-4695-8071-5b0400834bea} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 10684 227e9788258 tab
3⤵
PID:3480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.26.611753165\466290413" -parentBuildID 20221007134813 -prefsHandle 10800 -prefMapHandle 10812 -prefsLen 26808 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8838c7e0-8b88-4c14-9c66-d33f83350ed2} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 10872 227e9917058 rdd
3⤵
PID:6624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4832.27.1548715643\1264591746" -childID 25 -isForBrowser -prefsHandle 4828 -prefMapHandle 11008 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {893b6644-2ac8-4b17-ada8-56b76c1fbca5} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" 4832 227e60c8558 tab
3⤵
PID:5040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7524

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Super Mario World (USA)\" -ad -an -ai#7zMap6685:108:7zEvent391
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\1342

Filesize
21KB

MD5
a18ccd14cdef3a98eed5c087f3e3c629

SHA1
ae9d85b272e506180f81eb182e0c31edbc0dc0ab

SHA256
9e4e8ff23b7791593076c1ccb81f2ad00d3a644a38d54d1ae12b03adaf3850fd

SHA512
2759b9a043c2507f7ffb098ea491d870801013d036a0c5a6184ec5a27722ba8b04f8bfb0439c96b8f4e9ce56c8e3618b8bde9ff02d712b49c949d6140bffb7a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\13932

Filesize
10KB

MD5
06bc85aa0b9af3b767b3a1d1131f1458

SHA1
8940fa9bb70c4357f2ced189bd97fb906439f984

SHA256
f5997dbf76354bbff903ec49c4ab3a308f678dd30f85f0dcca415d36a4a2c5c0

SHA512
d984383bdaa575da66c640bd739b5483785c5a31de2a73b4d5be0043ebd59165ff3d6b4cf8825465b9d275deb6da6fc4ea85bacca5f40185ef4adbf96f36e930

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\19538

Filesize
9KB

MD5
49f225094cd7c6b4b2603b4d3794e5dd

SHA1
ebb060a703c858394f9732d0f70f4d2d2210332b

SHA256
50a44d9d2529a178fde37e6a808bf2066e9ce3cd3b72f6135e363b342857d630

SHA512
163b68dba20a2485b0380e8bd8241cd2cd08f925de7475370d35d3e0261563b4115914030c4d8a8eee418d7ddb4d4dbd2fc40737dc9a0c41bbb762937ee3a5cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\20351

Filesize
7KB

MD5
ae7a09f1547b382ea2203379521f3c26

SHA1
4e671537fb17fcd2c0c77a7b4753d24878a7bb59

SHA256
86243058430e741ea3c574d1203dde6a07870e621a610a57654feb212034e8fd

SHA512
684be1a9addaf8e514597bb3b89c48cb1060a456f96e65d01af3a9d2f4e5c0b8c14995dcd89d6c4b2056e172c867dccf0a09b2bacc6ffebcc38558643eefdb37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\29512

Filesize
18KB

MD5
44aaa5e42c7df7bb79e7b8bb9593dec2

SHA1
6fcc03a19a38a907c8354756639f508a9b50fdfe

SHA256
a684f2083a448f2221d89985d38f088f46638e574a7f3f51f0f6900b0021aee6

SHA512
d3a579bd3558b835147cb8811c1c48dadd7dc161fe9f81c669c9a6ff2e6d41605480f42908452c5a65db59e58e4294b9768e4b3df5361d33e7a14e06253b291d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\31431

Filesize
9KB

MD5
82fe3542c61ca4918fdba8a1cfce11d1

SHA1
459c5a75bd16c183d0f79ee99612e2c57616b0a3

SHA256
a25838228be34b332fb43eaf2b1f91fcd4eb50088dc99160635123491b4b35f4

SHA512
950582345623e20a042abe6e8acdb41d27c665dfd3c2732bb13f4d36f5ff5607920a40d219eb39f500e81c3358e901bfa438f63b5f1ac1e03384b2fd68c3e077

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\32029

Filesize
10KB

MD5
12ba171e38313aee859d3240c9c64308

SHA1
f0ef12dc9903a04fa212d700cfaf4cd4fef511ac

SHA256
69ba9d86de1772356e6bfd72c42413f7f1047624aaa1d3c9a2416bbd4573a5f5

SHA512
08321043474809afc51e0ca3858808a2aac8b2e1a4023568fe3a94a6777362ce86718ecadd3397bd26fb79dca422ec184bbe7973a4fa7e458ad629e9bf286076

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\416

Filesize
8KB

MD5
7376e9705ffb1d46d4dc6a3b85b07ad7

SHA1
30c224d7ed6260cab7798b7390c06578000800ef

SHA256
eed7dd31eb085cc3eb9aec5350173fa863f8429bc13cfe6b2e18d63b36643f37

SHA512
72dedaf96437125e26a2b991452271cc215ab148daac762d19c86fe38d3fb0f3b6db65d38dffc1f8e091b3af2d0a895b2eb0e5bda1b1cbaa0aa670cf9dcc7e8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\doomed\6925

Filesize
14KB

MD5
f182f81641b8fdf9f0ac2ce41c7c4ce8

SHA1
bd85bce2c8c176735160b47df88e762dacdfd156

SHA256
3b30cf1c23842da31d3e99a5c990541de86042f139fe0470889dcb8e0a5bf875

SHA512
bc38cee84f0ff88ed62c5403f1886e69c6e346aa828e13c609824cdfc9eca8598cee8c840dd752fbd804a96307d0b040f0519c803ddf8b7bf59cd0688f52cca6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\116A5C2C96BF587414190822443A52D3F20F6627

Filesize
15KB

MD5
9fc8c09af6b9a2918343baea37d68caa

SHA1
d0cac3b3f8d9aaa6d0f7d5ef67684f41cb24519f

SHA256
f2e1646318d9f1ea96ce658fb8cba58e4a8720a86dec2d62ee7ac24fd3531adf

SHA512
aa8d4d6392a06a763fd88b930ee764769cdace70bbe6897214fb8b7721509fcc901621da35b74a99ec1daf3168e186ed72e79d12f5d5f08c314f16f9b5abdf0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\5E88AFBE8E57325558C76A8F3BCC3BA267E4918D

Filesize
31KB

MD5
76659a59a0e4bcef857cd2e12f4aa97d

SHA1
63c9527dcd5b7d20b3bc20be8ad0b68ae0f6e2f9

SHA256
40252b8bc988417bca194eb9b0bd96b253515827d392533f7d62975328a34e85

SHA512
a793e3b9331f857b42fafff847ec4c03a31ce9fa78f84fc8ecf8da448bae089bfb877af5b18a360496a2a9e4d48c983a6703af540dd92db73ab8129a6ceaddf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\AC4E0A824F7B1ED413F5044557255B73EF3734F0

Filesize
17KB

MD5
51b776e1ef68b169850e8d5554b2d156

SHA1
570f1461cb8b9218bd8aaa31cbce4cbd2d057255

SHA256
ff6744b53e7260ea3594cc1e8e0bc1a93b8ba5e8f6ce6310c2237ddb0cf47fec

SHA512
5323997de8747fd504fbef73ca4ec9374e56710991b78c9f4306669b08345b48efdd9a029d78a05dfc94115a4c8706e65d28b2f1e8a016d8e5acf0eb5795ffd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\BB5A6FC901CB7AD61E649C81521B5703793A0B27

Filesize
1.2MB

MD5
c6c66bb241c2d677e63046acfa234719

SHA1
ec4aba30256da79326c8bfa1cf95ccaa595b891d

SHA256
c671db10b99d7657a4dacf812d991c87e128263d80d239dbee75d4a89400da5c

SHA512
435b70e83b5f166d5d73def6f139d9f429a4a3387d9240a719a881673832963da075372af46f7395f012687179d34c68c561bb74b7f08c59cf453cee9a1d8b54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\C52B86A7B94418A82D04AC02036B80E0ED50B188

Filesize
74KB

MD5
822c2fcecbe634608709c1dcdd81beae

SHA1
aef75ff0dc64e9cdaa7e04e478b8f6b6d84462e0

SHA256
73519f1b74ae5ce1b89ac63db8f885d594e175c913ca4402a5357aab7d469992

SHA512
66f19af389914143a8ada4d951876abe3b50ae7b80e23eebc21ccc1a3f64ab0b2162fe8370fa778d8d90a26c24ef593f9d1ef38ac5b34e5cae359b814ae33bbc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\C9A12159F4226625BD68013D28E47D25D6D505FF

Filesize
104KB

MD5
b18a846766034d15ef1bd65883961e7a

SHA1
45e6713d41eaf213f0adb1133e53880e369a8973

SHA256
1407d84477df8ed0e244083cb05e784446f4f4df6c87528ac576a3c697849ffe

SHA512
bf1ab85dc95f803055c83cbffbd2c549948c02b5134ee3edef0cb8f53916820fcb34ae86c42cde062b41f955360a90cdd0bf623170a4463fbfd0841fafc7a4d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\D2DBA74E4539E99428C57D12B8AA19468050F3C5

Filesize
29KB

MD5
79ed6762c1a5154295f20440b17497ed

SHA1
dccda2f5b08bbb0e52bf61cc4fcc58740c312e79

SHA256
5c355f43e57e9f38cd55ba4b19be60eb8335b994e8071045e43f41e00a0814bd

SHA512
08c895738077b49bbfc8428a15c6b4e0594cf49924b7447f60f698b12afb6dae4acbbc03252c102f01232e3f9ceb8f3a049c9fc5f6561205a8fb8cae3d252468

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\FC8E3EA94B7EE06D8CFEB6BA6CAA286851BC76AF

Filesize
18KB

MD5
ebbed0699c7cf2d6de379d805bbbed1f

SHA1
ccaa1b74cbaefaeb546266e6f5c73f09ab181c70

SHA256
2326ab025eb4bef2c978be4fb206a7af1a90b973bc0bf842b8bd6826694c9eb8

SHA512
a6bdf4da45d2a1b8a335c7632a049851c4074d929471ba36e28b58a05ee381097008d120dbe3ee6db8233647b957cb535d30c5f6ec324db477177a1592b45a5f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\45vkl36a.default-release\cache2\entries\FE082F3ABBE25F1130D92FA542747C67C278C85B

Filesize
24KB

MD5
74388680ff211f69cd3afe4187accce5

SHA1
ddec2b7b8a6f92ce976c1c80dd9268ecdc310e01

SHA256
0f2496d0b31c68c5c4b1dc0db72438905830e53b61c14a0cfb68becff1d32a1c

SHA512
149f6140d7cf87f980bd6e6d368e0f99fa1df8dfca0955326b9343d2b424e61d0501ebd10bd7b806b43952e7fa0dba22e657a6e00180854e3a5bdf2f88084b62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4d90608267faf4b2e92e989c647be9c6

SHA1
7beaecf806e7f607363378b05cc794b5d88c1504

SHA256
4c9d16a483fe37a2b712f550425f8276dce522585c21c485cfdbd44654823098

SHA512
f2b942b3f9aa3807176643aa436334a7e7a6015db4a77c0bd78d48e8e8e094c36106e872c49686f3687f182d8de1380dc73b31f92ffcab2e3e52d72d53d00bad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\pending_pings\93eba3f2-cac0-447a-a692-f2c5ca06a92c

Filesize
11KB

MD5
080cdc3dfef5c411b12150c7b8a7c098

SHA1
4220b1a9441a5de2b82b1f373ae62ac1e2bb3d0e

SHA256
77cef4447f343d99a774def56b4ac3a05beec0bb275237ebd6ed6272223c19e2

SHA512
68fa66c7321a7cd33d858022351a419d74148d46887c5a3eb164f0343bf13aa80b1a0e423ab84c496bea94e344800d82190b2bfff40431c6bf8cfc8859971091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\datareporting\glean\pending_pings\a68fe306-6629-4bcc-9d32-61b3af736ae1

Filesize
746B

MD5
f928c3892628cc6ffc2e977e8ae986ca

SHA1
58531fdf3c44a27eb354f3a4a701e608cff23adb

SHA256
5fd52e985ddeaac5e73a034ffa2d97621c60a99ff76e38c06d3e244ee079fef8

SHA512
fd5a9307a7de1a61789d08a93df07662bb87e3e983b5ca929ea939689ee65f8b2717ab290aece36139b2f1d6e8c51351fcdadb406274afc4e4f8fedcbba395e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js

Filesize
6KB

MD5
b29cf8b66fac2803cc6227689f8a27d8

SHA1
442054168a66d88903fd06a71ae9f0daabb0f206

SHA256
9b1b43e873e20e7ad9b53ed467506c1f099ecc96f34d6c60944b6a10dd206576

SHA512
63831730812fbe8743b2f084e396595742fe8a992ff6cc1562c67a9d3fa7715fb29df1d9f16d71ac6c63c9c5fb8005cc208023fde4836809ac9f3c7fc3a2b332

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js

Filesize
6KB

MD5
4c5814f428d2a048a330a24340c753ca

SHA1
5ea4a5431e5a9c072073bb59e25a96e95a5c378b

SHA256
fe1b8f66409c1bfad7eed6f89b35cd7709ba654eee55b6781c175fbd1e619835

SHA512
e2d6582ce99b045c31a69763751ece34bab4c09bd25abf59c3abe3a5e6666ee3ee7cc121b8014bcfbb81465cfd04c5acf2f7f59611cd9ffc7cc1da7295063e30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\prefs-1.js

Filesize
6KB

MD5
9d836fe2750ae7e91337d63f086b86a0

SHA1
cd3011ef0e5dfd45793cec532fa1270a4f22a1db

SHA256
70030be4c6c19b2c52691a66f503d2c042af4de4550f8b98b098ddf803ec7994

SHA512
05dbbaa8c53d4e9c20383a48a8e89df7eb9da5e387ade77599960e4b51dc4a16e6639039c7170151294d86849f624904561572edfcaf922da729466e24dd8413

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
72e69ec12776f7da33280941863cc498

SHA1
dcc6e749891186dfc293d9a4ed84d9df2ffd4f00

SHA256
3d201345dfa02839c04cdd7d70f972065930e498dac457196792e16891e1c783

SHA512
337ee561f52d9f02a3187aca4e22b2da1949a74dd3988bf374206f6ea9c4a1218966591dea4b6de023e57a92fa59b5a543778cf19d7ec50cf7ba3c297d847954

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
833dffb49d409bf890c9fe8d19a8f103

SHA1
9e7c4067e1828c0530225f349af379805271bdeb

SHA256
39c30f1fe33b215a0120501d4716719b8dd6ded7dab74630a2e09bde748a74c6

SHA512
5346bd9161f24d26e4f4a23926c2c356f3f6c4c511fd20e98db08f91ddfcb30b22327901f509164bbe5e46f314c98c279108471884dc668a011f683982a481b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b5a22f7fdd1c32cef73dc454367a02f3

SHA1
e1a9b1a9b233e0f48c791759608dee5d8d554155

SHA256
07ff284906b3091be072307dd82b6aa7883ed59d15e41a790f497260080c713a

SHA512
abea4de9bba0cf3be17c11035d67aef68f074df4311b21add475a0744a3e26d7d93a603e8b8da4a3e81578ca517b3240f1f9812c2cbf81f7024b4ebed8d0102c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
c095657108dce64262609ab9c1299ceb

SHA1
1b11eb2dde1ed74bca7a6d65992e5a66f8d83fbc

SHA256
b01c684c91089ddecc56998bd6d91926519a881eb5d5a8379a9ac2bb55ce67a2

SHA512
d2929ac33d266f682a7b790900f48d3b7e9e21d6f1e660960dd6fafafe47c03046eb02ace48adb1f1da751bb69608301c69cfde738dbce94b00b9ee4cc6be5ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
34603ff957e680a858b1659e881e7174

SHA1
c5b588865842af68eaea4a9ff14184fd7023da3a

SHA256
5b53f736ea576724489cd64fd21d86d26b708bc8ab733f8c975223972e824839

SHA512
48f000ffe35eb15039ef665be42df028a454d5d451db55be772a195749ab7e3688ecae1a23420fd4df11f69e9301ae935ae6dfd6732de570e920947b5051c285

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b962803d8ce45849f6c8d0b0e28532bc

SHA1
af9aa0cbd85178e42d7a63af535922f54b58e4c8

SHA256
90936c152c17f00171712a7a13ec5a5143dbac32250388011beeee60f27d2995

SHA512
530102c95533d40db0e51019f5271123d35254508a1e68894723b699614b8d00f5242a8c9980569a702896473d3a3c9f7307e6f28db1253eb384ebe0693f4860

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9d616ea84c8a5b31ca27061de9fd024b

SHA1
f679825c898e1351692f06444fd2c0e39655f106

SHA256
8f8a05dbaa924c4f16d87d916b0a8501474fcd9096157144b1e3fd51c770694d

SHA512
125240a60f36f70538a9676ef7bfacc1c295f79277c23be780f1f03959c49ea2332e11a4ddded89064177136f9d9e3a8c9b766637c5e3292531682bc78f3a3c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
29KB

MD5
4735ea6f9b79cbcdd810f3eb88e90e38

SHA1
e92ef7d849ebe98471ce02c0813c395e59a7043a

SHA256
ebb0b0bfa645d887ed871e32067dead64e123cce29ccf724d152670a62c7a8af

SHA512
a7e04f3ab48434d059cd0c073f30f05cf54de0be56761d7eb61f375c9eea6cabaf26decbad93b2c6e866521b08b4d4d477b4d4c779451285d80d153cbff7d0dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cretroarch.com%29\idb\2232182701SeesravbiacteaWDosrgk.sqlite

Filesize
48KB

MD5
b3a4f450a642efc8c97d617828dcd890

SHA1
e75795ce3d31afee763e26715d19cb1c4e06ca78

SHA256
030a0f119b3a36a31e58e5218a3232b58112f674ec3c3892d2a7ed6edb26d8df

SHA512
6e10278bb7f3cb0c8f7e4cd1938d1ac5c0aa7c02754de9b6be7535913fc6cbe18b520f720f3751e8fd1927107f36890b851d3cf2459ca8b7ab2425738e92bdb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\45vkl36a.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
16fd0b758b4a0a47ff93df8ddde3ac75

SHA1
eb1ece5efe6519992ceb826ac2b74ab33234cb1e

SHA256
df190394b93b692df76a77124cc1cd8fdea37465a20006f9e79531ca3a349ff2

SHA512
f9c777765df4f29d054bec4acbb1c7060f1d5a46522e2cddea2a1116317d0cb997f6d6a64f39a78e1a25d7f4d4f1262c6df5231f6ca41e4617937992d7f3b8f4

Download Submit
C:\Users\Admin\Downloads\Super Mario World (USA).CtRJMvgv.zip.part

Filesize
252KB

MD5
04e89f84b4e0e17b7c869d36b6f70c12

SHA1
8168412bb3931c9bd72503510ee526ad1a6d1759

SHA256
d97bb14668c6c667b335540ce87e0a995000a1305c907b259faad484e71273e8

SHA512
6cf668bda694ecbaf7c04c49cec6119e7eadde6d45f3083b4e189c4ab736d718a36d0d7faf082b07f33f91df12499d5804a426b0494c480b3739a7538235d194

Download Submit
C:\Users\Admin\Downloads\Super Mario World (USA).zip

Filesize
329KB

MD5
79d65e3b4f6be423d542d8d0a2d4a2cf

SHA1
009ad4e803d804e47819e0311457060086800b90

SHA256
ba26d0938019ac04bf30d9c53d9681990ad2190196d27589a480a4df134fb009

SHA512
86c7bd0ef3de4f663e308c4e35b16866abd7fd09e974818599305db95fb61238fb19b6e94e26207a8751fa4202081b6a0aa21e2e4014444e910e9ddbd32850db

Download Submit