Analysis

  • max time kernel
    1587s
  • max time network
    1588s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/05/2024, 23:25

General

  • Target

    creal.pyc

  • Size

    64KB

  • MD5

    d8cd9403e6a921255a8445ff764c5462

  • SHA1

    ffb521167871584ede34ad1d58d4c271fe7d2efc

  • SHA256

    1bb6a413a556047809939bffaacb98796d1f94645d7341d8afe4bb0262e3f0bc

  • SHA512

    81c714a00e5d89aec7da216181b25ca7d71e606792e8aa18af837c083c070d40f42843ef2ede8a214a26840be60c90b292770a1c56f3fdbc6276d2d7217a467f

  • SSDEEP

    1536:7Tr7e+0Ql9pObo8BHWftXASFW08VgeOR2es:7TLYbo8B2VXASNMgeORk

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc
    1⤵
    • Modifies registry class
    PID:1396
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\creal.pyc
      2⤵
      • Opens file in notepad (likely ransom note)
      • Suspicious use of FindShellTrayWindow
      PID:2876
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2452
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.0.751240975\1230411590" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39252f6c-c64c-4ff4-9d88-2e6e1690cce4} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 1808 1f8ed8d6458 gpu
        3⤵
          PID:3068
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.1.1186058279\192701327" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe53b68-90e4-4477-aaa4-df2be0b70615} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 2164 1f8e286f858 socket
          3⤵
            PID:4436
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.2.900666094\1089503142" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2728 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03c1f56-211e-4ccb-bfa4-b7f8a610a726} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 2764 1f8f1b9ae58 tab
            3⤵
              PID:4552
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.3.442009705\1961984103" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52ed5744-947c-4e83-bad2-678c049cf179} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 3420 1f8f0312858 tab
              3⤵
                PID:4612
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.4.1859437249\1909045402" -childID 3 -isForBrowser -prefsHandle 3816 -prefMapHandle 3804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d4ad4b1-f9c5-402b-a044-711026ebf1d8} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 3772 1f8f3603e58 tab
                3⤵
                  PID:4424
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.5.337523763\1329904339" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {568d916e-68b0-4464-8294-29fb39287ade} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 4928 1f8f3c96d58 tab
                  3⤵
                    PID:3248
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.6.422342891\884273405" -childID 5 -isForBrowser -prefsHandle 4740 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c56b9b2-7170-45c4-b71e-e9a1e3299823} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5080 1f8f3ef0e58 tab
                    3⤵
                      PID:388
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.7.229722214\244243234" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a790e00a-291f-4c65-98b8-08ebec3bf8c2} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5212 1f8f3eee458 tab
                      3⤵
                        PID:508
                  • C:\Windows\system32\notepad.exe
                    "C:\Windows\system32\notepad.exe"
                    1⤵
                      PID:3612

                    Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\10392

                            Filesize

                            11KB

                            MD5

                            6959480783ae269f1e804134cc058bdd

                            SHA1

                            37a799b8546e3f97ea904f4f86ba8602a1dd6be6

                            SHA256

                            cf2a0f7223d405b08683df8f83f916b2e3ae4fe4328cc247473173798373a538

                            SHA512

                            ee604e48cb110990a6c9e1edaeb616d199bd23d612d7df67d236f3bba1f54e105358b94907202dd057b3c331e4e5a9dc9278847f001fb7a45d4c5dc5def28453

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\4046

                            Filesize

                            11KB

                            MD5

                            c4a768972e7bae26efaf59f9fc92378a

                            SHA1

                            72249cdc1c8909a79eb2cb63004ed892689ebb31

                            SHA256

                            c9dcb0ea94db1ebef1c4deaeb70916603cd20984bc1b75aa2580d0c573062824

                            SHA512

                            0cd98f0db438ae652aadc78d60d199ef5a45aa580073241f02a583b88e8ec5e061ca52ca0b4e161a72f3da96520bed352b769593d5f1177aa9f1979db6a29e27

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

                            Filesize

                            13KB

                            MD5

                            e88c76d267f4b32267c31b9915d07d93

                            SHA1

                            c5204ecb599148b6edcde7dc4ec5c17c3419ed05

                            SHA256

                            ec4c78420d1e3bbd9b05c0625914dd41ea8d91a8974437c371e8319436dafe9f

                            SHA512

                            e1a7624525a9005b1e84c8ef8c7fc1bab7995208b2a366de192ff0360a5aef11b87287d509d07a8d2d4b6b61e8033966bba022b495635df5e313cfdcb24b00e0

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                            Filesize

                            442KB

                            MD5

                            85430baed3398695717b0263807cf97c

                            SHA1

                            fffbee923cea216f50fce5d54219a188a5100f41

                            SHA256

                            a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                            SHA512

                            06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                            Filesize

                            2.1MB

                            MD5

                            e4834f24346a09df3ba9b795f45d5a5e

                            SHA1

                            15ad8e2495706d12164a251f01ff90e2aa72cc0d

                            SHA256

                            8b0b63cd95321142389e81fdbf3c050bbaee5ee3bf63ecf898a20d136bf8cf81

                            SHA512

                            d1be7d76f435337532cfa61445defdd156d5575900f81f2cd223ce805eae5abee34b09afcd65b95a5f45501e8a4c89e34c62d0ba3f5f7351fa582d1b59554e59

                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                            Filesize

                            5KB

                            MD5

                            576873ef3feb40559b757e5f075fbafc

                            SHA1

                            499637ce50ccf463aa659862e0a1f0ec7eb02920

                            SHA256

                            717d1906277e313d4513acf7eeb3472f22e4972a3bcc2b5385ff5c1e9785bb3d

                            SHA512

                            08d8b0cd4c9970467a49811304501d7e373c8bf895282aa070a2b507ba578fa37250ba8c23d1e71c1ebd317bb9b1e767ebd44d08f310a986746a19254b54e7c9

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\SiteSecurityServiceState.txt

                            Filesize

                            372B

                            MD5

                            3e7b387280a801d94a6ce0cdf6e3a1d0

                            SHA1

                            fcc6e2d2902769c98966aca15d28a455b4462650

                            SHA256

                            d3c55ee558fb6ab6221b0806c9b313041dcb77eb4142a7e46fe2e6132cb1c885

                            SHA512

                            4921d7f982e343d3f533f5794b61c509b938cfee96e24383d17b1e51da65259d775ffe5cb3ba01a08f22925ee00d2e4c185afcbe73e58e205bb2482f5f1a9e87

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-05-08_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4

                            Filesize

                            945B

                            MD5

                            838d93fe7f64f4f752cc6aa88379ef54

                            SHA1

                            55f0a2bd40fd96e3a319f886a58891fd9d416c0b

                            SHA256

                            1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d

                            SHA512

                            8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json

                            Filesize

                            216B

                            MD5

                            abcc0f42bb5d541a22471d66a24004a6

                            SHA1

                            03e6515a5407620c8e5f48f5024b0824cb866a52

                            SHA256

                            c917bdac59f9ebc4432d65a236d77834490a2f991845dfbb74beb704d1ca9378

                            SHA512

                            eb9cc368afd27c3e37dfb6285ca1ccaecc135220b98e7d24c1afced6433d27eec23b1546352104d53f594721f84a3400ab9279ba966d5de88cbef89d43f0fd7c

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

                            Filesize

                            2KB

                            MD5

                            1e95581207e41f2bedf26496125a0d40

                            SHA1

                            f11ef2107284f1e0c96eb7935b5d2724519d7227

                            SHA256

                            edb308b3fbd6f209b6693d582497a673acfaf865d49476de06c90d4c5f5eefe4

                            SHA512

                            8e305585bdd8f1e098af19966b3c8950432409be0d3dca15ad3c2c08db81e99bd7e34756a7c603f2c1a1065c5eb374bd1a9e1afb5b680b28553d139d7814387b

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\1b3c29d6-3a8e-4a4d-9699-3b325eba8bc3

                            Filesize

                            746B

                            MD5

                            330494c19bff99d45da5f28db1a48618

                            SHA1

                            963cb27599fc4ed19e7979a09ad36e2db1f0349a

                            SHA256

                            17c4e036459ef759b1eb1badfa4fc199dfa45fc1f5b1ec8c78fe3bb7b4166bed

                            SHA512

                            6f2b0db678b2240954b0b4cfda593e4955b37ac88eb1ae6c6517887bc29accb52d4e8ad0467686317b411c22671f3c05b546f4a207df62db1b1065be77fe8899

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\b4e3ac5e-55bb-4cc3-8ac8-07664b1a5d22

                            Filesize

                            11KB

                            MD5

                            310c935b98b3380ced6491a1664e5c70

                            SHA1

                            2a1999d75cda489c2160d79aa9d487bf09e4c64b

                            SHA256

                            3108bac0f340235365b0784bacc581b3d03f357e545b0513f45e64e247a8aa7c

                            SHA512

                            45077a936259cc7be899c266b6f6f0df0a5ec45ff339d5aefe154e9663cab99c262dff1d63c59add29018bbf87b806c2c331df4a77a77c71016d3c0eb452c134

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json.tmp

                            Filesize

                            34KB

                            MD5

                            f8b209c5df7a3833cd9bf79d62380f6d

                            SHA1

                            25dce57657618f1be8d98409f28537e38f0d8d8e

                            SHA256

                            ca033cb0c618bfd2e0982b404363686a79a0e6672d7a484fe97a5f1d7a74c398

                            SHA512

                            2758d26715470183d207d2dbe8c9c95698e8f1bb79a2faa0c922f701175cc96e7bd2fbc7e43a2e2fb806c4e237bdfed7dc6e1d1a131dffc071e19cc94903bd1c

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                            Filesize

                            997KB

                            MD5

                            fe3355639648c417e8307c6d051e3e37

                            SHA1

                            f54602d4b4778da21bc97c7238fc66aa68c8ee34

                            SHA256

                            1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                            SHA512

                            8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                            Filesize

                            116B

                            MD5

                            3d33cdc0b3d281e67dd52e14435dd04f

                            SHA1

                            4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                            SHA256

                            f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                            SHA512

                            a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                            Filesize

                            479B

                            MD5

                            49ddb419d96dceb9069018535fb2e2fc

                            SHA1

                            62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                            SHA256

                            2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                            SHA512

                            48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                            Filesize

                            372B

                            MD5

                            8be33af717bb1b67fbd61c3f4b807e9e

                            SHA1

                            7cf17656d174d951957ff36810e874a134dd49e0

                            SHA256

                            e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                            SHA512

                            6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                            Filesize

                            1.2MB

                            MD5

                            e1fc7b1319afe491f5c4895347946f39

                            SHA1

                            be9e8389d0f9ee8d3a74d9a4d478860be97eb6b6

                            SHA256

                            cf114d548ac4f249d685b4ffa43f520c29da2bbb42b9a3c37cf76ed35162e540

                            SHA512

                            0f63234766f9f3a10440cb776cf30409bdded576edde9608aec548bddc92a332a0ecd7b728f116e5e4456ee743c3a78109310ee640d5eecf5413d00d549913b6

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                            Filesize

                            1KB

                            MD5

                            688bed3676d2104e7f17ae1cd2c59404

                            SHA1

                            952b2cdf783ac72fcb98338723e9afd38d47ad8e

                            SHA256

                            33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                            SHA512

                            7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                            Filesize

                            1KB

                            MD5

                            937326fead5fd401f6cca9118bd9ade9

                            SHA1

                            4526a57d4ae14ed29b37632c72aef3c408189d91

                            SHA256

                            68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                            SHA512

                            b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

                            Filesize

                            10KB

                            MD5

                            7fb20b60bf748f6c3d63b448e086bd0b

                            SHA1

                            5a43fe5c287fa991756837badffc666a5940329f

                            SHA256

                            988d6db993c6068e8cbab08e7d569b70bf83915b27646305a3db9e3a12868d0c

                            SHA512

                            075fbb134b86a9c7e754a04fda100a1cfb8ff658f6eeaf1b96694adbaf2e4e1d452cce5de9e1e5f6581c7e79ac20c85df515795457882ef4ba9f19bfd7173108

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

                            Filesize

                            6KB

                            MD5

                            6b026afba5affda87cb49cdfb5f00620

                            SHA1

                            85ab70da05c0894b49159aa19d12329a4e989655

                            SHA256

                            23f7e8239a206294ff7f92609b2eb027a73fbc23a6ce0e0cff251f52c196c5fa

                            SHA512

                            8107e5e1f57a135133ddaf0bbdb7cf326d22cec6e7f72535fd00ef54e713d351f896fa474b9a343b7d58af17bcb34c1a1f2dcfd2270ba289846aed317f3bcc91

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

                            Filesize

                            10KB

                            MD5

                            bc81217d25b308edf53983fceffcf125

                            SHA1

                            90da9c52c882f89f6cf95d3cf9b8e0e7baa795bc

                            SHA256

                            2e95796a65836a04accd2ebf2f6a4ccbc3618d316d23eceac09edf94fe4cfae4

                            SHA512

                            1854e2a4e697a2e34edd0edbe7e09da4f58972ba30252fcec610485532282b83a9812604ce55284b8513132b2c937d35ff99772e40c0b9e5bd0e918693b429e7

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

                            Filesize

                            7KB

                            MD5

                            2f239a2e3769512def27edcae623c222

                            SHA1

                            5b6669131a2731585e258ffa390bbd3c7da3887b

                            SHA256

                            d042ac4e072a65f73144977ca8767542607fa86d7bebb3c4c58ee0307205c94f

                            SHA512

                            08b5187a061dd9173fb288c50c11f0ec11578061e8fed5bbf48e9e2f08aad489cd6a1e269333aea3e67c7c6a0a9ac7f392d351735e6005bd148dadc6a2fe4f42

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json

                            Filesize

                            90B

                            MD5

                            c4ab2ee59ca41b6d6a6ea911f35bdc00

                            SHA1

                            5942cd6505fc8a9daba403b082067e1cdefdfbc4

                            SHA256

                            00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                            SHA512

                            71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

                            Filesize

                            1KB

                            MD5

                            88c2b1f4fcec1a99c8ec63f7182c1fe6

                            SHA1

                            61f93d4b0bfc76bf8adf06635dfc6d4301b421c6

                            SHA256

                            abe143f0802c14ffe8cc6ea7b53db35dd9c416d916a39533a7cd0782c2f458bc

                            SHA512

                            f3090b92ad8e32a4e0118240637fb4315fa964f55c10f99b11ca926cfae9e84cacc3c62d47fb966fc19ec3ab1a41c4dc838f2814a56c6d9fcbe4f58f098ea9ea

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                            Filesize

                            1.9MB

                            MD5

                            62624c47252940db3f30daf7ba749c91

                            SHA1

                            ab0699ae027fe4c8a833524c418646d8d5f62402

                            SHA256

                            efb8db12b1f8ee8ad4c1d2baec9d5d713ee86843de5cf494211e2b0b3ebd9685

                            SHA512

                            35b86b024635f4bd3df44ea6aab0ca6d2fe15940bb3e6e42c1e1c6c2b506c27f5b9cb4d3772fcd193781271ceb862b18167f4cd2fbdf4d6dd95e112222b07560