Resubmissions

27/04/2024, 13:18

240427-qjxd6sbb95 10

27/04/2024, 13:14

240427-qgyjfsbg4t 1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/04/2024, 13:14

General

  • Target

    L0ADER!.js

  • Size

    154KB

  • MD5

    03ec5def85aa15039683cd4b998ece8e

  • SHA1

    e128b2b18a8d5ae8b1cc50d6beb20793c130c932

  • SHA256

    31a0852f967a23f76a027fa2321ef833c7e2416376ad75f2744c270dd1d9ecab

  • SHA512

    d628c364c4b943fc6eb5d4d4d4e2c031450c6ef2ffa989b34c6fbf8043c82fea1921b2e59d22bd285f9335cc8d853da1bc24375c038055ec3c97d34c40c60c71

  • SSDEEP

    3072:EIHm8YyrCBcKJNuzoR7qqHb5NRs3wxDf04wlt8+70g3X3Ggk:EUcl5NRsAxDf04wlt8+70g3X31k

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\wscript.exe
    wscript.exe C:\Users\Admin\AppData\Local\Temp\L0ADER!.js
    1⤵
      PID:876
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:3564
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2400
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.0.1409543113\1814915217" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee8d38d2-88da-45e9-a5db-7389377e839a} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 1796 200288d6758 gpu
          3⤵
            PID:4048
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.1.1847923824\219646469" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2570298-eb9d-410a-9b00-ac993c36b5d0} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 2152 2001d872258 socket
            3⤵
              PID:4892
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.2.1316115924\2017739874" -childID 1 -isForBrowser -prefsHandle 2956 -prefMapHandle 2952 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff775d91-6bb9-4eb3-b8a8-68a31d43637f} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 2812 2002cbb1b58 tab
              3⤵
                PID:4776
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.3.388838178\537746837" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14579c63-ba44-4185-9526-14bea6ba3556} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 3508 2002b42d758 tab
                3⤵
                  PID:4252
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.4.769439959\140630493" -childID 3 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee038e3-3ba1-4d46-a60b-1c5381772d29} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 3932 2002d9b6058 tab
                  3⤵
                    PID:1540
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.5.288924543\2079707399" -childID 4 -isForBrowser -prefsHandle 4948 -prefMapHandle 4936 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0adcd46b-5c8a-4bd1-acbc-efdb06953a79} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 4916 2002d1d6158 tab
                    3⤵
                      PID:3568
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.6.926803587\1135808963" -childID 5 -isForBrowser -prefsHandle 4376 -prefMapHandle 4872 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc9a3620-d584-4a11-8f3d-7f1a4e6dd1d3} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 4764 2002ee43558 tab
                      3⤵
                        PID:3744
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.7.419659325\682151155" -childID 6 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6e46273-182a-4d77-a91b-307f881025ab} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 5152 2002f1b1258 tab
                        3⤵
                          PID:2952
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.8.1151742346\1328199365" -childID 7 -isForBrowser -prefsHandle 4984 -prefMapHandle 4540 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20afcc15-19e0-4a77-9491-ae90d20b7f3b} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 5152 2002f1b3c58 tab
                          3⤵
                            PID:2352
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.9.1604464291\836147293" -childID 8 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b6a4305-fa95-4af6-a196-3325e62576a8} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 5796 2002b2e9058 tab
                            3⤵
                              PID:4256
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.10.1786050191\991798072" -parentBuildID 20221007134813 -prefsHandle 6052 -prefMapHandle 6044 -prefsLen 26593 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0289720e-8b67-481c-97c5-dfe39d81a7b6} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 6036 2003070ca58 rdd
                              3⤵
                                PID:1260
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.11.640007338\933902060" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6152 -prefMapHandle 5992 -prefsLen 26593 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76444bc7-27b5-4fa9-a8ff-686d7258cc5b} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 6164 2002e8a2858 utility
                                3⤵
                                  PID:3204
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.12.1296262525\973241272" -childID 9 -isForBrowser -prefsHandle 6484 -prefMapHandle 6480 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90114003-52ce-4b21-a480-eab28721b228} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 6488 20030a22c58 tab
                                  3⤵
                                    PID:5160
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.13.1538661548\1177447302" -childID 10 -isForBrowser -prefsHandle 4120 -prefMapHandle 4132 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fba78678-e1f2-42f2-bafd-53c0862f1ad0} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 4460 20030618e58 tab
                                    3⤵
                                      PID:5132
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2400.14.55793442\1408387546" -childID 11 -isForBrowser -prefsHandle 6864 -prefMapHandle 6908 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d7a1d36-60b1-48b4-b826-ce3130cd3107} 2400 "\\.\pipe\gecko-crash-server-pipe.2400" 5988 20030617058 tab
                                      3⤵
                                        PID:5144
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x3d4
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5760

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\17309

                                          Filesize

                                          10KB

                                          MD5

                                          92a0cff793922e2e7049880579c85947

                                          SHA1

                                          768b73f47f9b87a9adacbba1ed89a3726aba228e

                                          SHA256

                                          df0e4ce286c7c35a718a7447c557082462134c232ade2d21be648670049aebf8

                                          SHA512

                                          ab94c4da5906a248fab5cb6c3195bbf8598210f90fb830353b21f187e5907a88b94815d17aed2b04dae8d00e754ba1d799d64e936936cc264fbd93c514dc6984

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\18644

                                          Filesize

                                          11KB

                                          MD5

                                          267ae98e07f8dfb144819d2be1025647

                                          SHA1

                                          d8d877bde4b4c37657e7921b669b3673514b3246

                                          SHA256

                                          d2210786582c486cc0fdd0132e6d574a8ab7d404104eba05629f3fc2cd8fcb7c

                                          SHA512

                                          42446f1478d82dd47441eade9728edfbe2a9e721d0d4915b50e9edbcafdd46f47888bafa609f44f0bd014b9bef483152c98388aa26f9837bb15bdbd73d54d312

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\19369

                                          Filesize

                                          11KB

                                          MD5

                                          e70d75cb75901bf7186084792b37764f

                                          SHA1

                                          09891a632a8a66ddd9225395ddda9f26f6525266

                                          SHA256

                                          d178ff80e1a81745d471811f2f2dd415b5c3fd124ba033b7cbc0712d85f7564c

                                          SHA512

                                          f212f7e09c818890861def1d868ff8abc96f546740a756a7081cf57b7e5af04a2c97eaf93808879d5e5fc02d46472e3c8ebffbaaa940665d770ece834a5c38b2

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\23324

                                          Filesize

                                          19KB

                                          MD5

                                          40298e1390567d3928b008604873d414

                                          SHA1

                                          78477eea02f97f2b9e663e9513a2bf01aa7afbbe

                                          SHA256

                                          ac9eabc1439d94eecdd84ba2bf4ce1299a6d595604b0970954e57154df64fd2c

                                          SHA512

                                          7536ac05353a142e44df1acf3468af5ff6f70ad3632a810d7873fbaf7b3d0b20d3dc870d5ecff31a0822e2168ee033e25ac994fd18b37e2ccb680d93766bb6ec

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\28248

                                          Filesize

                                          19KB

                                          MD5

                                          19b2a851dc0ac519274d4ab5f3b8ffbd

                                          SHA1

                                          bc2973e8545ddce8b9aa4a52a97e9bc59ff3885c

                                          SHA256

                                          867b0f0e8f62a24ddda4f01309ea6ca73330230648fd036267abfdafc75309fb

                                          SHA512

                                          032766f314e098d2e653e7e896b099e266e046e709dda264f4b492aba2d663995d115bc287884efff0fcc72f350b1e9c34123aec42892f98dfbd8da0e4bd48b9

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\A4CE164F50B862A9A4129172EAE07F4D83D47575

                                          Filesize

                                          43KB

                                          MD5

                                          9ed22668a4eba8dd6367a1fff8e46190

                                          SHA1

                                          bfbe0025c0d844c4bf88f58c4295e294a2ac5a9b

                                          SHA256

                                          9d5ecd8fb8f7bfccf05b7c69fde59eaea3dbdbc6278ae675267232a7408b901e

                                          SHA512

                                          0aa8bdcbe6789804921d867045c1aee89fba5aaceffffa2cf805bd090eff9801e9d1882a985157e55d27b10c2187a6049a587269cc724e6c776bd040876cc964

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                          Filesize

                                          7KB

                                          MD5

                                          c460716b62456449360b23cf5663f275

                                          SHA1

                                          06573a83d88286153066bae7062cc9300e567d92

                                          SHA256

                                          0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                                          SHA512

                                          476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

                                          Filesize

                                          2KB

                                          MD5

                                          2eb49725b69f846907a0ba8b5318b837

                                          SHA1

                                          cdb5042f6bfcc03a6135d1b1d6d19ae33c956378

                                          SHA256

                                          4f0efce56c52eba7880406e11b619642fcd359f8c8f1505e89184f5d43b161a4

                                          SHA512

                                          89643b08a92f7e22513d84a8dcdda939400f31d1d97846f6d6b83d8d297f7129c075789fd88414399738000f0a3ddac2bd7e05299c63f0c001c24b2d9427f83e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\7edb1e2a-1ee6-43e9-9764-87fba78acdbc

                                          Filesize

                                          746B

                                          MD5

                                          53e4716236748c67bd5f9bd6a200ed9d

                                          SHA1

                                          59ce60d84aa50a972cf77bee4d33f80e2f6cfce9

                                          SHA256

                                          f9b20a237bc5a3046f6a744ca7da4e51becebe3e016ae729f02714fc0d82d754

                                          SHA512

                                          face0d489b05ac207ccb7fabbf635be9bfc77431d8dd71868a274b650fd3c62cb790eb308599af41b1ca0fa24bf9415cf17fd5d86fcf3477e863a9b30d4be208

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\9fc25e8a-a70c-4fc1-b923-08378083426a

                                          Filesize

                                          10KB

                                          MD5

                                          9a982c2ed601f11c769acb4818f2231d

                                          SHA1

                                          4ed410e7696f2a6c7047d126e69761fc161490c1

                                          SHA256

                                          4900323ae492d39c2f2ab7165c92dbd7460935bad87ff6da733d32eaa6553448

                                          SHA512

                                          2b5ac7b2254de996c6d3499658188faa92bb5995f0a0847d20883bfe0145ec7134b07c650aa9eb085aa61cf83b459f7707dcd0e7c3fe1eaee35263d94691dd0e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                                          Filesize

                                          6KB

                                          MD5

                                          b48bdeb418bc6d14cc7f004d9a4833f4

                                          SHA1

                                          a2306575c6179b6696b3e375b569f2204473cd20

                                          SHA256

                                          6431b6d3379d9ea3cdb3339ebe6123a2d2853747b64668267d458892053153aa

                                          SHA512

                                          f120d408f3c9d6bb987e2d6efd823d3bc10a17d1ca126e03dbec2df7acf8b825cf73741e17f8d7d4829916414a1b939b966886e3726ea0308199525c4cd96a1c

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                          Filesize

                                          6KB

                                          MD5

                                          cf3eee984e2c1a31b105cbaee59529d0

                                          SHA1

                                          d4abf164712e799d1693825370e94befcee7855f

                                          SHA256

                                          a60c7b886822d3fe17dfdd068382f483c0d19334f80f01a56b811d9c3620b972

                                          SHA512

                                          d5dda6c87d5f49c555d3eb0a368a81cd53273f2882e7288d33f2ecc4ba20399de03e99bcaff18f036d064591e3ffa8ce67fd022685ba687a4ea42c040e8ce76b

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          1KB

                                          MD5

                                          df42b7bb568a4b568b444d0cd79568f6

                                          SHA1

                                          28c6344059df3db8b5ef11bfbd282c6c9e92378f

                                          SHA256

                                          4ab9e2494eebd6e6af2c20514ec3809e7a32a628bdfb52645128aea03980bcd6

                                          SHA512

                                          ad3bdf191d93a63ccda81279e75bc3caa91465d2bdcef300296ac130683dda57d4d0ac49f269a324023cbb6f5c4d75a609ca2055e1ee6afc7bc34d0fdb7317ee

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          4KB

                                          MD5

                                          4a073a330a8ac7021bfc213b18531a04

                                          SHA1

                                          e13e0808379ace00c341187a3be7e394141335cf

                                          SHA256

                                          b7ed5198ec83026620f21f85eef5ef5f5a921832632851ebfdd6eb8ca7616085

                                          SHA512

                                          ae72232351ba4d1b3e8baa0520661dc175e5342d52225078de3c4f6bc8d1b7a3ced96674caae0b5c2dc557f995a511005406d811b237f58bf391a37342114a5e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          11KB

                                          MD5

                                          0e3fc7f93714d96d20472c3b02f60cae

                                          SHA1

                                          3bb110f78643371a388e555d11f4b82cb468ebc7

                                          SHA256

                                          f3f1db706eba5fb5ca47cdac652e68f56a6f916313d1f1d5f977f4586057aa05

                                          SHA512

                                          eb6c7f73521d94643d48c504dc9823e86b3f41a95faf78d96321cf78e6334577b0c7a723e9efe6f7012f9e875f8934af7e5fd1588da52ab64431c07d327d2bde

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          12KB

                                          MD5

                                          c2abaec2ef5b26375a846fc402bd6c27

                                          SHA1

                                          e11bc3cd228dd45a929df0c7835b0685b92d62a8

                                          SHA256

                                          169f90078ffa0d9c95fe3b5079832a945db597e171ec04f519ea29bb009a9cff

                                          SHA512

                                          d7a6fd6cbb04a911986f8151b43b34ac3a0bce2a8bd725f198b85784f6cbd0cd6a414d86f2b655a3c643c21acad80cc365ad7dee2b66b73a379cebd707ab72ec

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          1KB

                                          MD5

                                          60ee9013f02a76992f3cc001b26ba893

                                          SHA1

                                          95eed07a1151c27e51ce504915d484b65c9ea5b1

                                          SHA256

                                          bf9441dce843102cffc13be8b53e3d87348a7829f1a08bf05c7e0c6fdaba09f8

                                          SHA512

                                          44208edb795c2581d9cce9be2f99ccac2d6d31a04c77c237942b04690ca31b74d0cad0cebb9dcaa2e53f07b2f4ffc28044aaa6981cb10e0490a4dab75267a1c4

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          4KB

                                          MD5

                                          1d779a4d636bae2348a0368d668fc3c9

                                          SHA1

                                          fa5eab830480c3f1d7087822df28585a490d30b6

                                          SHA256

                                          05b31f93a6b54d6cff10f1be500d7d76cbd4a1d37da114e8ef16e06a3f00a87e

                                          SHA512

                                          fb5d149e205a012bb0603fe97069c121f7c41153dccb75f4ca38b82be87b443f98088af0669068489d450b98e52024fd3b1c34fc9f4bc9fbebed862afb5bffa1

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          5KB

                                          MD5

                                          7919dcc0af69a671ed5365694241663f

                                          SHA1

                                          862c1e6219ea9409e7144b3bea931e7658b9728c

                                          SHA256

                                          a44f4fb699d95da00734f7449eab9a1bcb044ffd1a55e67836b897f430cc6eca

                                          SHA512

                                          0628236f8a684bab38132652f713741294d3ed7861ca968556fa170fb2db159f8711a20f19a88d2781bd2eb7142ad4eae2347bb99c5138f680148b6018bbb17a

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          12KB

                                          MD5

                                          10d3098238b874ad741b6c56f63057bc

                                          SHA1

                                          310ccd9ddd4d3067a56c2a79990f8d8a39f13068

                                          SHA256

                                          b4048624998fb0de30507d20a26bc00074ef5126be1234f0a0067c215171f71c

                                          SHA512

                                          8147dc284a946e9fe4f4738f53ddde0dc95ba928d709d748b2ede434a452a29e36af074996ac7d084685af54717bf61b0d4f12bc7553d2c93d2a04657e044a97

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\cache\morgue\247\{9d074762-067c-4fe6-aa09-5530f02f8bf7}.final

                                          Filesize

                                          78KB

                                          MD5

                                          7996f5b56bd7b7bc32d8706757a0b5c8

                                          SHA1

                                          9315756113f12808c90a1d15c952295e0ce229b6

                                          SHA256

                                          8edcc45f51fad9387ebfaaa70639da1b488667167d5d4fd9b76840a6f0fb478d

                                          SHA512

                                          297ca95671f9c3ffb19057df1ac1236c30c538abf380e14a0a2a682b2ce6f56e5d3577a8c9914d1d09e239f5da6d54f316b799284003a37afbdd476d4584ef87

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\cache\morgue\82\{6f669a9f-d3bd-462f-bda4-a0dfe35f3d52}.final

                                          Filesize

                                          4KB

                                          MD5

                                          0e3540f92205e51fda63b59dcabfd5d8

                                          SHA1

                                          7782b610cca758e73e8a2dd8aab61ac5b2a22501

                                          SHA256

                                          a57f2ae6e288f38d75f30e5c8401b2bdb26e9443c5ab05806698a84ff291d679

                                          SHA512

                                          f6376072c249a5e67d47ecc39cdff71d2e67a8e14daebad86d2ea003194fb15f41a7ffb89263e03d666198c726fed6a4e1909127f0b0e1e0f8d98d69c8233619

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite

                                          Filesize

                                          48KB

                                          MD5

                                          9ef7f5a9283edf09f4bb9aec3dc9e8ed

                                          SHA1

                                          ab846405d6261a3cdea55fb4b9dc313d9b210d9f

                                          SHA256

                                          ae446cf7a3a368485105cf1439ba733f2e5a06b180a1fd1d5d7eafab7ec4b3a7

                                          SHA512

                                          6be8cef91fb2a140d4d0cdaa2e8bed41386b20dd41397550c77f98622f577b89416d83086ed49a30837b22073cc5f2172164787ca3046368af9ec69fffd1f685

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

                                          Filesize

                                          40KB

                                          MD5

                                          7e26d6acf509e0cae124b268614c3282

                                          SHA1

                                          70f525f8dc5cf65c11ca6a194ee7ab563746c11f

                                          SHA256

                                          e78555f41e8323c8d36c1111a53ebca6c4b64ec2125c95f0fd750338670bd9a9

                                          SHA512

                                          d4605fefb45e264ab9cdfd17391fd98114af867c6f9a6281e24b214604fa6d8064cc2c77034917e6c51bc38403d686ecad827b367ff35f9855cdb68d025f7c99

                                        • C:\Users\Admin\Downloads\1INSTAlIER!____Pswrd---1231.pDFBDISh.rar.part

                                          Filesize

                                          64KB

                                          MD5

                                          70f8376bf705e11ae8a40c29f66b79e2

                                          SHA1

                                          d4084f91f65cedfe5239f792c9db135aa5419ea3

                                          SHA256

                                          b03e99bea2acbeb10f648a1abba9c0d08bc85b7ab0088ad81f7b52c69d5bd75f

                                          SHA512

                                          bf2c0ddad6360c0df4b5a06c5c91abfec424cc7995190534b3ee026b6cdf659f9d1ae7bffe2cb4aab54eb5c127070666641c6b976a83fd769ee1342ff3947401