a5ff15aac4d426aaa68e22be303fbf693f6ad173623d4e7e4d3a10d7ab909fe1

Resubmissions

26/01/2024, 15:33

240126-sy9ddsggb6 10

26/01/2024, 15:30

26/01/2024, 15:26

26/01/2024, 15:25

26/01/2024, 15:21

26/01/2024, 15:20

Analysis

max time kernel
206s
max time network
209s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
26/01/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dev_Solution_V1.zip
Size

17.5MB
MD5

ebe3933c1b208e123c1abe4fc53c5433
SHA1

a18bd85add1736f8779e9d2b36147d667bf7e627
SHA256

a5ff15aac4d426aaa68e22be303fbf693f6ad173623d4e7e4d3a10d7ab909fe1
SHA512

1a5f2ca914f6521d5f53d65a8ed4ed46a064cc68c09b23cbd7e620b41e59ec312587dcbd3fe5d0a6a6d0cc52ded349e66490e07d15e42f4b3d367ee65cd8eacb
SSDEEP

393216:+HapXv1xhtqnSTRy2HUSb3g9aWjfApC+q7kl52Bk+:+6pf1x7USsY63A9+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2432	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2432	vlc.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4620	7zFM.exe
Token: 35	4620	7zFM.exe
Token: SeDebugPrivilege	3340	firefox.exe
Token: SeDebugPrivilege	3340	firefox.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
4620	7zFM.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
2432	vlc.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
2432	vlc.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe
3340	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3732 wrote to memory of 3340	3732	firefox.exe	82
PID 3340 wrote to memory of 1112	3340	firefox.exe	83
PID 3340 wrote to memory of 1112	3340	firefox.exe	83
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3220	3340	firefox.exe	84
PID 3340 wrote to memory of 3048	3340	firefox.exe	85
PID 3340 wrote to memory of 3048	3340	firefox.exe	85
PID 3340 wrote to memory of 3048	3340	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Dev_Solution_V1.zip
1⤵
PID:4632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3880

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointMove.TS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\AddGet.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.0.865081327\1536187492" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40988102-97fc-4a40-a60b-e38300f99e0c} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 1764 21298bd7358 gpu
    3⤵
    PID:1112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.1.1829405712\1655732465" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30a2af59-cb42-4d3c-8dd5-9f777dfc4394} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 2120 2128d972258 socket
    3⤵
    PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.2.392074430\1340518279" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2640 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21509ad2-5244-49a2-b55b-5a45457ef15d} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 2952 2129cb99e58 tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.3.1566733365\602241462" -childID 2 -isForBrowser -prefsHandle 1108 -prefMapHandle 1008 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {505339ee-7932-4d13-aa90-c1b096d8a723} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 3516 2128d960d58 tab
    3⤵
    PID:4212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.4.507260673\363347932" -childID 3 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b57d912b-3b3b-4066-8d8d-6d5a4a358aff} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 3856 2129dec3158 tab
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.7.357339513\1041620085" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4330031-4d14-464c-93b7-44d28ef63104} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 5212 2129edeb358 tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.6.877440978\1030071500" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de136390-309b-4768-9f35-39ed58cd22ac} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 5008 2129ede9858 tab
    3⤵
    PID:2696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.5.1933711628\1610981632" -childID 4 -isForBrowser -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fee46b6-2053-43b2-9ce9-198daf2264f9} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 4872 2128d961f58 tab
    3⤵
    PID:4788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.8.1884448755\223487929" -childID 7 -isForBrowser -prefsHandle 6016 -prefMapHandle 2624 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b808fea5-597a-4121-850d-9d679eb651b9} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 6024 21298ffb558 tab
    3⤵
    PID:3376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.9.1301176121\1075879982" -parentBuildID 20221007134813 -prefsHandle 5572 -prefMapHandle 5568 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e876502f-ced3-4af8-aa03-097dca7d3410} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 3836 2129cb7c658 rdd
    3⤵
    PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.10.635445774\2105467467" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b03a3a75-f877-40f4-9120-ddedd03eb552} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 5556 212a0b47658 utility
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.12.457783769\1977712421" -childID 9 -isForBrowser -prefsHandle 6432 -prefMapHandle 6436 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04fb41dd-146f-43ca-b71b-31628c65da94} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 6424 212a0ad4b58 tab
    3⤵
    PID:5128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3340.11.1587605200\1685471323" -childID 8 -isForBrowser -prefsHandle 5572 -prefMapHandle 5564 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cff268f4-a80b-4b83-8b99-f797019b2acb} 3340 "\\.\pipe\gecko-crash-server-pipe.3340" 6288 212a0ad7e58 tab
    3⤵
    PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
58a890e65e6b6bb7bba8e88a5fb5fb2b

SHA1
0be0b18aceaeeeb2495348edc2bfd568eb0d0649

SHA256
839e0ac4b00eee8ed003315ac2e36a344245f45e9d779978fae9de9cf5fcdf2c

SHA512
01934ca11b50875fecf211761f53e0c87643d976a43d5aa786ee2c111e556870a69b6c56719cf729c62252ee2d8dfaa8f76ea39a2f7f08d557f59ab123aaf032

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\pending_pings\87383166-8835-4316-9679-f0752098aaeb

Filesize
746B

MD5
ea195274f7eb9f8a11fe48d59ea6bb85

SHA1
bdbeeb5b06ae98bd1c306f150967cdc99177df63

SHA256
f5f783f8b7c9914d8625d43d06420076c2f8f30e5674c92816e4a4b4a6d1ae1f

SHA512
334626c6db168bcf9e4d89a77e347a2bf88fd96046a4e5538789fc251f12435e426e400a64b0e233af5793ce4f3789db99e8fc88eb1113c0726b07be7378c501

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\pending_pings\db96e6da-7fad-4081-acab-2a08f282a183

Filesize
11KB

MD5
1a1010e0bf7d2c2314b15d4a90d8bc3a

SHA1
9dc1670d8059f638a587ed5a7902e0571f67d7b7

SHA256
dfe5a08ce68471724fbbeef14e99a976c81f573532aa656eafa182737b090c8d

SHA512
8efbd88bc8c2ca93f3446c76830ebfb94963ce8c9432b2e14c33042a26c7cef1a843369e52c7398eca5f2e66269ed6f9c68582c58d15bd3ecc44c612cec7a4dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs-1.js

Filesize
6KB

MD5
515f733038dac0bb4a06ea935aa1c96e

SHA1
998ce8460e6ab194f4cfa67313b7d94e80fe6978

SHA256
a0eb45b8fa83fb85638cdab962fbfb1a5d377c26ed19ecfc4b3ad2f80a255cb2

SHA512
817000afdea6acf4ddca5a096036ab40d634104ed03c47c4fd17629db6ed2af946131f68e41e31d1631b407799065f7805f9d737a31b32e93a7a56174aa2563a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs-1.js

Filesize
6KB

MD5
46b2dee9dafaa7849fff5f35c14c5624

SHA1
cdb7c2d21744c949fad51e158c23ef5f4d93d7e4

SHA256
f43dac33db884e75c0f29606a72204fdbf3a8bbda27389c75368c19eb3246be3

SHA512
d2921737efaf6afa2c3364ddba4dd860eff12cf2e5c0ecde5a04960dc30558a8f3d9bb19c43c4dc1d6edf6a2025f63a269c94d16486317df0217b8a7a722fb65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs.js

Filesize
6KB

MD5
7f38bfde2e3f8e3edea016081d3e4012

SHA1
22f2d1d7cdace4e75c46084487ff417d8e22353c

SHA256
7d043f57901a947d42218039f132cb4498f24ec86a5a20cf94b622d520ddaf28

SHA512
62b8e320abf9d10ec433514e7a9cf040bfc1983933a61e4e19269dedfe6615e66d77c5be417bda67eaff6c9a9c8502dd992b80b72ae5f872019827c7672de195

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
79d66a322e4091b61f47886946a686a7

SHA1
a87c642e95900a2e7ae81a42370e4dc0e0ef1ffd

SHA256
67b14872caaa913b9d5264bc7b26825412234f94b2a007e4000775956414ccb9

SHA512
88af227e2157f14232a7f957ed265609c672eaf13a43f03077167e05a1c5217ea447209fe473329487a3d2e8dc870d4153e904643246b2ec5319e3c81992c404

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
5da7122418cd3860c1c0792b9c64d181

SHA1
a473c660d8b02fad9782913c3c35b347f14f2977

SHA256
2443c5b7521ca04e6c23a3fe7f8b12a4edc39efb2d10ce661a82cc9d182a04b4

SHA512
61519e6b2bad858902f273d63c85ce32b5922787c65e6a1141e5be77451765ae0d8bea2743d766183d5d97a3781c78a9561367d6e29889af8a004f5e4faba66f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1b74c9debc8f1d5683b8dde06a71db20

SHA1
5d8c30f37d104afa8804ddf481ebeb5ff2f469b2

SHA256
4e61354e2e5c789a0dca2852ef1e156ee99d37cdb110f8d027cfe21fd62c9447

SHA512
abe0127fb6fe25f51a16716944109fc39b5cc1a155b36be73f9ef77055320816b46a7ed9f3e8bc03ae8051eec875f79a0a52423dee24533c060833ba9660a3fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
69c196dfe190071d7b82b0a2b90fb5de

SHA1
5207056263b04e821a1e0c75a03eb16594281261

SHA256
f698ad8dc85f4c1fb1aaf7eec06b05e8d9bdc06b04a857b9dac494fc7bbc1b87

SHA512
6750d93eff08e07115308ea9594071b7b75f9322540e22868ab4c0f30def476e7a6b1cad6937a5606bac5fd6c053a036863a40e21462baab4e364814e8b531b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0d625772facdc11641d68ba88f3ac3fe

SHA1
cb98e8e9c606a6e4ac548b787652777ee8ffb408

SHA256
a424ce80bfe2843c39f0c7f510e7ee7628428bd9ec8c1efe2d2fd02cd72828fe

SHA512
3145c8df405d900eb8c443e7444bea24d5db325c8f37353fcba60ea58ffba0e823926d38306980786ac6d2115908bf417535cd2b54d85d647d204a6db66824c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\cache\morgue\154\{fbbc0964-32ba-45ef-bd55-501d8b3c8d9a}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\default\https+++www.youtube.com\idb\3757435776yCt7-%iCt7-%rbecsbpeo.sqlite

Filesize
48KB

MD5
b223b45191a95ce474f65208a7802639

SHA1
0fe3a2bca176271c06ea770a629127032bc1bf15

SHA256
14533cdc12665e4f4015a79c2e30a81b8266c018bff8b710ca4491c6930e51d6

SHA512
0cc05e8cb48088cf6e516a58f406621e0a628da61f5056a62c4a1028806d185a54a993dd9d8a6bdee432094950bd20c76fb9fe7dd156bddacb7ac334baae5e63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
079ee2cccc4eee3b2e3011eec417e06d

SHA1
6653947f5a920193ed1b5a102374e9cdf8878654

SHA256
cbae6f3bd9a0fff08bcd5f56320fa737f0d120d5b180a7f5168818f6ca100a7a

SHA512
d22ba54e67070aa5679d5a0d90afabe930f2dc81ea661323797b3645e7f383dd62a58ffc91a94a270a73e964ebdd1119998e74564a61c6659db2928a041825c3

Download Submit
memory/2432-12-0x00007FF689850000-0x00007FF689948000-memory.dmp

Filesize
992KB

Download
memory/2432-16-0x00007FF918AF0000-0x00007FF918C02000-memory.dmp

Filesize
1.1MB

Download
memory/2432-15-0x00007FF9194A0000-0x00007FF91A54B000-memory.dmp

Filesize
16.7MB

Download
memory/2432-14-0x00007FF91C620000-0x00007FF91C8D4000-memory.dmp

Filesize
2.7MB

Download
memory/2432-13-0x00007FF92C700000-0x00007FF92C734000-memory.dmp

Filesize
208KB

Download