Analysis

  • max time kernel
    1345s
  • max time network
    1176s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-04-2024 02:05

General

  • Target

    Silver Rat/Loader.exe

  • Size

    490KB

  • MD5

    9c9245810bad661af3d6efec543d34fd

  • SHA1

    93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d

  • SHA256

    f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478

  • SHA512

    90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767

  • SSDEEP

    6144:3PkcFUUUQHs5TlOhDuy4VjmSO6/tU4j06xeJyCjvhsXZ4m05d0qCsfBLuWWCV/rr:3McWUUysz/NhKjJPhM4/5bV/rvgE3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Program crash 2 IoCs
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe
    "C:\Users\Admin\AppData\Local\Temp\Silver Rat\Loader.exe"
    1⤵
      PID:2876
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4584
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.0.2145052087\640182259" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1776 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a84fb52a-fc5a-4009-8116-2fdda5c5ea99} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 1880 21beae24c58 gpu
          3⤵
            PID:3176
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.1.1041433781\1660664923" -parentBuildID 20230214051806 -prefsHandle 2376 -prefMapHandle 2364 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ab100ec-6c09-4fe5-a221-426c61baf6ba} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2404 21bde187258 socket
            3⤵
            • Checks processor information in registry
            PID:3068
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.2.1759952717\7683329" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2816 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f3e4d6-9503-4bbe-9edd-39a6f285d237} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 2804 21bedbe0258 tab
            3⤵
              PID:3904
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.3.1778858532\1343224983" -childID 2 -isForBrowser -prefsHandle 2596 -prefMapHandle 1632 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af517917-d793-4114-b374-9d2d408df363} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3436 21bf0470258 tab
              3⤵
                PID:3556
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.4.1817351246\1551165744" -childID 3 -isForBrowser -prefsHandle 5052 -prefMapHandle 4960 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea029a4-c3f3-4103-b224-04a20b2cb3f4} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5064 21bf1df8558 tab
                3⤵
                  PID:3596
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.5.192558974\936675166" -childID 4 -isForBrowser -prefsHandle 5300 -prefMapHandle 5296 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b440ba4-efe2-4126-a7cb-a52def6509c4} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5224 21bf266cf58 tab
                  3⤵
                    PID:4856
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.6.12328228\1991631313" -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba456dd0-93af-468e-924f-11e304ccccf6} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 5396 21bf266a558 tab
                    3⤵
                      PID:5104
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2096.7.124211355\802831872" -childID 6 -isForBrowser -prefsHandle 2920 -prefMapHandle 2916 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1372 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe7f4e0-85cf-4ffe-857b-1cfd564b84ff} 2096 "\\.\pipe\gecko-crash-server-pipe.2096" 3404 21bf31a2958 tab
                      3⤵
                        PID:4784
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:336
                    • C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe
                      "C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"
                      1⤵
                        PID:4656
                      • C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe
                        "C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"
                        1⤵
                          PID:1348
                          • C:\Users\Admin\AppData\Local\Temp\Loader.exe
                            "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
                            2⤵
                            • Executes dropped EXE
                            PID:1232
                          • C:\Users\Admin\AppData\Local\Temp\SilverRat.exe
                            "C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"
                            2⤵
                            • Executes dropped EXE
                            PID:2384
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 896
                              3⤵
                              • Program crash
                              PID:4676
                        • C:\Windows\SysWOW64\WerFault.exe
                          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2384 -ip 2384
                          1⤵
                            PID:4020
                          • C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe
                            "C:\Users\Admin\Downloads\Silver Rat\Silver Rat\SilverRat.exe"
                            1⤵
                              PID:3256
                              • C:\Users\Admin\AppData\Local\Temp\Loader.exe
                                "C:\Users\Admin\AppData\Local\Temp\Loader.exe"
                                2⤵
                                • Executes dropped EXE
                                PID:3144
                              • C:\Users\Admin\AppData\Local\Temp\SilverRat.exe
                                "C:\Users\Admin\AppData\Local\Temp\SilverRat.exe"
                                2⤵
                                • Executes dropped EXE
                                PID:3940
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 864
                                  3⤵
                                  • Program crash
                                  PID:5576
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3940 -ip 3940
                              1⤵
                                PID:5020
                              • C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe
                                "C:\Users\Admin\Downloads\Silver Rat\Silver Rat\Loader.exe"
                                1⤵
                                  PID:1944

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp

                                  Filesize

                                  24KB

                                  MD5

                                  050766629bd864b13e3d21853867c7ac

                                  SHA1

                                  b2433373f511420ac58587d55c4c515c35ed04cb

                                  SHA256

                                  76b44948b430dec32526e84285643a1fa173e77c70c24ff42479f7c29e302608

                                  SHA512

                                  45f58afb5819d3aab170621f6ed17ea403c8ee3aee818f8f37e38f2c13b883bd0baa39b6d7e2256ffb1110675395fa517158b1a6072da656bb2bc5c7b836c8d3

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\activity-stream.discovery_stream.json.tmp

                                  Filesize

                                  24KB

                                  MD5

                                  748c25d2b7571de48728a14809c4b9a4

                                  SHA1

                                  8ab85569c47c4fc18fb5d5ac700d9b6226eff8cd

                                  SHA256

                                  168aebff993a279eeea2c7c16405c5a9461de67917669fa686229c31ce2da578

                                  SHA512

                                  e96e49ed47c2a0ac9ba250a829261e729b83556904e7a34edfa370f7a852c6ab3436e0ba29f80a8e7d7223e90bc2cb50044d3df05757cf8e7bfea4390233bfca

                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

                                  Filesize

                                  13KB

                                  MD5

                                  e874ac6b9406ff6fd1fd40dc03dffbaa

                                  SHA1

                                  620294e065c1935613b8ece47130c0ac7cfe00ad

                                  SHA256

                                  2112d7cb4d4751d15dd8ae5cd3d5e3338c76b999a964b0afb40adf69a96c2cb1

                                  SHA512

                                  fd26aa004ca487437e4e82dd1b390c2f70dabdfac88fd8620f9ff6639c5a1f1e5d93d2fe51fe0aa14de997ced6c0ec0bac0e9b89731b99f08aa36e10c23caeb8

                                • C:\Users\Admin\AppData\Local\Temp\Loader.exe

                                  Filesize

                                  490KB

                                  MD5

                                  9c9245810bad661af3d6efec543d34fd

                                  SHA1

                                  93e4f301156d120a87fe2c4be3aaa28b9dfd1a8d

                                  SHA256

                                  f5f14b9073f86da926a8ed319b3289b893442414d1511e45177f6915fb4e5478

                                  SHA512

                                  90d9593595511e722b733a13c53d2e69a1adc9c79b3349350deead2c1cdfed615921fb503597950070e9055f6df74bb64ccd94a60d7716822aa632699c70b767

                                • C:\Users\Admin\AppData\Local\Temp\SilverRat.exe

                                  Filesize

                                  25.2MB

                                  MD5

                                  d6527f7d5f5152c3f5fff6786e5c1606

                                  SHA1

                                  e8da82b4a3d2b6bee04236162e5e46e636310ec6

                                  SHA256

                                  79a4605d24d32f992d8e144202e980bb6b52bf8c9925b1498a1da59e50ac51f9

                                  SHA512

                                  2b4eb9e66028d263c52b3da42fa3df256cf49cd7a7ebdf7c75da6a2dedfd2c22cb5f2071345b7016cd742539c74a801cad70c612330be79802fa19f860ea2d5f

                                • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                  Filesize

                                  442KB

                                  MD5

                                  85430baed3398695717b0263807cf97c

                                  SHA1

                                  fffbee923cea216f50fce5d54219a188a5100f41

                                  SHA256

                                  a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                  SHA512

                                  06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                  Filesize

                                  8.0MB

                                  MD5

                                  a01c5ecd6108350ae23d2cddf0e77c17

                                  SHA1

                                  c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                  SHA256

                                  345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                  SHA512

                                  b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                  Filesize

                                  997KB

                                  MD5

                                  fe3355639648c417e8307c6d051e3e37

                                  SHA1

                                  f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                  SHA256

                                  1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                  SHA512

                                  8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                  Filesize

                                  116B

                                  MD5

                                  3d33cdc0b3d281e67dd52e14435dd04f

                                  SHA1

                                  4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                  SHA256

                                  f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                  SHA512

                                  a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                  Filesize

                                  479B

                                  MD5

                                  49ddb419d96dceb9069018535fb2e2fc

                                  SHA1

                                  62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                  SHA256

                                  2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                  SHA512

                                  48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                  Filesize

                                  372B

                                  MD5

                                  8be33af717bb1b67fbd61c3f4b807e9e

                                  SHA1

                                  7cf17656d174d951957ff36810e874a134dd49e0

                                  SHA256

                                  e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                  SHA512

                                  6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                  Filesize

                                  11.8MB

                                  MD5

                                  33bf7b0439480effb9fb212efce87b13

                                  SHA1

                                  cee50f2745edc6dc291887b6075ca64d716f495a

                                  SHA256

                                  8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                  SHA512

                                  d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                  Filesize

                                  1KB

                                  MD5

                                  688bed3676d2104e7f17ae1cd2c59404

                                  SHA1

                                  952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                  SHA256

                                  33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                  SHA512

                                  7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                  Filesize

                                  1KB

                                  MD5

                                  937326fead5fd401f6cca9118bd9ade9

                                  SHA1

                                  4526a57d4ae14ed29b37632c72aef3c408189d91

                                  SHA256

                                  68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                  SHA512

                                  b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

                                  Filesize

                                  8KB

                                  MD5

                                  dcce0be5a0c3fa86131c9f30df75c9d9

                                  SHA1

                                  c8ed8b247a7221a7b4d2ee91fd346e54d791598c

                                  SHA256

                                  2ebf18981efe4f44ae76b059ec648fafeb27bfa07cd233ab47a442408b54f44b

                                  SHA512

                                  cdba9696ce13e2dfaa9e9d81e3238fe39b5e9673d5fbadcab840f4607c6d985bc5852cb6347d4f65d73e5d28c0f9c19cdefc74460fea932ee55deeb5537d2a3e

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

                                  Filesize

                                  10KB

                                  MD5

                                  c8f3602113dc2ae77caea7eb6d474674

                                  SHA1

                                  c657884c10d56f8b49606adb74f321124bb5ed5a

                                  SHA256

                                  3f9601e5a938c8ed683b339c4de7e14ca574fd4441e15cd7fafd865031635af1

                                  SHA512

                                  7f275aaf59324ad6b80775d6f69429867c9ae6d46feaeda2a55fc718d7293530ae61905f79a9683e644247684285967218397c23dc1c02bbcceaad28637138a0

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

                                  Filesize

                                  6KB

                                  MD5

                                  d15f7a87e8befea30e735b45e39b9504

                                  SHA1

                                  0a83ac3d5ca0d24230f601a891c44bbe9f99937d

                                  SHA256

                                  0fb68acdbab583dfa52fc79bb9b5981ed14d761fe7f938238d0b7b97039ccae7

                                  SHA512

                                  b321eb875b710fb2ba8312386ac8521d907f538c60013afb24d9ba60551a8d2f83525c5463fdb8673fec7e844c6511711873b98fdf10853238d790448a817cb2

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\prefs-1.js

                                  Filesize

                                  7KB

                                  MD5

                                  19d8a59b0a5b1ae7502a32154a33150d

                                  SHA1

                                  5416b111f973d491f8e158b422462a04aeb6683b

                                  SHA256

                                  ca203f0d3d9df4cc6a85c412320ed37a342c2493828a2efb01c842a15c586830

                                  SHA512

                                  dfb723c1a616af294ac27a81a783e5d9faf755ced304f6d6dbe827acd8c8f96e7368f3de2fc04023eb287dfbe716906e5ba097cde3547ac76866f567fb4549f3

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  1KB

                                  MD5

                                  6042796da24fe9695406737188fb310a

                                  SHA1

                                  7f58fb1b35129809988ba363ae2fc8d68cc43016

                                  SHA256

                                  0458d0a951d583301e60052b004aa6e939402e7bb1347e281eec7b442f36b6cd

                                  SHA512

                                  a8e630a9c1346b9c34a5f09e85cb95eddfe073caf048eced890f17315aad71f223ed840fff93e98f7997b614d3f568466c0711b250a4d37c5649be59ad2c1325

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  1KB

                                  MD5

                                  e723ecca48b143774d3e41c224106b65

                                  SHA1

                                  9d041995838ee450ac1547d00fbfb4998902dc7e

                                  SHA256

                                  f9c7df6a68412b193039df01670766e910197525ad783b07a8c0aef3b2435e43

                                  SHA512

                                  18c3ba696db9b0c3a907ddfae70395e3a92af7b169ee8bb0f1e095a41494c278520adb51287112a993ebf4bdbedf8a0334a34556504fce0511f9c04acea239ee

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore-backups\recovery.jsonlz4

                                  Filesize

                                  5KB

                                  MD5

                                  a0e4962eb25a2539e0358dec9bdea660

                                  SHA1

                                  72df4549ef9359c72f9c2f3726f934b376daa2f0

                                  SHA256

                                  e529cbf4105e2d91f62e4a6d125a0da3411b162cc9e94ad5e7e78dd4982c46c2

                                  SHA512

                                  472ea93e26919b531ec4116c2076cf06c4036c3977194803992b28d1e5df3d90d4c6318cf8f18bc1e22362c68b8cbbecc4eb0a2711d2795eb18eb4897b1054c7

                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jn4l3e2t.default-release\sessionstore.jsonlz4

                                  Filesize

                                  5KB

                                  MD5

                                  80669d4def45bb38fbc43debf548a75d

                                  SHA1

                                  22a1c41e0180a3caf6e0757dddff9708043efaa3

                                  SHA256

                                  39b00faedaba54c005496d3f03147c5aa222e23f3ab9026b4741f6665b9d5206

                                  SHA512

                                  9055e28d7d150ec0c1a5054e9dbf44c7fd9379e6676e1e8a45a5c5a5013c93fb793b1a6717c3d22ac41ce370215e02d645198e48c9673aac109cdc217f1072b8

                                • C:\Users\Admin\Downloads\Silver Rat.3P00_eKg.zip.part

                                  Filesize

                                  16KB

                                  MD5

                                  eb0ab6050c1f77229b805218e5abe49b

                                  SHA1

                                  bc9e9ea152b5d64d638c80fbea1b41494282baa7

                                  SHA256

                                  d82a000ba97ab59bb304c0983b574e503344e7553595c6e49a180f1f70236445

                                  SHA512

                                  d94c6ef1274328ec477430bb4f6c4ae3a2bb12cba620e5a882cb8f10ae6377061aecbb55979b2e503b8ddd5982fd6d7afb5519e67a3a1a3adc8c4e52fde11916

                                • memory/1232-211-0x0000000000B50000-0x0000000000B51000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/1232-206-0x0000000000A50000-0x0000000000A9B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/1232-228-0x0000000000A50000-0x0000000000A9B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/1348-222-0x0000000000400000-0x0000000001DB0000-memory.dmp

                                  Filesize

                                  25.7MB

                                • memory/1944-2240-0x0000000000C30000-0x0000000000C7B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/1944-2245-0x0000000000C30000-0x0000000000C7B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/2384-227-0x0000000006FA0000-0x0000000007032000-memory.dmp

                                  Filesize

                                  584KB

                                • memory/2384-224-0x0000000073660000-0x0000000073E11000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2384-229-0x0000000073660000-0x0000000073E11000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/2384-226-0x00000000074B0000-0x0000000007A56000-memory.dmp

                                  Filesize

                                  5.6MB

                                • memory/2384-225-0x0000000000C30000-0x000000000255E000-memory.dmp

                                  Filesize

                                  25.2MB

                                • memory/2876-9-0x0000000000920000-0x000000000096B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/2876-8-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/2876-6-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/2876-7-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/2876-0-0x0000000000920000-0x000000000096B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/2876-5-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/3144-1520-0x0000000002C50000-0x0000000002C90000-memory.dmp

                                  Filesize

                                  256KB

                                • memory/3144-1476-0x0000000002DF0000-0x0000000002EF0000-memory.dmp

                                  Filesize

                                  1024KB

                                • memory/3144-1501-0x0000000002C50000-0x0000000002C90000-memory.dmp

                                  Filesize

                                  256KB

                                • memory/3144-988-0x00000000010D0000-0x000000000111B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/3144-1544-0x0000000002C50000-0x0000000002C90000-memory.dmp

                                  Filesize

                                  256KB

                                • memory/3144-1569-0x0000000002C50000-0x0000000002C90000-memory.dmp

                                  Filesize

                                  256KB

                                • memory/3144-1518-0x0000000002C50000-0x0000000002C90000-memory.dmp

                                  Filesize

                                  256KB

                                • memory/3144-1931-0x00000000010D0000-0x000000000111B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/3256-1010-0x0000000000400000-0x0000000001DB0000-memory.dmp

                                  Filesize

                                  25.7MB

                                • memory/3940-1746-0x0000000073B80000-0x0000000074331000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/3940-1253-0x0000000073B80000-0x0000000074331000-memory.dmp

                                  Filesize

                                  7.7MB

                                • memory/4656-191-0x0000000000B00000-0x0000000000B4B000-memory.dmp

                                  Filesize

                                  300KB

                                • memory/4656-196-0x0000000000B50000-0x0000000000B51000-memory.dmp

                                  Filesize

                                  4KB

                                • memory/4656-197-0x0000000000B00000-0x0000000000B4B000-memory.dmp

                                  Filesize

                                  300KB