Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 13:03

General

  • Target

    unpacked_nyxia external.exe

  • Size

    9.0MB

  • MD5

    344f9089ce3473e3663fed11c26030e6

  • SHA1

    8b717176121901ee47630226e29c73bbfa0fbbbb

  • SHA256

    da76319054ad7b1c8fc699e3c76a502fa3f8bef7e163246fc458c4b85e0a9791

  • SHA512

    b9659452acc18c26ae196d214cf9e7f5ab5e7de9fc2527b3df1de1923bf54e936eb86f57b753dace1ab8a07a82d9ff9713a6739dd50c3466ac32a68cd365bd7b

  • SSDEEP

    98304:8OHkDlYCYqhMDF1pTVEypn0l2sD8ypGOV0sPuvpsSIaM50tZjlBtB4I:8RYpqkTVEsnuBVnPEsL6jPA

Score
7/10

Malware Config

Signatures

  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\unpacked_nyxia external.exe
    "C:\Users\Admin\AppData\Local\Temp\unpacked_nyxia external.exe"
    1⤵
      PID:216
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3044
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4880
      • C:\Windows\System32\cwwwvr.exe
        "C:\Windows\System32\cwwwvr.exe"
        1⤵
          PID:4612
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1304
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1460
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.0.1618279138\1995101521" -parentBuildID 20230214051806 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83874f03-3d5f-491f-9bdb-19863959a989} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 1868 1be66822e58 gpu
              3⤵
                PID:2524
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.1.1931682563\1678739816" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c067bc-2ae0-4ce9-8399-8be15ec0af0a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 2436 1be59a8a558 socket
                3⤵
                  PID:3940
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.2.1845451549\208478995" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 2972 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f184afe2-c424-406a-b71a-d285f86ff6b9} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 2988 1be691fa358 tab
                  3⤵
                    PID:1508
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.3.2102059623\220229722" -childID 2 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb4ebc52-c126-410f-afc8-148df1314fbe} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 3688 1be6b2fb658 tab
                    3⤵
                      PID:1992
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.4.598180449\890486150" -childID 3 -isForBrowser -prefsHandle 5324 -prefMapHandle 5348 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac06749d-8708-421e-ad6a-4bbfefa135a1} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5316 1be59a81c58 tab
                      3⤵
                        PID:772
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.5.773538758\1349275086" -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5304 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91538610-234c-4a87-a09f-c9700bb5a099} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5352 1be6d267b58 tab
                        3⤵
                          PID:668
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.6.849896036\314512441" -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5704 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4376c2c1-e5b0-4ba5-9662-663942e18850} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5468 1be6e849d58 tab
                          3⤵
                            PID:776
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.7.1315622181\369309634" -childID 6 -isForBrowser -prefsHandle 6036 -prefMapHandle 6004 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d730604-8d48-46d7-8d92-ddd0adfa9aea} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 5988 1be6f817758 tab
                            3⤵
                              PID:5360
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.8.432312358\1425516546" -parentBuildID 20230214051806 -prefsHandle 6340 -prefMapHandle 6336 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef79670e-c7f8-4242-8f8d-9f587dbf8b31} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6328 1be7022f358 rdd
                              3⤵
                                PID:5816
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.9.1298753175\1158212471" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 6352 -prefMapHandle 6348 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f6188ba-c021-48ca-954c-7032959f8be8} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6360 1be7022ed58 utility
                                3⤵
                                  PID:5824
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.10.1902932865\1831675887" -childID 7 -isForBrowser -prefsHandle 6688 -prefMapHandle 6644 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {414e36c3-e725-466f-bd7e-9bfb928d81a0} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6708 1be70489058 tab
                                  3⤵
                                    PID:5932
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.11.618048745\110735992" -childID 8 -isForBrowser -prefsHandle 6844 -prefMapHandle 6848 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81e925c5-f088-4ef2-ace5-a64aad6807b1} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 6832 1be70489958 tab
                                    3⤵
                                      PID:5940
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.12.1087155778\1034340124" -childID 9 -isForBrowser -prefsHandle 9272 -prefMapHandle 9276 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1aa05b-6cdb-4f6c-b9ae-4d49df3a696f} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 10616 1be69152e58 tab
                                      3⤵
                                        PID:5860
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1460.13.905353234\1328801006" -childID 10 -isForBrowser -prefsHandle 10580 -prefMapHandle 10584 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1212 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a92be190-c552-4bc8-b5b3-cfda97a59d9a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" 10576 1be65824058 tab
                                        3⤵
                                          PID:5876

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

                                      Filesize

                                      30KB

                                      MD5

                                      ca1b1d624e53b11b79f73ea62b9a630d

                                      SHA1

                                      3f950fd5cae61781b711d8af6382505fc5fda237

                                      SHA256

                                      7f081c3c6947a24ebefa41a535cf3c15d6f4dc95078c5c71828e1e33f1f94924

                                      SHA512

                                      fd23540fffa846707b72d196fc5c0523991096e93cd114820f9e6734d7bd06e0513822ce6a4bfda7c9afc4d4e379871518bd825bbd0b322e1f322f654fd7ac39

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\doomed\15247

                                      Filesize

                                      15KB

                                      MD5

                                      b41020485dd72007dc5f7d9f0b7743ae

                                      SHA1

                                      5c98124701eb61810143cb9257d4d7dbf3fa4b34

                                      SHA256

                                      2e09bccce0f0b181ac6a5f85f37115a9da3852be60723c9077c6a70c5292f882

                                      SHA512

                                      431b00df62ae2cc2bb1d9e07106b4b63e5bc7fd4ab7a92564ca7da6f9175e932c6f231b7b40432173a17642ef05ce819f20ca96a7943257721b079b3b35ab374

                                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

                                      Filesize

                                      13KB

                                      MD5

                                      799977b715bf2e910364ee4306d181f9

                                      SHA1

                                      483d5b3cf8f427fca053f32fe9211c51d23e3ee5

                                      SHA256

                                      003914ce614d50c9f3583a8f9fa1ef2cf64a5729494d7556f96b4bea7af44cf3

                                      SHA512

                                      d6719043bcfa824e38f3028c880763e99bdbdc2832fa9044a7fcd8fd0f5cc6d530adfe0263fa2abe122109b83ffd965a0af325782100b5792b5b762986ff8527

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                      Filesize

                                      442KB

                                      MD5

                                      85430baed3398695717b0263807cf97c

                                      SHA1

                                      fffbee923cea216f50fce5d54219a188a5100f41

                                      SHA256

                                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                      SHA512

                                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                      Filesize

                                      8.0MB

                                      MD5

                                      a01c5ecd6108350ae23d2cddf0e77c17

                                      SHA1

                                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                      SHA256

                                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                      SHA512

                                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                      Filesize

                                      997KB

                                      MD5

                                      fe3355639648c417e8307c6d051e3e37

                                      SHA1

                                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                      SHA256

                                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                      SHA512

                                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                      Filesize

                                      116B

                                      MD5

                                      3d33cdc0b3d281e67dd52e14435dd04f

                                      SHA1

                                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                      SHA256

                                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                      SHA512

                                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                      Filesize

                                      479B

                                      MD5

                                      49ddb419d96dceb9069018535fb2e2fc

                                      SHA1

                                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                      SHA256

                                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                      SHA512

                                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                      Filesize

                                      372B

                                      MD5

                                      8be33af717bb1b67fbd61c3f4b807e9e

                                      SHA1

                                      7cf17656d174d951957ff36810e874a134dd49e0

                                      SHA256

                                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                      SHA512

                                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                      Filesize

                                      11.8MB

                                      MD5

                                      33bf7b0439480effb9fb212efce87b13

                                      SHA1

                                      cee50f2745edc6dc291887b6075ca64d716f495a

                                      SHA256

                                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                      SHA512

                                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                      Filesize

                                      1KB

                                      MD5

                                      688bed3676d2104e7f17ae1cd2c59404

                                      SHA1

                                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                      SHA256

                                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                      SHA512

                                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                      Filesize

                                      1KB

                                      MD5

                                      937326fead5fd401f6cca9118bd9ade9

                                      SHA1

                                      4526a57d4ae14ed29b37632c72aef3c408189d91

                                      SHA256

                                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                      SHA512

                                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

                                      Filesize

                                      7KB

                                      MD5

                                      6e1dd3b254cc3ba54724fba7a72e482e

                                      SHA1

                                      32b3de9fdcedf90bf8764db9836f92c3d49f6ce4

                                      SHA256

                                      f1e939d8bd17733c1124c805cee7394e8b580c950c289fbe71cf4ebcccbdc8d8

                                      SHA512

                                      003bf4c8d096c1ba87cbe1789aa5d427169de7f733f636788e354b6807f7ffd9afea2d36f28337870faaab177dd98d17ef4ce747c5ef1743051ec78bb5922d88

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs-1.js

                                      Filesize

                                      9KB

                                      MD5

                                      00da74decc3322f7bae24787b2f97eb5

                                      SHA1

                                      d84423c0fd5afc6b6349371b32d7aa4116373c6b

                                      SHA256

                                      a07f0df5480c2fec504033108b5b69b6a4ec113a69ed5deca4b772971dd613e3

                                      SHA512

                                      b25fcac385cad3bfc651817837253654b8b5a709b684d474f4b18d9e53cf0bfacce517d4c6d13072f74639f03aa056b223d760f5b9c519fb31590890b54b3459

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      3KB

                                      MD5

                                      7aa96de8048526d39d9d9a9f60adbca2

                                      SHA1

                                      653ddda84e3eb74c7f52c6128eabdc9f583af4a4

                                      SHA256

                                      3e6cc18513468ab0323a223f6f344bce287457c1ac036c1b4fd2b7d04629bcbc

                                      SHA512

                                      4ce5ea7be287f3f3ae5291c033a544b12330f13f7c581808f493995a88d602dba14a77400e603a147a12ff61cfa2c049467eb4ba02c38b363d3dbf9ea043dccd

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      3KB

                                      MD5

                                      cb72f171572bb08af28f2d57e0bd1384

                                      SHA1

                                      68767f87787bcfc6ddd3441e21c284e7874c5d1b

                                      SHA256

                                      a7ce3f789cb25b417f94ea72c6920c41a767571837a514eed93cd873e02ce434

                                      SHA512

                                      4c80b051b5c1114c3ce21946d5e3878021f1cbc7beb0dd06006c5ae27bd478d5dcabdaab263df524606fb889a79fc7330090646f6860f2566b3a8b0a0ba70ec1

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      3KB

                                      MD5

                                      faba4ef6697889bb782ba3ed9fa4a657

                                      SHA1

                                      6d5c8f5b13d02351584998eb1df2955250f79890

                                      SHA256

                                      d67e4d98ff250089e29b13dfe9cdbc54f6f5324ea5718b7fbe0f74110b740258

                                      SHA512

                                      d1b2aac3ff12eb077a600ab5c8a3038d43752fe1b444ec3f774a538d889d8469eeed1ef83f01e38377857ab4dd7a5f61b5a58db6a518aa0d4b5d8e66232ac4a5

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      3KB

                                      MD5

                                      03d00727fc17f5fc32eabefc84cafd19

                                      SHA1

                                      b74fd51878d42f3a8b351e8c85def0f30a85f509

                                      SHA256

                                      c4700134b17017830da18d91154a7c29129a92c4ceb2161d0a6d20cc9275db5a

                                      SHA512

                                      9fe1a161ee6e36259da6d05b7c490049ed5ac5616549d7481aa837a61c6516c67921c629c3dc782ab179c5ff6054ed6394f7613454404e4d4bb2be2044bc03d3

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      f497a6882bea63ad7c3e9a58fbffe954

                                      SHA1

                                      a65b515d72a2b5e71dcbf0b9be6fdeba4ad81c32

                                      SHA256

                                      f445fff96ae707e0eed3bad565817df776f45ff82465f5a6adafab582e9a065b

                                      SHA512

                                      d1d8d7a0b3e06686795486d2d6bde1d6baa00438c6ae1e939225a7046a35f3763d68bf3547b9253cb75c90a7f30514837c8ae1bcfad620f6d74543e9f583ee0e

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      2KB

                                      MD5

                                      498dc09b73716563be2cc9ba36734812

                                      SHA1

                                      a21c00b08e879849dc76da3fa835d4151a00d725

                                      SHA256

                                      1bb25345b8a2db87536f59f01d07372ff76caac7c7cf718c88330f4c96660adb

                                      SHA512

                                      66c832215124cfb176d04777b5f78fca4a368f10043d1ef56d6a112b3948d4f876d4cacfd4aced466352e0626e155ff4ea171aa147360bef58016e300119bcd3

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      3KB

                                      MD5

                                      d21f7457c41e0fa8a31b4e7cb0a1ecce

                                      SHA1

                                      59b44b834b9bdfd190cc224f7f766e2ee31de9e9

                                      SHA256

                                      070af4db420713ff3554551e72ae7ea370d1ba8dab912380b14b266e30df3270

                                      SHA512

                                      d5fd0defd5118dedbd63005014e3787fb560da9019e9a7fe18a271bba29dd1fafa357d1a210fee5b893db57854f9516a1a1233d820fd5342bb1f4cc8d5d1e9f4

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\storage\default\https+++www.virustotal.com\cache\morgue\251\{33bbb7c1-12ee-43ce-9040-b8c35a9b4ffb}.final

                                      Filesize

                                      47KB

                                      MD5

                                      121e79cc5fbb7ee61a78e3446d3edb9c

                                      SHA1

                                      66b66e421a106f2f664647159a1e76d2060d8e14

                                      SHA256

                                      02a7e906c91be6096280f1f8625776d7d29ca23642ba63203f1fbb0bc6bf600a

                                      SHA512

                                      f6bfa4eafe160d42714f63867910d7c7a632c1f96b8996c65d4b1f3ce62e22ca38ba07abe2dff5f16b204ad552bd734a9445486d9f8a048e1332ba767067a5ed

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                      Filesize

                                      192KB

                                      MD5

                                      cbfc586854ed4bd21d1ac07a78134b21

                                      SHA1

                                      6671507dfce4c4ee0cd9d9eba6c26a843fa86e4b

                                      SHA256

                                      3792c17d38b53d145ffad4e9c04121b280df47b99dea15b54a65affbc0984e47

                                      SHA512

                                      0afca716c13c183c54987cd780765492791c8a9518867b9fed19a440887e4bcb67f2164e7e4438aa7c718dfd846fc89fe380ba9ea55d1fd50a1497d4ee09d5ad

                                    • memory/216-14-0x00007FF7010C0000-0x00007FF7019C3000-memory.dmp

                                      Filesize

                                      9.0MB

                                    • memory/216-0-0x00007FF7010C0000-0x00007FF7019C3000-memory.dmp

                                      Filesize

                                      9.0MB

                                    • memory/3044-13-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-7-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-8-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-9-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-10-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-11-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-12-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-2-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-3-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3044-1-0x0000020122870000-0x0000020122871000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/4612-54-0x0000000000CA0000-0x000000000142E000-memory.dmp

                                      Filesize

                                      7.6MB