Analysis

  • max time kernel
    1524s
  • max time network
    1587s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/04/2024, 19:16

General

  • Target

    MBSetup.exe

  • Size

    2.5MB

  • MD5

    b6d8b7e6f74196f62caba2ca77a7ae91

  • SHA1

    6ac9c99f084b5772440e2f135b8d5365f7f45314

  • SHA256

    74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f

  • SHA512

    ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044

  • SSDEEP

    49152:/5wZat2ranBQjvaq/Gtl8StQyfvE0Z3R0nxiIq2ddBzOnX:/5wZauUBQjvL0SKtQRq2cnX

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 1 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks BIOS information in registry
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    PID:4788
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3540
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3360
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.0.1199631431\311463652" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c133697-7274-4bea-b9b0-3d8e3595d16f} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 1796 209b24d9958 gpu
        3⤵
          PID:3012
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.1.715959697\1721751552" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75eeeb0d-40ff-4a71-924b-6a2d7b3ed81a} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 2152 209a7472558 socket
          3⤵
            PID:3252
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.2.1245744743\1818344023" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3004 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {643d8381-d07d-4d3f-897d-e9691996a9de} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 2780 209b245f058 tab
            3⤵
              PID:1380
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.3.552857092\1101177578" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18cd31f4-624b-4a07-9911-29be22206e12} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 3444 209a742d858 tab
              3⤵
                PID:3536
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.4.162301372\686543595" -childID 3 -isForBrowser -prefsHandle 3884 -prefMapHandle 3524 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72627712-32b6-4c2c-8575-5cbfa4078661} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 3892 209b7b18b58 tab
                3⤵
                  PID:3388
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.5.1053495656\1630273479" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4892 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cf3fd83-f946-4e7f-b498-a0d54b0d8fbb} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 4920 209b85c2e58 tab
                  3⤵
                    PID:3396
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.6.1956506675\1957555489" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {697abd7b-13f1-4602-97f6-ba0b867843ec} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 4944 209b8b4a458 tab
                    3⤵
                      PID:4212
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.7.1395309235\2135693558" -childID 6 -isForBrowser -prefsHandle 4944 -prefMapHandle 5248 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2099b48-db04-4705-bcae-bf1c9ca1dd30} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 5156 209b8b49258 tab
                      3⤵
                        PID:3060

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\28458

                          Filesize

                          9KB

                          MD5

                          d01b54159ba6643419c8cd605ce8a7d4

                          SHA1

                          f6aa277f90a795928559e5b4192840b09cfe899d

                          SHA256

                          7634278154016d28c4c011fc8b12fdf74f5580874e77a02df395b5ff75648d08

                          SHA512

                          d2c67e8bbac585dc92b522a321e88094c9a4eebab7766a789e9a5b6685ccc83a719f137776d85593345703b555c346cf80c7da570e3bf16c3f428969efbc4698

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\979581C3E304E73A28C04371AD0D7425356D6BDF

                          Filesize

                          13KB

                          MD5

                          3d2017f929ff41fa0517a895ffdfbbc6

                          SHA1

                          1873c817430bc04fc896799052306c8f5d91a388

                          SHA256

                          964d3bade1edda46c462010a12e93c0c227d60a56bc23b6f00dd12af6768ef7a

                          SHA512

                          aadb6af847c81c87329fb6c05d86b6d752087bffc9c2d0504d01dc0dfaf91452f641d1bb112349efd2c4393e4921ee7f8012f684a05a4e79009d3ac724301845

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

                          Filesize

                          13KB

                          MD5

                          f6165601a0e6a678cf1807a0efd9027c

                          SHA1

                          1edd5d5008469249cb299abb417f63bfa9fef7e8

                          SHA256

                          9c1e7d335ac100c8bbeff341caf2525982c3b7fc87d113bfeedab45d7f5cab64

                          SHA512

                          df879b434c02ba792697c7110c0e20d3c9a7b6c6ba1df3e57ab1b0f3dc2bbe6e229cd340cb34e9b2e35645753106d571692bd6ed7b3fe7987a69b6b97fe4734a

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                          Filesize

                          7KB

                          MD5

                          c460716b62456449360b23cf5663f275

                          SHA1

                          06573a83d88286153066bae7062cc9300e567d92

                          SHA256

                          0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                          SHA512

                          476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                          Filesize

                          8.0MB

                          MD5

                          a01c5ecd6108350ae23d2cddf0e77c17

                          SHA1

                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                          SHA256

                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                          SHA512

                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                          Filesize

                          5KB

                          MD5

                          329f99b9e9aa477d6f540a1330b4a6f8

                          SHA1

                          0ec24550e7ac85c87f0760e46cda3825cf12b1eb

                          SHA256

                          5ab69bd05cc4a06a12c0e80c104e57c1b35db65d038068295d57eae5ba72705f

                          SHA512

                          b6fc74ba37fb74be18042979e3277c53aecb085dd38b939f0c2b87a572233e98c1f5e3ef8997832cebb351fb63280b73472f5e118f0afe6ea18366fc43033245

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\bookmarkbackups\bookmarks-2024-04-10_11_fHex2gcaYrcM3bB6rAfVHg==.jsonlz4

                          Filesize

                          941B

                          MD5

                          06d87d126355fd690e457ce18b4778f7

                          SHA1

                          3de1658c09f3729a9ef1e86d20a4379192b125b3

                          SHA256

                          d7f1acf55995a0c37cee175af46bd974fa2bb09f2905e9001aeaf604166b7294

                          SHA512

                          78ea844adc923e9d7383c4c2c2566aa99097542d69ad04655398dae6ae4e7b9b63037c5c5a7776e939f6337f216e5e906fac5f3faef5bdad8302b117ee653eb5

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\broadcast-listeners.json

                          Filesize

                          216B

                          MD5

                          00c3e3efda1ee565df083ef12fd866ec

                          SHA1

                          e260e7dc9fb717f6512dbb7d87c1ca32f21246df

                          SHA256

                          79593892142cebe2dcf4c559a34d05a9773387d0daf5b4d786d97c8ef27a6ea1

                          SHA512

                          b1faab06ddb61ad54736c681efa6f3a9f5cb0ac92f03355d03bd18a4a3897968ba472a058379268f68dcc889f6d7233d4984c4db2d4c1f670b7863fbc7544fd1

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

                          Filesize

                          2KB

                          MD5

                          86c8b040427843ae9c601351c1345822

                          SHA1

                          1f0630ae00aba64df59a5a4ded04f2ce15b4dc33

                          SHA256

                          2bfeb6c46bc68d69e624e9a67393e83c53805bde5fc9527ed080a0cd91017360

                          SHA512

                          c7d4bf9e5f8ad6160ed36de5b4ba47054cb5c483a209cf3ade3daf7236a357422f5650bb48d65e9c1c2622c2f023b0ded4bdf6f7543ba4a8cefbea70ceac13b2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\4db73c5f-928c-4293-b502-cb1faf22e421

                          Filesize

                          746B

                          MD5

                          1af2ac1a5ee6f9a257ca986992449588

                          SHA1

                          64d94e5afdb0f261951dcbd1f5cf87dc6c5da50a

                          SHA256

                          6b9690fbecf0d93bdef9b83abf43c068857c03ddeb711f6a8ed8a59f0509b60e

                          SHA512

                          6d69b0670d6f7b0e0bc899b6a1d2a573ed5d728b5e2cb3fa3bb1113105672e7186a2148f98d7aabc3c6ebc43bd3fc0e1b2cd8e684f69aaa7e7ea795cdf98e8e3

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\6119f649-596d-4bce-b320-7bc7044fc3d2

                          Filesize

                          10KB

                          MD5

                          095c204b1ff63639309aefe28ec9e03a

                          SHA1

                          cfe389b0413e2a2fb622ac6757f9c5d7245e5b12

                          SHA256

                          5a453332e1a758744c5cb9d9a68a507d400dbdd03229ebe9265b2602ce5055ca

                          SHA512

                          6d5b19d3b7a7b4859081e33e6a12e75612f41d3e58c7e6cb10bb734390ddabfbafba3447b215f373645709b1555bdd85056476768e221fddbe4747e1d1ce0833

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\extensions.json.tmp

                          Filesize

                          34KB

                          MD5

                          5ebd0622338bda931843fbee29c374d8

                          SHA1

                          04e73b6e8cdc0f56e5faa396ec1db543621f0d8b

                          SHA256

                          97a2a6dac05273711c0717e0cb8d04763691ac175c675760b5db81d332c31289

                          SHA512

                          213155fd8a53bc7b5c40940cf4f3cb400cdde4218893b4d31a8f8262ad8621af2fb738014402333c1c220b6692683c3f47e7dc56a13290adcbdd32c62f29cd52

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                          Filesize

                          11.8MB

                          MD5

                          33bf7b0439480effb9fb212efce87b13

                          SHA1

                          cee50f2745edc6dc291887b6075ca64d716f495a

                          SHA256

                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                          SHA512

                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                          Filesize

                          9KB

                          MD5

                          458639b6cc1d221796352fc21a1cfc36

                          SHA1

                          630e8c607514930ae2b4768f9666cf8336d13ce4

                          SHA256

                          57d3271a56740fcd21c43ec586af2aaa0d340803c3b03a417eb636149f0dfd91

                          SHA512

                          e40e16c5e7e25bc3ba1689f6bd4fa284673a60bcfdfe726e5ed47b8875ecc5677c10ebfb6e83fb9a8fc4016841d21be28286a474723c0fcce82a0a031f723dcd

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                          Filesize

                          7KB

                          MD5

                          fd55f36f176d743ab7013b8da521cb65

                          SHA1

                          d0cacc9fe5f8a448fbec36fca43cf95ea02a106c

                          SHA256

                          8009e6114618aee7bc604bc3e67b14d667682d8ae224d7d137a3072d3ff0cc69

                          SHA512

                          e2753c966feb1612efa0375b435ad266fac56240ff7cb4badac6a5b8c8d0ef8ed3f88e76825772bb088f4c606fe0db0ae73e9505260ab910be0d0eb677369828

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                          Filesize

                          9KB

                          MD5

                          aebd7732944d2a0c1080d7d3bb300c73

                          SHA1

                          be85e1890cf9d43a198b662953e609ad2c738258

                          SHA256

                          b66a5573202b73e22497a6b52ddb59d1b67b1685d9d821e78b13f485c1cd017c

                          SHA512

                          d5601a45996124c39af7ad632f350f991158f433c5766a5965b991341fa929e3a921cb97ebb237281039f40bfbd98ab4a708c4150dfc18d8e9fa8463f7dd23c5

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                          Filesize

                          9KB

                          MD5

                          2c34857944757a75709e583c992dd46a

                          SHA1

                          2c6102419cdcd7550aabd6605736c41ecd77f59b

                          SHA256

                          ea04f500a3cb40d151221fd3f6dbce6d65dff00011d57ae7f52d8360badac88f

                          SHA512

                          607bc623b69d7441604bb94b0c9362d746d885fbabe993b2c562602a4f22da2d168890b56d50c845518f0da9c696a092949d675fb65570b73d60e0df0c93b09c

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json

                          Filesize

                          90B

                          MD5

                          c4ab2ee59ca41b6d6a6ea911f35bdc00

                          SHA1

                          5942cd6505fc8a9daba403b082067e1cdefdfbc4

                          SHA256

                          00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                          SHA512

                          71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          1KB

                          MD5

                          85bf17aaec32ae68a980f8c06a49e377

                          SHA1

                          1856ba65e41d35e248197ca50e7843a49699a6be

                          SHA256

                          04fc19e65e8ba0ecd2c6585ac9db07f7897aaa8e65d516545f1ae071c36a3cfb

                          SHA512

                          8464f76f78d1bb93b0cbfa05e83f6ae7f4b169353d0d2871bd2d618d928c2c55a29d6b52b0b7beed4ee9189b35d3d31ec236aa5e2e4c8300b91442ece939037a

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          7.8MB

                          MD5

                          f8c53769265a36f3c243a9d34934c2e8

                          SHA1

                          88bb74bc8e5d59353b52d6f7756f5738d782c811

                          SHA256

                          6c0d9d85f02e4e9dca918b62644e6b10789827086215f24853b60be677b9b63e

                          SHA512

                          0e597419a20f5a65198bc4aa89b68f78dcfaf6c9812b2b006d83633ce168cf01266920a6a47fd59cbb15578e2688507dcc51968c28786ab7483f2d6619316d4e

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\targeting.snapshot.json

                          Filesize

                          3KB

                          MD5

                          f80303eb90d836b29d173f4af0d3d06f

                          SHA1

                          6d6a336e1f2e2ea0f196f74b736d0c550572f467

                          SHA256

                          64ff06ec310eb9681324d03fbd39df9fe1114d5a0cdbc7428f8e36f228604640

                          SHA512

                          1d4a7ab4c310dc342813ea7e074e2dc3fb6b3666c57d4c3127aeca620469b7755d343fc08d905ad6f5f722223618b19df25c9b34869cb0c0e42f46f8adcd7be4