Analysis
-
max time kernel
141s -
max time network
143s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/05/2024, 18:43
Static task
static1
Behavioral task
behavioral1
Sample
z.txt
Resource
win11-20240426-en
General
-
Target
z.txt
-
Size
28B
-
MD5
140c08a251459d3da1442f427fc239a7
-
SHA1
028259a3584ae7893bd8f0d45433e1c9bfd763e4
-
SHA256
9a28b37b1a41ec52993017236dd78e7259b95395bfa50227d93234d6248e3edf
-
SHA512
d4a00853202b3edf7431ac48559e8256c7acb6172222cab1eeb3277aa349360b78f911c7a380fef9bf1dba706c7fa91183edaa665308d75449ad6c1960ce72d5
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
pid Process 3208 icacls.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 61 camo.githubusercontent.com 62 camo.githubusercontent.com 2 camo.githubusercontent.com 3 camo.githubusercontent.com 11 camo.githubusercontent.com 60 camo.githubusercontent.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\thunderhack-1.6.jar:Zone.Identifier firefox.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 3388 NOTEPAD.EXE -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 4184 firefox.exe Token: SeDebugPrivilege 4184 firefox.exe Token: SeDebugPrivilege 4184 firefox.exe Token: SeDebugPrivilege 4184 firefox.exe Token: SeDebugPrivilege 4184 firefox.exe Token: SeDebugPrivilege 4184 firefox.exe -
Suspicious use of FindShellTrayWindow 18 IoCs
pid Process 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe -
Suspicious use of SendNotifyMessage 17 IoCs
pid Process 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe 4184 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2372 wrote to memory of 3388 2372 cmd.exe 78 PID 2372 wrote to memory of 3388 2372 cmd.exe 78 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 3496 wrote to memory of 4184 3496 firefox.exe 82 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 1612 4184 firefox.exe 83 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 PID 4184 wrote to memory of 2160 4184 firefox.exe 84 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\z.txt1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\z.txt2⤵
- Opens file in notepad (likely ransom note)
PID:3388
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4184 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.0.1357979792\1430122300" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {493e540f-76b2-485f-88b7-5760d500dd43} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 1880 28a43311758 gpu3⤵PID:1612
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.1.1654601226\97864980" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24611308-16da-4401-a9d0-3981b12d4582} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 2404 28a3648a558 socket3⤵
- Checks processor information in registry
PID:2160
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.2.1293404583\933925410" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3052 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5296b6f0-2109-43bb-a64b-575a0ee8907e} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 3164 28a46023858 tab3⤵PID:4364
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.3.889474825\1371103440" -childID 2 -isForBrowser -prefsHandle 3356 -prefMapHandle 1256 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527f057a-74fa-4faf-87c4-e710eb742c4a} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 3636 28a3647ae58 tab3⤵PID:3628
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.4.1611652508\1689788875" -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5152 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d570b4-77b9-40ee-a896-5f37c5a75647} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5188 28a3643ee58 tab3⤵PID:2736
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.5.365002468\1736590111" -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6aad79-f62f-4f1a-8f59-257c4492eea8} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5316 28a4b866e58 tab3⤵PID:2252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.6.1446537821\1870224624" -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5552 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba2b565-5cc9-43f5-98c0-e2afee444623} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5536 28a4b866858 tab3⤵PID:400
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.7.1984582266\675003607" -childID 6 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5b61a7-8fb9-46e6-800e-e3053072e0f4} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5940 28a4cd32858 tab3⤵PID:1288
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.8.1980604921\445835876" -parentBuildID 20230214051806 -prefsHandle 5716 -prefMapHandle 3940 -prefsLen 28175 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29f22130-3e7e-4266-9e91-6c466153e50d} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 6204 28a426f1758 rdd3⤵PID:4596
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.9.524363899\1950042168" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3936 -prefMapHandle 2756 -prefsLen 28175 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a21f03c-6722-46b0-9b18-54cb9b5fb090} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 6224 28a478e7258 utility3⤵PID:4820
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.10.964091804\834649439" -childID 7 -isForBrowser -prefsHandle 10212 -prefMapHandle 6348 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff3fdd4-c074-4a77-9484-aed5e66af836} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 10320 28a48850258 tab3⤵PID:5112
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.11.376798737\273097528" -childID 8 -isForBrowser -prefsHandle 10132 -prefMapHandle 6448 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa7c95dc-7b6a-43cc-8e6a-872443db0814} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 10348 28a48851a58 tab3⤵PID:4748
-
-
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"1⤵PID:2732
-
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M2⤵
- Modifies file permissions
PID:3208
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:996
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"1⤵PID:4068
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"1⤵PID:2332
-
C:\Program Files\Java\jre-1.8\bin\javaw.exe"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"1⤵PID:3276
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD5f8e9141bd180cd418a80d5cb8e6eefeb
SHA1b3b3c104fedf0570edf3ed6aa52914f4848547b8
SHA256bc3aba627a5103d769d094b550a633d262f25ab9cc3b6b523607919484bdf510
SHA512ac5e97b9dca1e6368c740b7c195a330738a2b3cbb8932ed67a5f5b1816122bc120561df826d2e718cfe10e890395ecd1ab1b8b171bbccc138af741064bf99801
-
Filesize
46B
MD5fbb31393360061daf059339999f81ceb
SHA103096b781166a551b6a61905cb25a9b8a4049db2
SHA256f6e52f528f5e79a80379a47a868c6426d38762660991ab63448a3340957faec2
SHA512530a0cdf6099beef31636ba4ab7801d545aa9810c5b97f56e369540ef3c984145c656a4a898bdb801b4c5815d25fb547de3f35cf886663258cc8246a6594421a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\activity-stream.discovery_stream.json.tmp
Filesize27KB
MD5c73f5cb343416423917d8745a12a15ad
SHA13de11bc36221232d1272e5596876440eae08f998
SHA256f92fc60a3e98ae1961187ee57751d740679f462dc70d7dfbbeaafc8b574c3893
SHA512a41eec673c462e807e3dc9f8d415b53ed42ffc1372408f08e655909893c6da553991445035570edcd56540dfbedb3b1846e6474cb12714a14e8344ebfdf23e3e
-
Filesize
10KB
MD55e2a3cadedc19c4cb9ca994a4acf1307
SHA11e6ddd0137a263df09a464f77e87534aae567324
SHA256d5a878fd20d8db2c13d58fab9d213f5d88e1c140b9d7f025d78df43f37f70521
SHA512f1ce012198834ce09e4d018c4cf0a015ad060e45991be744bbf8a97c9b829d1a4923bd5f96828bb37686818672c9de876db8a55ec523bcc2e55624fb6860d474
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\cache2\entries\1158B341543196B1FFC5BA8A0B593ABD33165001
Filesize60KB
MD54587c19a67f2a6ab0ee766b2b0d2e1ac
SHA1bd03deaa9bb8c9b35fdef9c71469b235b08f4e19
SHA2569ca970cf4202a1a15c811ba96074c3b31cb39b0fea468546855fe9a89eaa590a
SHA512ade981b7037c49d8cbc676d6590f57ac0ce5c490b983db0746f71e28c3538f01088016d7d76824e2ec9424edd2551b0f8265b0de8d09c9a870e43a192880ea57
-
Filesize
6KB
MD557a8e5ca0e846ec5f5a947aa54fc6988
SHA15868dcd8c5d7bb4a069ce7db4bd8cb5cfbb3b291
SHA256e1989966e8b4f3f21e635599bded42ed3b05bb2f1424e642ff77a0fdbc50add1
SHA51234f2c9cb0d7a8047f52bcbda0c5b42761b7915f84e43a8231e25ba8469bb1f699fd8a0d881941c8f016ee4c89f835403b758e22fd30f6fb3f5d370ce28d19e09
-
Filesize
7KB
MD5d45c6c143114aa21bf2ab0eac9a6fc97
SHA1bd9a2c29a8bfe1dea5d1af2939224ae850b273a5
SHA256541fdff8a496a04a2578c756790e7320add8baf2d953160e185456c856dee726
SHA512c5d06a8a42c6e306e097e52e502356478b8e0fc3622a7daffcd87ebbc6edfe310dce81a6e822372417847e0d6955828f1fcb9a8d1749d7a747e7df0bc1fb1614
-
Filesize
7KB
MD51a18fd579503d1b5574c82da84780332
SHA1eca0c856cbeb9cdef332fbef9f77ea37b4ba4863
SHA2562b48ec79b99f379d38465777678c9b7284d40779f3256131daf6cca1de927a07
SHA512a3fbe4698faebb05249fa2916539246d116d018fc2100b63c33f267222eea7269b349dd3b548ef8dd5a65fe46a0fe95605e5256b3b065d71f921f04e820f3feb
-
Filesize
6KB
MD5a2feff1d5e19d861e9bebafef80f14e1
SHA1a7023fe693e5efb6a792327fe6d707f3ade43655
SHA2561d3dcb69dd67b4d5b11785923c8ba529e149ec0b0fd34016a7e1c5effdaee81d
SHA51292632f742705a974d43f8c2f2def7bc72f98e1994dbffad5c49a5d71d65276e52b53c963e6651a837138e2a516cd23920186faaa9aebea1899d83887b0ea4692
-
Filesize
7KB
MD518eed9ddab8f87a76506d603a17bd0aa
SHA156dd4ac8da11f2ef5e0877e51208fed1cf232a17
SHA2562b970a03deabdf8056c3c78dcc8b99379dc87f1db89b31f699b280cb6e1cac62
SHA5122a4caa7706d841f718b1ff942cbe1660e379b1ef1c7077a32eacae65fc3299bbaf7477bbf531e98968eb0323b250f855e3469e06ded5285e7f1dc8c43a76a356
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD51b77221033a694fb06501b5bced51053
SHA1c03571b70730590cca9ca735131fe3b901e3aa29
SHA256ea7ae3c79c3700fbbe8e090474cd3aabaaa68759cd39db18b1efccdaf6800337
SHA512d10e2b8468dabd08422b0ec59a484c84d2381dc4f033878cd0fbe9b9e8f7a8b41634c95276e3acbf521b617186bfe734321a31ca08d5caa5bc77ff4a43aeaca0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5972f2655986a93bc5e5a147b1583c4f5
SHA11d6f955c1c4d83143393422b927f7fdf1156d888
SHA25638abc7540a594987ff92da703506babbada4e9aa84d1c2c3d54518fac1e9acf2
SHA5124d8ac7c0d0c6804b9cc8aca39fc2d08fcdb32a3234f8b0f10b48ef4da843323cb78ee1439b3852bb40a746ca1874ae6013df347b4a65992a0eadf1ee6d81fa31
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD56ba73caabd2eefbfa34c41aabd1463a2
SHA115306813951b464cec4fb42985451aeb735344db
SHA25604caac7380d4a191c64114ff20ac66fab78f282b627a9db9e5ce93ae1f1e3678
SHA512e40bfcd68f401a99cb43b4376fea80a1889b5be63c55461515f4f8b77a13645f13f199b645a89634df32d9145ae5274c86f2e658df8637445b1851121a68540e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5dccd1e92d1cab09f1c281e0e227a7e88
SHA171f28bef50bb53aced7b1b1656bf4da5214c50cd
SHA25670bf5c56f77468c9359b5805bedfe632a99081bca11f4e6f6172c83118ce09b9
SHA512feaff1b7f7c06930297f83a81bc73710f46047eb7e7264a71e52b051e0dd600bf793bc9dfe9d2be1bfcd76c3e132d20543d5eabaea1cdb046bde605c7b4db9c5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore.jsonlz4
Filesize5KB
MD575b6208d1976ac8092c82cf53487ec2a
SHA1c26ea31740775a32209b4f228c3c9b47e7e259f0
SHA2569eab125fef4d14ad8df4411582cee510b4c206e9e54099d72b29a7acad0a89bb
SHA512f0346ec7c50e5f3e473a6e4c43aeb0e379c6bc1a423694dfbe835a5cc83c8d570547a91dece85d1d081ae9841785e21c843ebb21cc04085d1aec33d3f718a944
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize48KB
MD5a046802a086641508226391874157420
SHA1a35a5dd0e984aa3bccda356ebdddff70697ccc67
SHA25626e5a153696bc656b91d6b7a879d10b6f2529b6da021803872427ebfacd31d4b
SHA5124188d27a34e11f98e91e218564a2fb8a1d4014dc7e957c8e78da8373a098b6112a85f0e0ff595de9b67298f7bf499e5b233e602cb4bd9e1c2a853a17e06ba674
-
Filesize
5.5MB
MD5d09b08e8a8b4fda3c4bc9fdd7e1d573a
SHA14d2e28b9cc7bab778943e1d51007feb32daeb866
SHA2563cbd5128127ec3e1e2b6c10702175fdd0c2f7a58233673ad4844cfda8441f5c9
SHA512b2482b31fa74d57bd63cf18178b70196aeb4e02abcbc3c5949378d4d20e4f7517c81f47bae5f5acc18a7edaaeed2a0e7a29f8e1a1301cd411f0257a667b748de
-
Filesize
37KB
MD5c1e96a07f785f211c7a643f2ee819da8
SHA178bea77c5c4f8e3040d9733a56430d14140ecd94
SHA256fd569f6ec31422cd75fa3851a04e32de703629d6769f11fa71d4497941701691
SHA512da0938098308c31f515c7d4a018f2b88b1ad7194e787aedf4e6bf38a71b2176387638c79faf4ad74f16e5f3eaa74acad77a2912d73e9b354b22a36d7d507de45