Analysis
-
max time kernel
156s -
max time network
159s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
15-06-2024 01:53
General
-
Target
bin.sh
-
Size
132KB
-
MD5
59ce0baba11893f90527fc951ac69912
-
SHA1
5857a7dd621c4c3ebb0b5a3bec915d409f70d39f
-
SHA256
4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7
-
SHA512
c5b12797b477e5e5964a78766bb40b1c0d9fdfb8eef1f9aee3df451e3441a40c61d325bf400ba51048811b68e1c70a95f15e4166b7a65a4eca0c624864328647
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioP:p3lOYoaja8xzx/0wsxzSi2
Malware Config
Signatures
-
Patched UPX-packed file 1 IoCs
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 20 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies registry class 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\bin.sh1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\bin.sh"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\bin.sh3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1892 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ccd314a-4f81-4a2a-86cd-2e0a3df2a706} 452 "\\.\pipe\gecko-crash-server-pipe.452" gpu4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 26375 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a9f3d3e-0706-4472-8153-3420bc15ae81} 452 "\\.\pipe\gecko-crash-server-pipe.452" socket4⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 1412 -prefsLen 26516 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cc78793-083e-490d-b1b9-7c308be3833e} 452 "\\.\pipe\gecko-crash-server-pipe.452" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2812 -childID 2 -isForBrowser -prefsHandle 1212 -prefMapHandle 3284 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7790feea-e206-431c-a372-042afc4dd380} 452 "\\.\pipe\gecko-crash-server-pipe.452" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4228 -prefMapHandle 4212 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc458c73-7a36-41f4-9d70-68f4d5d7ce69} 452 "\\.\pipe\gecko-crash-server-pipe.452" utility4⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5372 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cc68f90-de81-4446-a5e5-9bcab8e490b9} 452 "\\.\pipe\gecko-crash-server-pipe.452" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4092 -childID 4 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ada05fa-0421-48ee-ae56-895ca6f1c8ee} 452 "\\.\pipe\gecko-crash-server-pipe.452" tab4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5800 -prefMapHandle 5796 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e7338ff-f70d-45b8-befa-78ae12b28d52} 452 "\\.\pipe\gecko-crash-server-pipe.452" tab4⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SaveJoin.vbs"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1848 -parentBuildID 20240401114208 -prefsHandle 1652 -prefMapHandle 1644 -prefsLen 25455 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a69cd4e7-4d26-440b-a44d-b415f6f163a0} 436 "\\.\pipe\gecko-crash-server-pipe.436" gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2196 -parentBuildID 20240401114208 -prefsHandle 2188 -prefMapHandle 2176 -prefsLen 25455 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53776608-d181-4c5d-89a9-ca6a6068ba2a} 436 "\\.\pipe\gecko-crash-server-pipe.436" socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3044 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3116 -prefsLen 25954 -prefMapSize 244694 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8702cc4c-d471-4f3f-852f-3774bba5387e} 436 "\\.\pipe\gecko-crash-server-pipe.436" tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3692 -prefMapHandle 2768 -prefsLen 31187 -prefMapSize 244694 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cea8a34-7f8d-49e1-bb3d-91bd51d8cc92} 436 "\\.\pipe\gecko-crash-server-pipe.436" tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4632 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 31187 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10afdc35-f6f2-4c96-93c1-1783ed778d08} 436 "\\.\pipe\gecko-crash-server-pipe.436" utility3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5160 -prefsLen 27312 -prefMapSize 244694 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e35c47aa-c42b-447d-bdfc-a6db3d02c02d} 436 "\\.\pipe\gecko-crash-server-pipe.436" tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27312 -prefMapSize 244694 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1912da3b-6e44-44d3-8ac4-b7d14da4fe20} 436 "\\.\pipe\gecko-crash-server-pipe.436" tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27312 -prefMapSize 244694 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f4ec775-a411-4835-8811-739c5fd95fc0} 436 "\\.\pipe\gecko-crash-server-pipe.436" tab3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmpFilesize
20KB
MD56186142d84874b249055ae2e1a4572f9
SHA1810c41e5b84f552480849d88488cfcc4bdc7c1f4
SHA256eaf1dda92e4e084c1bc2912ddcb013e79a7ff165f7817825e7b15bc03972075e
SHA512e96048198e3e312d8f2b18c20a395ae7e60431812395c265df948e513716c956da15308ff1d6a5e9d691b7e6b4d6f4593dc22193aaf6fd0b61051a00c45396d5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495Filesize
9KB
MD5ad2a8d86aa9de2af5e564d0e8cffa304
SHA108887baf5126ffeb0ae7f3ecbcb19dd0acd8433c
SHA2565979c4ec5038e0a6754f6e752e2213c024d4b5f7a62d75039a8d10e7acace8cd
SHA512264fbd3d1e78aacde03e7fbcc9e528ef717027b147729d8aa555aef153e595e516c4ea87d57c317cbff6b2b02cfb4448800cbe300d3a7b8267b7676685b9f503
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5FFilesize
9KB
MD517d1c870046593c7ddacf5fbe45aaee9
SHA19027c3050456a8e88a61cdb9035f73da0805506c
SHA2567e826b485993564ac029915c1bccfacaebc3e6c852c7cd873a027ef6e8b607b6
SHA51231b3753a16c40003a3fa21ae5070f6432b54bd4ca47bb8287d74b0d26170a749437adb6adb6255aa8800b0062e57ff853ad4699fed1952d0406baa7e527ade79
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1FFilesize
15KB
MD5e44973ed7b2436c2a0befc17b04c8a49
SHA197a1d67f0072be22b1c54b0c529518892054949d
SHA256a08f44b316b1723de2864a563b5dd695216c0636652a3ba0e06f6a7e3f7c39bd
SHA5126647a113bd1451db71310e8ef7f57935b4abb5e76463c50b2b4f37e91aa89ab23249ef564262a37c413fc05f3862ce202509d671fab231f62d336382f545049a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937CFilesize
13KB
MD58f3b14faaad04249caa2f2c13bf87f32
SHA14761adf57395626410cc5661a9e292cac3abd466
SHA25641836b1dea9ab7d530472017b298d269d5d82f155956d94ee6e128752ab943c3
SHA512bbf1ae8f0db1c0c1add5673eb4942f24aad5c4e49dc89ddf073cef3bb20280eeaca9b68d712552fd053693cc91c8ec4901eaabb02eb1aa0251223b03098aed17
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\scriptCache-child.binFilesize
479KB
MD50855c7d08fec744aecdba12f3d841475
SHA1ccbb699f95e0facee98ba71f59b8a654111df21a
SHA2562a7474f3e141c135ae792c015f8a9fbd8313ab53ac8c69f3bac65ab8f945adf5
SHA512c6ac5080a555adfcab4f09b0a011095d190ffe27af60c22520b075a8cc8d20ba26df76927aae1ad1e2159f4cdcdf05df4514aa8dfc49223970084141a3f81091
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\scriptCache.binFilesize
8.9MB
MD58e2d2681f63f499c002daa9c1d308b00
SHA13479349bead123f049c6d6d30c55e9e191fa74b4
SHA2565a243345dad07619b0c47cdc00befb438789710e36eb69acbe25540361075fe2
SHA5128815d2006fce5ae587de348b10d6e2436fa78e033f240516f08d974605785d30e2965f9b2135689b7d7da70d011db442530f28dae7c697f779b4e761945d9890
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\urlCache.binFilesize
2KB
MD5b3dfc45cf9354b32b1795c4ef4b2bae3
SHA1c9efef2d4330b078f94039c88f833905eb49de76
SHA256212750bdda49a80a21d9fa1ddf898da2f77a3820c9872e377aa04047373e2045
SHA5128c55c824fd0f7a3a9ce902e68e7437bd5bb98c0c8e22c4f26bf88a5d0180ff09cbe7968ce7dd81fd37151b335329fc62e6974de417a00253856703fa6b4049ec
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\webext.sc.lz4Filesize
108KB
MD5e9b786067bdddda67a5a025f2348dfdc
SHA1ff0cddbb44f0128ec6d00cc1b6ac7ecd97879219
SHA256d02c52536523d8bafbe20018909b6c69ffe009c924a2cdd2eb1cadc3826fc463
SHA5126ab0d0d6192cb4f2beff4a18ee9587056e47f6d435a65fbd2884f2f635f4e2f924bca1aaeecd39a27bf8ece07dd1bec86a78aebc665c73245499a38861b3b750
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.binFilesize
3KB
MD5422a041dc7384db95362966eaea075ef
SHA1b505a6aa8231d4ec28967f716ec3bac9f65cfd26
SHA2560b0b2d0d6b4b298ad1ae35e0af63eb9f0cc98a59bd743e31191c04d115cce7d4
SHA51265473f895358063b199eb03e20a81cc0cdec9e435087c8cd175b873377a71cf194c69535824c0ec7832d38083c1b30a2dd743dca4f8adf0a4f96303b7c0057c7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\SiteSecurityServiceState.binFilesize
1KB
MD50b208a5c2f2ed26f734291fe9765b45b
SHA14d5dcd807533bfa8c3136f973cff6da8ef64385e
SHA256da0b955202afaea5c4142c4c6f28d97e23569a412d9603d3edc382398bbd5c91
SHA51231d84da61e5c499c0881cfb164314df5eee1cbf74597b0351b007e789a1da7732f94f77222048818fa15b8bbb7eb08dd2e46fc9b8f2c1d53e6be93ad6dcdd159
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.binFilesize
24KB
MD55488a5ed2d5910c2460bd129cf52902d
SHA17409eb145bf6c023830e8c6bb5912c8c82fbc356
SHA256bc1833a8cc9a06b09854ea66d7c6f7a12b45bc9298919f6f4bf1ad3b6a91309f
SHA5124a97da625ec0ff5dd4cb9ddf28158a586380e43f4f048c4efbfc519a09df9d99e527c1b9daf0de78045f6c99fca23dea64208fd500bf79749d18391b1c7ff2b8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmpFilesize
22KB
MD588bf8c6dcc306054ccbf1ed01012a079
SHA1a2d75e77587e9d3ad07a05c9544397f40c4c9b6c
SHA2568aa83b85f5ff2353d35a6a2813e1c064804d642fd31f587b9b8a24a6d9b2b4ba
SHA512e6080b13aa682468fbd73fff44cfa65e8c0b8ace919e7ffe52e6e85a9d50baad5495714c82563c44f877ce676dad60589dc3e2496dee4304c8441d26023570dd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmpFilesize
24KB
MD5da3f0cf861e3cb3835097f7818f0f609
SHA18b25e05c517e5b13ec470bd0ff92c01be9c22103
SHA25606695afbacc0012c00d1377f6d855dd03a8af0e8a903fefcad5aae604c281d80
SHA512c4a185965b2d482af258c869a248b3ccb473038ffdad7cc1a48e5df49dcd52565edf8604575ce93ad9510f7f013e702440e87e6d00e0ceeeaf1c49b963de5444
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmpFilesize
24KB
MD59813740e70de3f6d358c0a6769e69331
SHA12a636b5bbf2b571a62c141dbe8b78d8c53de3434
SHA2566e5a1272bc88a7f1c0f38d728e253792cc773b930ad454707578f7fc1a4cd973
SHA5128bf8169de9bed7dc6c069e5ec8331d3918a74e750e27bb4a84926df2e783901f71cb7b40275e2b2a7f91f109e132f3a591ac7b5bf5af0b668c9338f75bab9db8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmpFilesize
22KB
MD5a21841d0a2a3f7a4e044fb6f6303777e
SHA1585cfb29bcaab5ca66c2178036536d62f6c6a42a
SHA256aa03dbcfcfe9c9a923a7b8a97f27ccf931642807368a4a5d4ee85f58dafdd4c4
SHA51254c7a060093b6697ec419ff0b11ee99e17d1120ddd3e757beafef67ec6a4fb5a23ed0f1fc1f363bb65edcb8ba0797725cbc5d15c86da2a7d87df8ade6a4e80fa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\events\eventsFilesize
104B
MD5defbf00981795a992d85fe5a8925f8af
SHA1796910412264ffafc35a3402f2fc1d24236a7752
SHA256db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d
SHA512d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\2ce1853f-da2b-4321-abe6-62192842b314Filesize
659B
MD515c6fa7d0a9ad8ebf702ab36121e5ea1
SHA11944a04702778c6e96e7af3f80f9a20de915fcf5
SHA2569abcf3f5fd9dd811537bd6ac69a5b70a00c9f7de02f12d2eeb999c7fbc6ed5bd
SHA512e7ce374db39f993724d03bbafea8131d5566e61c3ff1c456486e07b94383b1289a224408f8a86bbb0288121cfe7964c76c931d9eac6dfd44153c9ad94e4a47d8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\8079df9b-8125-4574-a09b-79949ec9fa40Filesize
659B
MD55bb4cdd9682ccb63733426ff42ba56d6
SHA1260d14d9b5950ad307ecd425abfc522cd2007e02
SHA2567ee99583caf8ca3c2fac08ba63eb7ebfc79a60738f2d738cf35851f045975683
SHA5122bdd5cbc348acf4c75e87ce3f40371a4e67c8fc0106956ee26501533119f5d0293f3cc35769bbb7c3230a825f5ff8c3d37ba620a509225e3f6358cdc7b6a5087
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\c7c7c4cb-2e19-420c-b2b6-28efac86e98bFilesize
905B
MD5c3bf8897df418ac290d8496fdbb828d9
SHA10b79bc40ba017aab50b29d7f049f5a5ab93d53b5
SHA256d0c03967428d6690e761c0288d9441d64af514eec072f4e8c15e9450f9e62d45
SHA5127739727a0877bc512ccaaf267bcfa3852d3ea109b9eb0c190b5528df9632b1d93f10deb2d7eba67735bc22d12df4cb5ad021533b88cb66c77fa124c1d80d1fc4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\f942f471-2676-41cb-99a5-502ba7d20331Filesize
982B
MD5245c72690ef922eaf36e5daeb43acaff
SHA1e74685599d894bb511507e149c9e3eb61eb98355
SHA256a66b3f23c024c9a850d41bc719017c67357c496c39403649d6d080da50eec5e1
SHA5121a4127a4d0f5d82fe8199fcd2cab32e6f67d2413d1413073defa5c606edb3af72a064e51b2a552bde47ad5ac0b6db83ebbeda8a1b5d01f541f915aa4f001de99
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.jsFilesize
8KB
MD57a3b84ec849f9b873b0b11293998c18f
SHA13a760ed5fd1d1759278c1da12db83e1c2a45bf1f
SHA25600c7f51e435dfa97d58c40870140ec3b53378559c13167862989c5e81ac12533
SHA5121b999b0c1e62a9fce4fc87d5ed1dd39b3ed09e576d59b948f3f9d5dae72f91c27b1f22c45df6f5977f0cbf24697933b65a76197e28cbf97898c9d88bff2ceecf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.jsFilesize
8KB
MD5939ba4579e91732b96219e7feae8efbe
SHA15343b875ecd97d2c275613582ea2e477b8f916c0
SHA25663689b9e2012a01e75176cb91a17fc3f6f670913bc0835a6ae518a4b965ddbcb
SHA512a1335372a8a0bed22f233a501194346c2c0b6c1036ff6054453349da108bda2740702242f17cadd9214e7d5d9694ad08839ee273ba17271572977e1576a2c8bc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.jsFilesize
8KB
MD5aaafaa230794d4a6ac21182284ddeb44
SHA1b20667e4cb61c25ec2575ab8f5ead2439d6bc78e
SHA256ec9c8752d8c1bf804b553f101788440e9c2ae59f44111b1f3fbb0d1fe22d4895
SHA51249e8293ae283a4a700aedcf3a36b2b1a124fb2d199d18683b2569ad47169263ce5db92223fefccecdd0c612b70216e7eaae1691bd4c188ab1f931373204dcce3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\protections.sqliteFilesize
64KB
MD5d7e5433a87ae3a30de4ab9adc47023bf
SHA14edaec48083abd90bc532ba8dd015fe209b0e439
SHA256c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e
SHA5129b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.jsonFilesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.jsonFilesize
288B
MD5362985746d24dbb2b166089f30cd1bb7
SHA16520fc33381879a120165ede6a0f8aadf9013d3b
SHA256b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA5120e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json.tmpFilesize
53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore.jsonlz4Filesize
1KB
MD5f9b9f6b6794f1e76af2feb2e36114b97
SHA12cba71ebc335fe802020a5e6eaed01fd4b9c27bf
SHA256a3493248b2f2ba9c623b1eeec62c8a86ccc4299f6104dd286cda2d081be5f55e
SHA5121c80d73fec59cbeb2588d496c21cafaf9ce071872111fc53b64a370fcab613b00b393ded4ccf6bf9fc0fa0ff1aa458cba3069d18d38af1c25d743d5b9e0a93fb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\xulstore.jsonFilesize
217B
MD54cbdfc4880bec82d84bce21747789706
SHA1e11d96dba2f23684d3c47e915103fde230293a23
SHA25609df9aeebf64843204519e11c0c2d42816576965866bac84aa1b0cb58945a910
SHA51221ba56a3558b1f2e6dc2c2e6f7589d3d2d8371c924e066da961eed61b8423f520c5d1eb0aec3a00fb0032fa398d3cd3051d2f27976fbe5dc2a18777d8c71b456
-
C:\Users\Admin\Downloads\2SOaiLhw.sh.partFilesize
132KB
MD559ce0baba11893f90527fc951ac69912
SHA15857a7dd621c4c3ebb0b5a3bec915d409f70d39f
SHA2564293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7
SHA512c5b12797b477e5e5964a78766bb40b1c0d9fdfb8eef1f9aee3df451e3441a40c61d325bf400ba51048811b68e1c70a95f15e4166b7a65a4eca0c624864328647