Malware Analysis Report

2024-09-11 15:59

Sample ID	240615-vzhceasdqp
Target	https://j6lyat060624q67.xyz/08f10c664042c174f24981a4ec6e3b3e4105598b_1718450383/file-dln_666d78cf14318/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable-
Tags

score

1^/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score

1^/10

Threat Level: No (potentially) malicious behavior was detected

The file https://j6lyat060624q67.xyz/08f10c664042c174f24981a4ec6e3b3e4105598b_1718450383/file-dln_666d78cf14318/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable- was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

Checks processor information in registry

Modifies registry class

Runs ping.exe

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

MITRE ATT&CK Matrix V13

Privilege Escalation

Defense Evasion

Credential Access

System Information Discovery

Remote System Discovery

Lateral Movement

Command and Control

Resource Development

Analysis: static1

Detonation Overview

Reported

2024-06-15 17:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 17:25

Reported

2024-06-15 17:29

Platform

win11-20240508-en

Max time kernel

126s

Max time network

134s

Command Line

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://j6lyat060624q67.xyz/08f10c664042c174f24981a4ec6e3b3e4105598b_1718450383/file-dln_666d78cf14318/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable-"

Signatures

Checks processor information in registry

Description	Indicator	Process	Target
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Modifies registry class

Description	Indicator	Process	Target
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Runs ping.exe

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\system32\PING.EXE	N/A
N/A	N/A	C:\Windows\system32\PING.EXE	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of SendNotifyMessage

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 2824 wrote to memory of 4108	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1136	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe
PID 4108 wrote to memory of 1660	N/A	C:\Program Files\Mozilla Firefox\firefox.exe	C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://j6lyat060624q67.xyz/08f10c664042c174f24981a4ec6e3b3e4105598b_1718450383/file-dln_666d78cf14318/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable-"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://j6lyat060624q67.xyz/08f10c664042c174f24981a4ec6e3b3e4105598b_1718450383/file-dln_666d78cf14318/?source=12&grp=17&file=&q=Bandicam-7-1-1-2158-with-Crack--RePack---Portable-

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.0.48028796\1112052827" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1800 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0892ed4-0e88-485a-94ff-3f4335bac2c7} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 1892 24ee6105358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.1.1524782433\40954044" -parentBuildID 20230214051806 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c26f2751-1ac9-4976-8e81-728fed4c2720} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 2440 24ed1e8cf58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.2.22797162\687314207" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2904 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22a7c687-7411-4451-b339-af267072b1c4} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 3012 24ee923eb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.3.645724264\1845435008" -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {147ffc01-0f1c-4e60-9ebf-9ae39c596f2f} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 3676 24ed1e7f458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.4.136683821\1529764792" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 5052 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bbae4a8-81af-4511-adc3-e69584995a71} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 5056 24eede30558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.5.165894597\561550485" -childID 4 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {972c892f-7c76-4780-a358-f472b34c5954} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 5192 24eed06fa58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.6.498187198\246439802" -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5476 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7400b44-18b7-49c0-8b00-8d9de755a141} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 5492 24eed070658 tab

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4108.7.2111854467\1180689831" -childID 6 -isForBrowser -prefsHandle 3036 -prefMapHandle 3024 -prefsLen 28816 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7183790-c565-40f8-a014-99c50cdd22a2} 4108 "\\.\pipe\gecko-crash-server-pipe.4108" 2844 24ee4c08358 tab

C:\Windows\system32\PING.EXE

ping google.co

C:\Windows\system32\PING.EXE

ping google.com

Network

Country	Destination	Domain	Proto
N/A	127.0.0.1:49727		tcp
US	8.8.8.8:53	j6lyat060624q67.xyz	udp
US	8.8.8.8:53	contile.services.mozilla.com	udp
US	8.8.8.8:53	spocs.getpocket.com	udp
US	8.8.8.8:53	getpocket.cdn.mozilla.net	udp
US	8.8.8.8:53	content-signature-2.cdn.mozilla.net	udp
US	8.8.8.8:53	shavar.services.mozilla.com	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	firefox.settings.services.mozilla.com	udp
US	8.8.8.8:53	8.8.8.8.in-addr.arpa	udp
N/A	127.0.0.1:49734		tcp
US	8.8.8.8:53	contile.services.mozilla.com	udp
US	8.8.8.8:53	spocs.getpocket.com	udp
US	8.8.8.8:53	getpocket.cdn.mozilla.net	udp
US	8.8.8.8:53	j6lyat060624q67.xyz	udp
US	8.8.8.8:53	content-signature-2.cdn.mozilla.net	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	aus5.mozilla.org	udp
US	8.8.8.8:53	spocs.getpocket.com	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
US	8.8.8.8:53	google.com	udp
US	8.8.8.8:53	push.services.mozilla.com	udp
GB	184.25.204.32:443		tcp
US	8.8.8.8:53	browser.pipe.aria.microsoft.com	udp
GB	184.25.204.32:443		tcp
GB	184.25.204.32:443		tcp
US	8.8.8.8:53	google.com	udp

Files

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5	c309f95793a5a3a703362879c0bdb0bb
SHA1	b24d8912f886841e51668ed3358045054723f987
SHA256	21ee0289f4332a3d16380597023ca38af67af7b8b8d859d7b0bd578ef07b2f14
SHA512	291f41014bf9bbcf17503e7d024944584eb8fdc7467c7a8af859e287f475dacfa75741eff202ac81171bf00e46ed0802a2135edc6bb99728cfd5556ada317ae1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5	1933fb61f23c674ee3ccb6978114ae24
SHA1	1be6b0b86ce9ab9abc1de4cb36d2507fd10d67f8
SHA256	f46b54e5641a247428cb497f0eadc594ca71510402f89425a7d736ca39001ed1
SHA512	aad16eaffcb3f823452be19f7554d3422b54445730499c8c4d6c537de81eff14260ba27f74f4f7fe26bc0f6d5fc5fefbe6cf1130d4e710223c515897a201530b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

MD5	9a1673948bb31f66f876972bbf82b0c6
SHA1	06f63db35001dcfcaa7dc820b373c48a98a517b0
SHA256	8bfadf3285dbe1865bc475bdfcc3d76f7f5f34fd5c59ab4c41de3399d0ab6198
SHA512	c3384cd3086c1ae5e7548ca5591e4b98949d207c91f29951204a32071c1ebd8b7b5b71f605faa88575f9fb54b67ffba1de463b9be5295245339e6f39d863902c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

MD5	77ff5b76db5a1457236a999c2f61ef29
SHA1	5295314269f2b0b6c5f64cbcff59778853c367c2
SHA256	8ea9f495520741d7c20750c81b039f01d554f9d4cfe8c4e3e681b9a453d5c156
SHA512	c7f2243bc773945ebb581a7e88f0f7d921ad83a558c9d80d1f38c5ba7a5741e0dd1b4896ef341d18eaf7f69c09b2ab91925cc6fea5bbd7dbb66f3ff2e833b84e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5	c723fdb2c768386a27e89db08777b2a0
SHA1	4400a0ee4ceaf086c9669908bfd6e371075a3605
SHA256	bf35103d5505dcb387f4d21e7ea796b90da4fb48b2235e4f2a8e27a952656656
SHA512	1b607d1dd32b5377f609a376f8f8f8f1fd77da5c6a1b3b30911bd23515cb4142cded7a2a9fd2658a880c18419dccecc60fbb48e1ee1ef10e228a56ded0cc1def

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5	567c0540bd87aa6d7b24bf916d838d65
SHA1	6c3256f0dfd2bd1af855c9d59bfc66515b3644df
SHA256	f4d033e5a8794fbdee8c90bd26051e67eb3c80850f9359cb7b272cde59cb6301
SHA512	457faa44789a506533149fbea64779ef4c754157c3a87b3e89d6f82ff2304b7c54aeaaa7acf4df95f0e720ba198c7f089a69594b09cc3fd00a4c7ca71280ccde

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

MD5	524121f14948ca8eb48580cefaed5aea
SHA1	32e6b53e8ee85fe7a6fb20de9db7bf8f472172c9
SHA256	660d67e180350f02982a487b7a12705f02d4eda4061b56f649007fc843659717
SHA512	82c40ae1f9cf6765cd29d9da0c08b8afa5e01a106ba0674762cba9ac2f6dc1a30e76f491eafab013c8f18f7882104bfad2f4b43c50743740f4539bc49dc03ebe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

MD5	115e0287a0c4e1db1716343719444083
SHA1	576bba7cb6046747d96e84fa9fe5b43642fa40fa
SHA256	35a4f7148c35a9eafc12782a1e6a92ab81c9c9e904b255a382ed808e1485a61b
SHA512	8407938f523e2d60c1ee154a44ae07dc7bed10b94c6ce3643ae30252c2b5a208c261a2e6e8c099b7c78589be2fd85f30b1b0a5ac21b9b8abd1a5c703eb711280