Analysis
-
max time kernel
117s -
max time network
137s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
29/05/2024, 09:31
Static task
static1
Behavioral task
behavioral1
Sample
nazimod-loader.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
nazimod-runtime.dll
Resource
win10-20240404-en
General
-
Target
nazimod-loader.exe
-
Size
129KB
-
MD5
897a2ed720e3b87f9cd0dae05c1da5dc
-
SHA1
7eae6ae004c466d9853aca4c030058e69b7818c9
-
SHA256
255bb820e8d375b3ad33d770d6446eb2372ae53ee35bb76d430cc21d0e0540af
-
SHA512
abf052de6d5d023d29c480a50a093e20d6a4a1aed7df9c86d347a557bb71e2e1abbae1b283e4567dc8a434a50641eff70f6ee94ab7c3ec0306ea810d2da4df0d
-
SSDEEP
3072:NoikLA4yfTDhBUZ8BeohEelPfLnt9x2Zl1mwph+aBEbrPpg8biru:xd1TDlWl1hph+Ppg8Z
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings nazimod-loader.exe Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe 4924 nazimod-loader.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2336 firefox.exe Token: SeDebugPrivilege 2336 firefox.exe Token: 33 5984 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5984 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 2336 firefox.exe 2336 firefox.exe 2336 firefox.exe 2336 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2336 firefox.exe 2336 firefox.exe 2336 firefox.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2356 OpenWith.exe 2336 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 1792 wrote to memory of 2336 1792 firefox.exe 81 PID 2336 wrote to memory of 4140 2336 firefox.exe 82 PID 2336 wrote to memory of 4140 2336 firefox.exe 82 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 3204 2336 firefox.exe 83 PID 2336 wrote to memory of 5092 2336 firefox.exe 84 PID 2336 wrote to memory of 5092 2336 firefox.exe 84 PID 2336 wrote to memory of 5092 2336 firefox.exe 84 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe"C:\Users\Admin\AppData\Local\Temp\nazimod-loader.exe"1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:2356
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1348
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.0.1127802271\1206895008" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1600 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {043bdb6a-50c7-422d-ae86-333290cdb6fd} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1748 279709e7b58 gpu3⤵PID:4140
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.1.1902623603\855439829" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {336670c4-4807-4244-9f56-062a76824c8a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2120 27970333558 socket3⤵PID:3204
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.2.1969952240\1698392040" -childID 1 -isForBrowser -prefsHandle 2676 -prefMapHandle 2904 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fb1b9e3-4858-4834-89a2-8ecbcc8acb33} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2788 27974ad2358 tab3⤵PID:5092
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.3.697405039\1525554926" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3839351-426c-401d-90f6-a97264683ec7} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3456 27965861958 tab3⤵PID:4172
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.4.1302640262\1494964250" -childID 3 -isForBrowser -prefsHandle 3952 -prefMapHandle 3948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40f6f1b-7cd3-4d15-8b3c-ba02e71564fa} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3228 2797604e458 tab3⤵PID:4072
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.5.1727831770\1386050018" -childID 4 -isForBrowser -prefsHandle 4660 -prefMapHandle 4620 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dff1568c-cbe8-4a53-9ef4-e8ff85a05842} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4688 279750b2858 tab3⤵PID:496
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.6.980541135\103815235" -childID 5 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a59477-203f-40ea-8576-383895bbb739} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4816 27976c3af58 tab3⤵PID:1360
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.7.1894156319\51615237" -childID 6 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {349028b7-fba5-413d-846e-e4a991c7f58f} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5012 27976c3b858 tab3⤵PID:3596
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.8.806329306\1047516691" -childID 7 -isForBrowser -prefsHandle 5460 -prefMapHandle 5480 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0f3cb17-947d-4dee-b47a-65d538ccf6f6} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5492 27970cecb58 tab3⤵PID:1832
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.9.1125326847\300506073" -parentBuildID 20221007134813 -prefsHandle 5636 -prefMapHandle 5624 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bf4c297-8115-4f64-9369-c0fb951a7f8b} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5476 27976a8d258 rdd3⤵PID:1792
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.10.685143668\2111293998" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5640 -prefMapHandle 5628 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3500a4a4-06f3-4bc5-883f-c63f3a0bc3b0} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5816 279783bd758 utility3⤵PID:5200
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.11.2083066919\1666912924" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6044 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1635eea4-7dea-46bd-8a27-ce80e49e8672} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6060 27978bcee58 tab3⤵PID:5284
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.12.510622200\626160226" -childID 9 -isForBrowser -prefsHandle 5616 -prefMapHandle 6328 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01bf34c5-f532-4576-b908-81ffc589b44a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 6332 279658c6358 tab3⤵PID:5396
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.13.2132583271\1352058634" -childID 10 -isForBrowser -prefsHandle 5188 -prefMapHandle 5184 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4583b025-ca96-4e3c-a73f-f52485f64453} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5176 2796582d858 tab3⤵PID:5804
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.14.277048610\4364934" -childID 11 -isForBrowser -prefsHandle 5520 -prefMapHandle 5512 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e846f9-d80e-44ed-b399-a2ffe6abfda2} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 5604 27978350858 tab3⤵PID:5768
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.15.1903631504\50496111" -childID 12 -isForBrowser -prefsHandle 10384 -prefMapHandle 10388 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da76f71c-0a40-4b7e-b8ad-17615ed40285} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 10376 27975d6e558 tab3⤵PID:4428
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3941⤵
- Suspicious use of AdjustPrivilegeToken
PID:5984
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD5f6d166e4303716902bace575da787122
SHA1a0ab1473e9ede59a7b753c588110f59e9636379a
SHA256f1b9c4cf0dfa9aead2273d3b4aca0a9a5f264072ea4e0562ee7c239e5e4b7978
SHA5121e9d46254f1e274156e373441e5a233cc78ad7a1f1b0cbd6467426d0bae8860199cf0b1475eb35278e642e296de32689957c62d90e03b794d25024cbfc5e967d
-
Filesize
16KB
MD58319bc708a7cf415532bd20d9acd826f
SHA1f58170c6b5f109ebf3aaaae13d152bb7d84bef77
SHA2568808890cef09b21e80362c26ec430d7e036a8110f89e074487c44f5406cf0bac
SHA5125685ce414004f193d1cd678963291f2f5b8a21f04b0b18ef921ecbd12cb9a55965da1c13fcc1c0479086da85cb9d1c22f5d914e5233824eaed2e286fc3291c56
-
Filesize
16KB
MD537e83a7d21441359f1b0946f03c5ca63
SHA11a358a849ffe30069d4d0dc3c94938ae7b7cd7ac
SHA256bd5fd622b42295bf208f9d52eabd02d2892be9e3321b817c2ab8e3f08e1b7a10
SHA512a791e35ac65824a4e5c39c9e14448545ab5693dcbd6ed7ac32473e52dfa9c0166f1a8f6afdff2eb6491e9ac70356279b6650a96b97966630ac8f20f27f7448d4
-
Filesize
16KB
MD5776c9bb09c2990df6d1eeec78d1361a3
SHA1543fdb3072ff33500692b1191ad6b2f98d788d8d
SHA256ba4d7b1338f40949d90dca7c25123621d4fabbca322db4e4635f052b2f771a90
SHA5125b282c53809d9237a5477cbc8599c56eec317880a0f870f7854c25ee5beabdf85df93fbe9301713ca68c3707e559035c5a9c9a6eec1475538a8a1e247f2963c6
-
Filesize
17KB
MD5d4342fad406d00647ee4450b45e82e13
SHA1b4f4b710cd1913db7f2415aa0416a946410df7e6
SHA25600b0650cdc103d04efda35433c95ddc26d6dd93e9edec241d66ce461153fb452
SHA51293f269bf34efaec6a9472d5ae1bc5b449fa659c3ea25c2c1789efde6f3c08dbdcf352b37f1b04146bfba02c49d2662194827ad771810c8d1f4980a9d41ca1a8c
-
Filesize
16KB
MD5b2e3ca91e96424a3149b9808fdf7a7ec
SHA196724b6ee98a7a184e7f62eb2f190c16d23c1645
SHA256bf1150602d3119b3db929022dbe94d043118adb4dc75c55299b5a64ca8ba994e
SHA512adb73a8e9c2a01901cddb72a8073b0184e68890a0f658c35e63848ae4eba81e391e13f18928238a9b5a9bb2712cde251613143d8072a790b72353f92e2d6ff78
-
Filesize
16KB
MD50afea3ce18057b4d4c3f104e62c7b152
SHA18614b140d89c709a436e43495f749d08e5a006a0
SHA2568eb0e8205ad2efac052cebc9e3a3d7b00b422d1bd6827a7025c5564f9899bd93
SHA512a5ab81127fe12cdc55f784e144816caf6937d4e8fdc9ba27fb94b6ad069a6367cce1c07754bb3c63782ff8135896d3d3983439f0bf3ec004d2c2946036d893d4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
Filesize33KB
MD50979e5d86069331632968d1d64521363
SHA1e1be18e99060d09b0e89b61263c836203435c710
SHA25623e01bc769bf99ff451bff7d425c5fa0be281f254259ae33306332089f4dadeb
SHA512823432fceebb1bf732b9e2ebcc36c8dca273a3d286e53191d35ae05e57a7ef8ed0f4e5800696ac5e919b300ecc8b6889b7786240cc877dc5fd8ea44d7faf9e4b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\89FA4208C0AB794E8B089D482CAFD64D171440F6
Filesize119KB
MD5742f09e37274f4edc334f4c89b6fd3c5
SHA16bfa90fde017420604f559b4e1a1fe8f13faee88
SHA256ad48f16626ad62641a5a580d97cad8fced5afb74242915a7a1544342d126e0e5
SHA512059f8a82961cf3516186f4e67e766898a76aa73496a9ba5ba8b5d6eb447be91227b59bdf64a570a1d06017bb676527b559004eac641cafcba617f8a37b9a2aaf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD533a0703e461c09fc5810b64accba1dde
SHA1be273b2a8c03edae470c97645cb3e43a5d79b2dc
SHA25675ceabc791af5d7c50b3782c4f5e3efc93f32a75afe3929d3e6d8dfd61be97de
SHA5121cb7e7c46ee1e0006684315adec6b459533a71c440ea3ed952aa4fd905c7021411b1dac5e65c1c4740a00e645640725f37c5f16bfe1a04480b58caaeabc2e370
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\682385d9-6cbc-4a99-9ad1-64324521f4a8
Filesize11KB
MD5c9818d9c2740df3d9f4e15610a8f2446
SHA17ee482d0a22bf52cbd1f22b2cb3b50dca5456d90
SHA25601af04d0bb932df91c73f18d1b90befef6d6f702e48beedd2c387f8b03f9bab8
SHA512ef537221fb8b781624c83033dd6e9663131b418ec0fcfc41fd0b33bd5935ccbd1b81f4a044cddb23d05e2a91cb711c2a1a844f58318065a016c0860431056976
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\817eaa46-1c96-4bd7-9466-e7f29810d750
Filesize746B
MD50ac291f95f76158138d7b4b0a8914ba8
SHA17bbac7d7d5baf3a5ffb7294fe2a583c24ab9aa05
SHA256cc49ee416917a7f1f06ff1402c4df574366449b190f9606b22bb674e0f292001
SHA51263108ae97ab0c0a836aee92f982b3a7307fb4cf31bfd359c47448edfd01422c1962759d4c8db2afb5d842cb9eb39aff2df6069ceec733dd492bd5437fb4819d8
-
Filesize
6KB
MD5909674c5cadcf9315532804fd7a2cadd
SHA174889879dc7e498fc4d2b6cfc4aea2e2db108f13
SHA256812c1d84278d3a119dd1520ef23257cec0250acbf0fff2175407727ab924d650
SHA512cc900e6f9a6f34d73f6862b43cb0d3c95db88c9c7176aff3d4450d815fce7c0e776efd73d67e7ef4fe0f8fc76bd8ee727e3f27df1eba4b63151fa00a41352a82
-
Filesize
6KB
MD5c104c8585dd560f70a2f733e798292e1
SHA1247ecae1dac6eed12b520c17e381fc9e80c01950
SHA256ff880e3d5f702ae8eab8bbe6e817cf92cdd2e38253279cacc9420068dacfcc7c
SHA512ee9e4e673f45be77b8766d280ae9e98a359d6c8b8ed590d094696da50923243e347787c3188a4000f95a3757c30c76b4f8fe97bebcd2277b63cc6d7a8f339dd6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD59f33f37ce9395976bc60c4e9f13c9686
SHA17d27a065d8f50e3a105fbb08a6dbb1ceb3384c1c
SHA256ff93cfcc73204fb5d7898c78b4d8a245658d65b595eb9e16dbdf2cf452402fe4
SHA512499fc036ae46d8dabf02a89e92fbe38226ac1f82373c1c9a5ab2c307b2910e1a4bf575ede2f1e40de0b05c1393c1a8a0b7d97df9a37fece6b70bce432f187bf1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD55c565def0a817c9300bcb5d3e6710e7b
SHA11b4c10f832a9c3bd3f611fb2a3316f30d0373298
SHA256d8382a485213d882ed86e096ff19fbc30355c58792af7016a0f4fc8a1baffc7c
SHA51276da9144456e4653fbf133f149d600f29c637a21a5252ae4c8e41d976f6d88c5f68a67f5142883f75c890731233887d5d786b6a0721d9b8649243c6e4162058e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5012b6f3e59e47bd1cfe1c6e32c0a3ad3
SHA1ac218dab43d42ab6aee0a00019556ed2d0663b22
SHA256ab201fafc7a476b83220fc939392795b888b884ae32f2cc78be236b58aaee8c4
SHA512f6bc86dd55dd7fccd50b01aea180a88a985bd1b2d65fb711d978e015ff34fc28da920fd7905e40de4a2f5d18cb5ef47863826a7be5334373f2b438da73369bad
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize6KB
MD525ffd9061f183e5b1602934f2311d162
SHA1a6ca907baba03d5566ee33f6c15da252ea7001d4
SHA256978e94aecfa0c2d337048ad920ca85b4833aed00b4d079e7d906f59d3a14284e
SHA512f97e0c2eb0553633b261bea6ee9781a62931ffd231195145406a9d0b06989e8358f1ebef22ec11f38412c6bde25afacfa32b914ddddd657c9b38c86163f11919
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD58eb34f5f1b9a53a61527e816a84ac2a3
SHA1b82abd42655d64c1c98759bdad2c59dded02517e
SHA2562a12b52553ab3449d04adfa9806c391af79e4731e5939e57e41a4653610bea6f
SHA5126758a6ca484eaf946714a54f0aa652258219e63c44f30bf19fbee822d5fa25ff0464731968a9e7fe20973dccf93c97e5117e3a77c8494cbec387d131fa16c671
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize8KB
MD5de86d7a0a3040914285ef1272cbc4c2f
SHA1a89e9fb2d47aec14f05a71a4742909897fab252f
SHA2561d8bf9046931a0d29d3671c8b62d3b7a72921c624e5532a5890503a471d47c78
SHA512f2710b5378775300512cf4ad851e9c841f31f0c1ec1da6bf821376749c81284f400a4e55bea421f96b7962dcdf0d054ea044e462fb1f621881514595fae65dc0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize7KB
MD54773260177733430020dd7bd4fb2d2b9
SHA12cb81bc032cb004edd675a510ef015ac91a30546
SHA256b12d401c2de66fbde4c423d5c7ea0cff2eeae06c609a142c4516513241897022
SHA512b775b619a6af6b4ee6b51f9da8afd2d14e64d81581b57412b762e2ba0558bb05071fd171161409cf2cfb3295c78664a517bda3066648edcb66c0a0e9f6fad0d4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++archive.org\idb\2493130302____btrsoewts_esrf.sqlite
Filesize48KB
MD560244d9c9aabaf523e00ba2971f38bb0
SHA1477daaa0f91947d75a2e96b20558ecb590c06ab9
SHA25675d4c2a4d8a3c1bd6f9e10ef0e01e0f06b0b1d10680f7e13a3fc63e12ededbb0
SHA512c963082d6f817430561d9daae27b0a86c18671d716486908e04c62451e368ef99ab48c60548451442055336141b5e2e64f0b6fc279d73aff3730f2e4041b88b2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\3544415070LCo7g%sCD7a%t6a5baa3s.sqlite
Filesize48KB
MD560599fc22b52e1b46887d8898208c46f
SHA101177d1440dbac1ec3675edf68f77e32cdeac6fe
SHA25604b154c59dbf2f137951366a6c11aa045cd1362d436044ffedcc20f51f0dfad9
SHA5122c7c107ee041c6bc15a1363d8d23a38c7d486f2c6d4f1da44513fe7022bab9ea5fac8bc2b33f4c33d8a1efbba5135247b7377cf304a6117f03096fd987cbeaef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5e7d901ad03d22078f4c42ecc83c3bd45
SHA113ffe2ced2026e6b99c39a96d006c7832a72ba17
SHA256fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17
SHA5128e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9