Analysis

  • max time kernel
    1800s
  • max time network
    1597s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10-04-2024 07:37

General

  • Target

    qrcode_i.ytimg.com.png

  • Size

    10KB

  • MD5

    4e4f0d47eb4da8097c9a5516a0d444eb

  • SHA1

    34896ac01ecb210faa72d5040de6c57394ea25de

  • SHA256

    c7c2b2c73f6ae3c30477b2577c0e97c86c1a8af5752efd32e7603b55b5c12aa2

  • SHA512

    12997530870d436874600c23881b3098c28edb85f9f369a6543a9ac7e85aeec9e9401861c64564d5b393996f0662b544c032fb91e7103b1c1f5a16e35c432027

  • SSDEEP

    192:JboRHxiCP0J+99Axey9E+g4i50w1aeqvO0fiQGHUFGE/4g1bzQuTRg:GRHxg+9axfNk5dwibU8khQuTa

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\qrcode_i.ytimg.com.png
    1⤵
      PID:2324
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:512
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1000
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.0.1073067006\570924553" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cd348f8-4bcf-43e1-8b67-13d6a953f865} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 1812 297f49d6558 gpu
          3⤵
            PID:652
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.1.2115949036\1772614955" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {330f526d-28f3-4c95-9a69-5c6a104bab5f} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 2168 297f48fb058 socket
            3⤵
            • Checks processor information in registry
            PID:5040
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.2.516777584\925253619" -childID 1 -isForBrowser -prefsHandle 2784 -prefMapHandle 2800 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb812088-10ed-4695-8292-1da88bdf1ea7} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 2924 297f495d558 tab
            3⤵
              PID:2136
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.3.506150478\600665705" -childID 2 -isForBrowser -prefsHandle 3412 -prefMapHandle 3404 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {476e5634-25fa-4666-819d-37866572a4a3} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 3420 297e2667558 tab
              3⤵
                PID:3484
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.4.2104936914\930037441" -childID 3 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f480b01e-cfc9-4f2a-bac5-05a7599d9e1d} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4280 297fa905c58 tab
                3⤵
                  PID:2376
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.5.1614004139\1819132578" -childID 4 -isForBrowser -prefsHandle 4752 -prefMapHandle 4820 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be1fe52-c0f6-461b-b569-04d4a12f2847} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4792 297fae0fb58 tab
                  3⤵
                    PID:2604
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.6.206451373\1397990850" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9adb0fd0-845f-4d31-b9de-dbb2a3e320fd} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 4964 297fb066058 tab
                    3⤵
                      PID:5032
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.7.262197437\235657700" -childID 6 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5faa983d-212c-495f-9242-ed08d6cb72ee} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5164 297fb065a58 tab
                      3⤵
                        PID:1868
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.8.2078102733\233183501" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5548 -prefsLen 26514 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a345481-f582-4557-bd0f-fcd98950f1f7} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5512 297fc006b58 tab
                        3⤵
                          PID:2352
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.9.2085787977\6726559" -parentBuildID 20221007134813 -prefsHandle 5552 -prefMapHandle 5572 -prefsLen 26689 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb6f51f-3187-48af-b300-417595a9ed39} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5528 297fc85f558 rdd
                          3⤵
                            PID:504
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.10.533708466\1146182956" -childID 8 -isForBrowser -prefsHandle 5972 -prefMapHandle 5968 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {078973d6-7fb2-41dc-84ce-b2814de40868} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5992 297fca11558 tab
                            3⤵
                              PID:3604
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.11.1626873027\591988426" -childID 9 -isForBrowser -prefsHandle 5144 -prefMapHandle 5060 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd04c833-29af-49cb-af12-7038545c51e8} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5044 297fa95c958 tab
                              3⤵
                                PID:824
                              • C:\Users\Admin\Downloads\MEMZ.exe
                                "C:\Users\Admin\Downloads\MEMZ.exe"
                                3⤵
                                • Executes dropped EXE
                                PID:2496
                                • C:\Users\Admin\Downloads\MEMZ.exe
                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2408
                                • C:\Users\Admin\Downloads\MEMZ.exe
                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4584
                                • C:\Users\Admin\Downloads\MEMZ.exe
                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4104
                                • C:\Users\Admin\Downloads\MEMZ.exe
                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4432
                                • C:\Users\Admin\Downloads\MEMZ.exe
                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                  4⤵
                                  • Executes dropped EXE
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2972
                                • C:\Users\Admin\Downloads\MEMZ.exe
                                  "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                  4⤵
                                  • Executes dropped EXE
                                  • Writes to the Master Boot Record (MBR)
                                  PID:1400
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.12.704822124\1211129702" -childID 10 -isForBrowser -prefsHandle 4796 -prefMapHandle 4344 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {febe637a-66b4-4bcf-944d-f3fe4ef13572} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5180 297fae11358 tab
                                3⤵
                                  PID:5096
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.13.797474319\1254072715" -childID 11 -isForBrowser -prefsHandle 5672 -prefMapHandle 5736 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c56fa42b-366d-48b2-a6ac-c7b81311ba1e} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5680 297fcf3b558 tab
                                  3⤵
                                    PID:4592
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1000.14.1712336903\349770030" -childID 12 -isForBrowser -prefsHandle 10296 -prefMapHandle 10120 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2264678-28c6-4ab8-8a45-e28e61bfe0ae} 1000 "\\.\pipe\gecko-crash-server-pipe.1000" 5508 297fc006e58 tab
                                    3⤵
                                      PID:4656

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10192

                                  Filesize

                                  27KB

                                  MD5

                                  265b60e4559708dc23d41f4715a005bf

                                  SHA1

                                  b4b37ed025fc87533cb0ba612821f83bd80e4713

                                  SHA256

                                  7826b99921eb9bc312f353e266e21a9b4fe7618da99b4d25cc2b85eec291b063

                                  SHA512

                                  ddb75433f669d67ef68015fa914666c3b7e70878589e5680786ccd8f4525a6726ffa76b26c7d919d30da15f8f637a602c088e8059f8848ab8b96f3b5047b0968

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\170

                                  Filesize

                                  71KB

                                  MD5

                                  e638e3b153dd62c45c556a91a8848a68

                                  SHA1

                                  a52c871f9b3c150b9a6c7666bc624a9da1fb32c7

                                  SHA256

                                  60d3bd15f325ae94eae9fa33d3689b20915204c1aeff8908766917fdb3a730b5

                                  SHA512

                                  8b2fa9deb685a8beb6bf81ef6cbedb8fcf8c5f75f9cb6206251e055a7a21e68984e18affe26eaa514df3f1aac63bbb96af71d46d84445d71a4b1cd824b7cb064

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18301

                                  Filesize

                                  41KB

                                  MD5

                                  3e798c9ded13bf3d98898e1c569a52bc

                                  SHA1

                                  8868be1c37deb5bd1744dc26eea75ebf658063a2

                                  SHA256

                                  1bc57b7b15c7f0f1791e821c6b30a19bd6c89514c19bc9ffa4296e0c146fe5b3

                                  SHA512

                                  56ccf18c6eced1e8d01e6fb7e28979512af02ed3835c49fe07d167945f418e5792a54e1938e5d2878403a088837490bfe7934c03b9e272a9f828663b2ead69cc

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25397

                                  Filesize

                                  9KB

                                  MD5

                                  273f6dfe692bfd9f2775a48566d8245d

                                  SHA1

                                  3ddc4386c852b3500328b4d3531dfe8e7715acd3

                                  SHA256

                                  d4f7b47ae9c497db5c084ef87f04b6957b5d36aa70ed821b69e6b33b92bcf3ea

                                  SHA512

                                  dc97a07ceceeadcd6a50ae8e9b4c1dd3296ef74ef44d7c37b67635f08d10b17be3077cc71465b716b57e0b788aa915a9344f6dfd52dfe9ab4ddafae459da8503

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26071

                                  Filesize

                                  27KB

                                  MD5

                                  738cae3322c4aaee77bac3c98f271365

                                  SHA1

                                  efbc96a6b5b13c5870a6cc572b5df09792ec0f56

                                  SHA256

                                  7f82dd9b8e53fe42e846a23a5b6e39ad44a0436c1b59711004ccabd78cec18d3

                                  SHA512

                                  388e2d0d545a527d65d52cb2dd7debc787af3b8c97acedda4c8353f6189e03a4825245966c1eb89f13dd2d46e6641d4bb6e96902dc475fefd5e54bebafd5fb74

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

                                  Filesize

                                  2KB

                                  MD5

                                  12d986e3002240ff70817aafaaa5d65d

                                  SHA1

                                  f5a8f1b87df3dfeaac9ac346dbaa8a98322d176d

                                  SHA256

                                  f126889544cd65bddd5b894ff9efcf04605362d42877b02ba22ba117aa621bf7

                                  SHA512

                                  222159d7834dd1c01c09bcd2059b7b0e802cc6f6d4df685a0398d824c8ee99125f4c9c290e7fe320c8235d0b0a9b95e7dec4e53ff85739d9fc82e8aa0323d4e0

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\91600d37-270f-403d-a466-2b014e4ea4e6

                                  Filesize

                                  10KB

                                  MD5

                                  ef55c0e1295d5601788fd1dadfb2d886

                                  SHA1

                                  b2277875b9b3955d39cd26ea366630647678c77c

                                  SHA256

                                  1042d34fad9db027a60fe649995080be4e1b3a1dfc2bda7c256bfa3752a4641a

                                  SHA512

                                  59dcfe4b1298a82a4e45e9244a4983bf4d471c1675b8226663160e308525d0d9a7b37018b1a63d4966afb78cb88064b3e42f6d9a3477d1d9778022567bd65575

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\96e97991-6c81-4895-9afd-6a71d9058c08

                                  Filesize

                                  746B

                                  MD5

                                  74ab9e73b99afa029ebeeaa1fd89de5e

                                  SHA1

                                  68a15baf846cb458971613938e9c057ebe6451d2

                                  SHA256

                                  14e5a88402955fda9587cd22b762c5f5785ceaed89a4a024904b4dbce969f0f9

                                  SHA512

                                  542fd264af3b878595e5d467ea77299d7c75c0ae57b8f0c9eeaadb77acae5fac2dc187edebf501ed1201ae01cfd24b597a73477da464bb1eb3cde748e0f68449

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                  Filesize

                                  6KB

                                  MD5

                                  f7e824689b8992070045e87ef0b354f7

                                  SHA1

                                  83dcceaddd185fd070478404f577bc811d6a84c0

                                  SHA256

                                  09135e7e28988126c2be65d679e4d6e4775a1294dd18e1b4dce3b2b9aa81dd06

                                  SHA512

                                  a1217f1bdb8e1a7dd7f5b9efcdc129044a2d36e987f063bacdbd8a21a96e24a299ac6d30727c5e78082fe1402f8a1aa51d94482bac00a03bb43db16cf13b951f

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                  Filesize

                                  6KB

                                  MD5

                                  bf48422a5d3a62b289bc7d218ea9ff04

                                  SHA1

                                  421a2829d40a9da8359c139e15292edf0be4be7e

                                  SHA256

                                  2358667ec0e8b7c6bfe7a2751a969a3dd0e229c7712e69a646e9e3c12b4797ab

                                  SHA512

                                  1c0b0217aa4d9dd96dbf37a91acbc137088a0b8cbf8b036be7eda67e03334cb9b34266694e61405b1098a032a41e6bda6b445dd536ef52aa89b8aadbed0b1478

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                                  Filesize

                                  6KB

                                  MD5

                                  2a4ad19ecd7341cb9d383729ec424a44

                                  SHA1

                                  b8872d4157520989622992ac44d51a3f06c87a17

                                  SHA256

                                  003b1162ed44d5a603f5f349433d2c521057ec679509b4835df8566b3827d9a6

                                  SHA512

                                  c9869fb0cfcee62f22903e4905bc891d82cc9e21a7eeca7c60f0518c90badd8d3693681a4b1174c35ce6e29504a0cb0c1bfb09545fdc91e06b10f16e1f65cc94

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                                  Filesize

                                  6KB

                                  MD5

                                  4de4b2faec2f66a1f8ac1428a73e6ac6

                                  SHA1

                                  6ce55b33618bf4782c28529c0ca8c0cbff4db6cf

                                  SHA256

                                  37d6c349bcb085e5f31ba688edd42fa41125c0a9133bde13b2cb9efcdd6f829b

                                  SHA512

                                  8ccb2a7d54145cfa136720a89c271a24ee2be7dfb852817678fffa41cfd1ee07fb47b3a26ec02c63fea2ac0ecafafba82a41b0aac939921c9a6a3b14854b27e0

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                                  Filesize

                                  6KB

                                  MD5

                                  ad5c39702c19ebe15549edb6809cb492

                                  SHA1

                                  698b1843618e1e827b3d12b718eb6e64c6b1a18a

                                  SHA256

                                  3dd16730c0d6fbfef82d9c8eb8e1b7501bad8e3e251ae263fd9b9ad1c71aa474

                                  SHA512

                                  793da8cb1bd847e36c3f0dc7ce74cf8173ff1f3f47d930f26c0c86064177a69bc7b8eb4b1276f25569e7b7447a6ee14ecdd26f9e83e39808015223277473e097

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  4KB

                                  MD5

                                  3e54833dc88d91d98dfd5b598afc1082

                                  SHA1

                                  346fe2553b2828ec1ba1ce2379843c09103e2ec0

                                  SHA256

                                  d9078a9cc5ac2982f8d2e904ba16a418a422a6c325940f6875eae685e14abc8d

                                  SHA512

                                  425982190d8b9693974944cbf09515677a0ec6f235081ecaffa6fc3e8e0bad110bcbfb8abba15b28c05641b252111c8e5ffa46788646180d25398c80b45acd91

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  42ce03367fca5e47454eb5ea53b7e6fa

                                  SHA1

                                  97afc97206e1edd7987021edeee7d1566820ea64

                                  SHA256

                                  b7f5b49634f6b34b22a248f7238cbf1d6f32da983603f49dcb280b2cb62971d7

                                  SHA512

                                  5fd597f91f14ab069dc96179c5dd2aa4429a9369c44431292657f1bc47b0f7272549d58d04352b4051bc34ce264523326a84f819da34eaacf40ddf3fb5f999e7

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  fc38ed614a3540de0ccfd4f8dadd70f0

                                  SHA1

                                  9dd56f8a91d302c66ace79cfb38e0513a2bfd6d9

                                  SHA256

                                  68fe32d711b4394825d9dc339c201e79f3d16aaf8a20ca331d9c201119f2bd92

                                  SHA512

                                  bd1d962bc817b6e1ab06168c50fb7f495f5131e2353aa9953d7c91f54097ac3d9ec05ef2cc847df111d37d7d77ece6282d3a49d98cf39ae55f6474dd0f4f12b1

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  35f245956725728237221b4ad3449fbe

                                  SHA1

                                  a68cfd4090b1729a6ca3b74813d5249c5a860933

                                  SHA256

                                  ce1132fc8e2ea1b16a9b4fd190a90a29a1ae41d954cb5b199c9c2f6e04e9b0d8

                                  SHA512

                                  cdf248a02403ca90720ecf1694792010de9abc7a0beff0f62f32d044174a491ccc83abf705ae2c9d267b4b9d61f6e2e119d97bfb86c1901e8d5875292c44efa4

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  21842306982ca6b1ced57d439eeaffa3

                                  SHA1

                                  251d59f03908246a4bbc451a104c3ee087830c5a

                                  SHA256

                                  be1c4384315a6402a1cebb2bf69104503779ca95d149e2323890623e9658cec5

                                  SHA512

                                  65832ded65b01900056025fe08680e8f811209498fe537fe6488d520bfab1335b339172c43db753bbcbab3717bdc142e148688fb90fb6762bcce19926c9dccde

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  3KB

                                  MD5

                                  c7407624b09537c41b20e584abcf5e0a

                                  SHA1

                                  077aca09378a7a3e5f2b45780276d844ff9f37f0

                                  SHA256

                                  5e18fe8e62866907d2f0cf86c2fbf3fc32c94b25bd21394ec4214784398164a3

                                  SHA512

                                  b80e6df17fe50e2a2931f420274c1ad4c1d0563aa2e28c07b5e4800b50006485196adaae737f041cfe4d091be8670bebf06cd06844144dd8a2ff47132e06234e

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  1KB

                                  MD5

                                  b0327f28eb03839057e4c93f5e35fb66

                                  SHA1

                                  d82f09fef3726903287135b9fecda015e3cae4f7

                                  SHA256

                                  63929bb50fb7b8cf26725c656485c89f7a6866e5882ada11e0640a3441df5c3c

                                  SHA512

                                  19ccfc4e80c60a2d3235520fc38ea039f70995a4b67eba4df986071f5e57cb93a54480973fe804f1956b0a13e2f11ea5a1dffed4accf94133d8117693244e84d

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  3KB

                                  MD5

                                  e68ef8bb590a0b93fb168808b30677be

                                  SHA1

                                  5e44f61d9e288ef0d5c3db30e73f34dc02992b90

                                  SHA256

                                  0d3b19fee11be366a960c1fcfb385c0e2c94b041dce0747586d6f53578d8f51d

                                  SHA512

                                  ca9abd79dd2a5612cfe04868d72d718e5456eed6328a47c77fd1309d83d03753c9cb4a7863e7fffe60a7795753a51fafcfd1589f9c365c677b9dafd8525498c5

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  4KB

                                  MD5

                                  3e28cd41a1fbb0d3703f4859d51e1db3

                                  SHA1

                                  e6b28f7633814db7ea6fed893f5143341b15b882

                                  SHA256

                                  618161de6bfd9c130094b2ae4baba684dae4384b8fc73578791076d6c7ed9999

                                  SHA512

                                  3ddfa1c5977e8ee56a5135e4a76a91ab9b7699fa6a22bdb5c8dd478dda107d26fd77534e93ae6a522fc0c8e07620c82365ad11428cd56e74248d3fd71894b900

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  c0bbdd7029ea46e57caaf3b9b33c27c7

                                  SHA1

                                  d987db5dd130016d1c41d99af35b8e776ae7207c

                                  SHA256

                                  53380a80ada4f5bed0c9ec5e9cb4cd060984839e9428d9bedccbc2e3cb891805

                                  SHA512

                                  7a857e088a715c8a1537e12ee17c84d9b1274fed2d896b365b80b07207a896717315538c1e9ee0645f377af3fd2d59e5c9548afe7cea87750aafa283d5fd746e

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  6b811e1e9deca8b78803e3619fd8eaee

                                  SHA1

                                  72819c8505bd92b77fce05d97a484d99631eff09

                                  SHA256

                                  51d5abdeb49e25476fdeb0d44c80b7a684308dfd3e65f85c13e095fd3d4bcf8f

                                  SHA512

                                  c893e5b56f3bca5d4b73c0b5c27c96ecb43729d3dc98dbecc850175bf1e6612095924fe216a047b807e6123fe9537f25e11522d72a8299aac7eb60963fec13e2

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  ed3672ef7493f445366c6493d405129e

                                  SHA1

                                  1d22087f998f607606649985e591cd685aeebeb8

                                  SHA256

                                  94b58051dc293c96a05ad41cb19b189f17adff1a50511a7f396f5bbbb148773b

                                  SHA512

                                  3ebc53098111eb797545f074b563c6b68593e1165a526cbbf7947c8271eb03dbbc62d137d7345d5e45096f308e3eebd2007d56cb57ed6b4ab91f8a33504f97d0

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

                                  Filesize

                                  7KB

                                  MD5

                                  9b442eda5dd96bac0a5a91c645cf4944

                                  SHA1

                                  c95e4c94d69752d81f4f01c3b10699aecc603315

                                  SHA256

                                  44afd193ad7789e9400ec5bf909579167292fcbf46e0a40ee23743d4d237d127

                                  SHA512

                                  f6845ae2646d04cabe46add788a4650f9e2142cbb547e7041d83feb17af01c4a11b0ac391fab5f497ade487b1d33682cd9a67f220c3ec4333dc9ffb716e0c891

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++app.innovamat.com\ls\usage

                                  Filesize

                                  12B

                                  MD5

                                  820740e338909dc92d872c6faf187d77

                                  SHA1

                                  9aaa382bb08efa7004765805f7f4cfa93c8d5a3e

                                  SHA256

                                  de9d34b5e6c380f877ff4efdc01a643e654e164c104b131d4fd3b8cd14e1dfe4

                                  SHA512

                                  28bc5b45ce04ede009d2de9bbec2efae67930141a53c52316a7db4c2cbb4d083f0c2a4dbea37856e6c72e8a640e7a8786b3254f6ab3e600bd1ffde24287ed6b2

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++applets.innovamat.cloud^partitionKey=%28https%2Cinnovamat.com%29\idb\3470826767CtascehueqdeFRehtc.sqlite

                                  Filesize

                                  48KB

                                  MD5

                                  a47d17d17be67e776a7472421cf53654

                                  SHA1

                                  2e8d342fcf683d8f87f75cb642d5fef53fa5f924

                                  SHA256

                                  0e5f43cf8235dde149c26ab34aa6a047ef997560be9b421b648820d9e9ab2f90

                                  SHA512

                                  cec2db10b7eb452559c40d3b24536d879bfedbbae67db65956c7d23198a641b447d37afd9f937b39958a805eece7e1af3130f80c6c8af7fd61d34ab54731145f

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++student.innovamat.com\ls\usage

                                  Filesize

                                  12B

                                  MD5

                                  57fb6a8e57193e75d033402687e3be4e

                                  SHA1

                                  8252252cba3b1aca39c44b259e2970513760a922

                                  SHA256

                                  fb2a8a53ba1824e3409b112873bcab98cec37df11b12a80927bccf3493fe60bf

                                  SHA512

                                  e1fabdda9a7cc2c82ff25e322f5ad4e650830fb8f66b04557f1b433ebf5b51a7d4610d7e5402bf7081167eac043403bdd9c5a82517ba794be16afdbcfa2eca43

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++student.innovamat.com\ls\usage

                                  Filesize

                                  12B

                                  MD5

                                  cd78fdf22acef3382e352ca0da560f78

                                  SHA1

                                  6b0b0652cf0694644cbe501e6a3868801cbf7b88

                                  SHA256

                                  d53c3c884859fc16fcba4cb3b473b18af27499bf32151f6e874f13ecf80ff55e

                                  SHA512

                                  577f6f056495a644453a4d23949dce78cfce21191c7eb7d091fa523b1f36237f8e68916114896c78283fe375db0b58034d22edee7aa5bddbd995ddf9990d1b36

                                • C:\Users\Admin\Downloads\MEMZ.exe

                                  Filesize

                                  16KB

                                  MD5

                                  1d5ad9c8d3fee874d0feb8bfac220a11

                                  SHA1

                                  ca6d3f7e6c784155f664a9179ca64e4034df9595

                                  SHA256

                                  3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                  SHA512

                                  c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1