Resubmissions

19-06-2024 11:20

240619-nfdfsatelm 6

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-06-2024 11:20

General

  • Target

    mig.rar

  • Size

    30.8MB

  • MD5

    f5a74fbbe227e97606196d2ec04b6b1c

  • SHA1

    fb859eb77b7b336469c0e5e9535de3e765aabaaf

  • SHA256

    9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae

  • SHA512

    8a1b1544e23b945d3770d375dcbb740b8b158f0b270d4ce89243a142f1e4b26607565040480d748fad5a5c8753a6bf009f3e3042b1ceb04e8cf6230a04852c27

  • SSDEEP

    786432:2PLsMBwJl1ek7ErWRPLsMBwJA6hd2NtumPTh7:MA3eRrWNAAoajTl

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 34 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\mig.rar
    1⤵
    • Modifies registry class
    PID:4152
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\mig.rar"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:96
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\mig.rar
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4920
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.0.1734048347\1363539524" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1632 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eab50d3d-9b5d-44eb-9f4e-2b66ceeab2fe} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 1736 2584d505f58 gpu
          4⤵
            PID:2836
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.1.33854124\1733839865" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aecddb17-8955-4e66-ab05-1794c12019ea} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2128 2584c30cc58 socket
            4⤵
            • Checks processor information in registry
            PID:4216
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.2.190135427\720124301" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0ea3816-d383-490f-a7b3-14a7c16bf301} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2972 258504dae58 tab
            4⤵
              PID:5056
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.3.1515027975\1573237792" -childID 2 -isForBrowser -prefsHandle 2900 -prefMapHandle 3136 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52092e34-2e40-4cbe-b9cb-502695097025} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 3580 2584ed31258 tab
              4⤵
                PID:4548
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.4.1292218975\1584590949" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a796db9-0566-4767-8d0f-f288bf6d908d} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4952 258527c3258 tab
                4⤵
                  PID:5060
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.5.2082575786\1465545882" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f6b950b-4b18-4aba-916e-98be0f9e5d18} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4980 25852d60a58 tab
                  4⤵
                    PID:1772
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.6.1262219947\181371767" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c749f3-91e9-462c-89ff-4c547f37b3ef} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 5260 25852d61658 tab
                    4⤵
                      PID:4132
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe"
                1⤵
                  PID:4908
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                    2⤵
                    • Checks processor information in registry
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    • Suspicious use of SetWindowsHookEx
                    PID:5012
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.0.548709657\432600519" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1576 -prefsLen 20871 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97399c98-6da3-4f60-acb5-f22b6a3aed7a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 1700 175d0cfb958 gpu
                      3⤵
                        PID:2284
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.1.1933307694\606107590" -parentBuildID 20221007134813 -prefsHandle 1980 -prefMapHandle 1976 -prefsLen 20916 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8739bb71-c330-43c3-aac6-94aeaf38510c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2000 175d093a658 socket
                        3⤵
                          PID:3808
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.2.1586821445\1323031595" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3000 -prefsLen 21377 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead71206-55c6-4525-8b3a-bb7a645ad093} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2652 175d46cab58 tab
                          3⤵
                            PID:4980
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.3.1930198894\347114784" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26555 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb71f876-c24b-494e-a026-ce8819599a7c} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3488 175d47be958 tab
                            3⤵
                              PID:4416
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.4.2135217086\211353119" -childID 3 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {83da8077-5927-4ba4-8e6d-c5eb8d10b3b6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4360 175d6faaa58 tab
                              3⤵
                                PID:4728
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.5.300875890\1092511026" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f4ed84c-9743-4e1b-a69d-643821cb52c6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4948 175bea5f858 tab
                                3⤵
                                  PID:1188
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.6.864033129\357177316" -childID 5 -isForBrowser -prefsHandle 3476 -prefMapHandle 4872 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f10de7-fb79-4f61-bbc3-f5aedfc54697} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4400 175d7bab858 tab
                                  3⤵
                                    PID:4904
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.7.2079774976\581414487" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26614 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55dc869b-da4f-44fb-b679-c49f3ee6f08b} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5180 175d7babb58 tab
                                    3⤵
                                      PID:196
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.8.938767015\1311018856" -childID 7 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb33fcd-294d-4c41-ac13-a39c8fbd989a} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5540 175bea5b558 tab
                                      3⤵
                                        PID:5044
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.9.110112706\1650064580" -parentBuildID 20221007134813 -prefsHandle 5532 -prefMapHandle 3244 -prefsLen 26879 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c373c6c-e47f-4c7b-83df-8f3800c9b779} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9872 175d592e258 rdd
                                        3⤵
                                          PID:1380
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.10.604370340\1147046307" -childID 8 -isForBrowser -prefsHandle 9508 -prefMapHandle 9512 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e034efa-edfc-4ec5-8e32-834d94417ac6} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9500 175d89c2858 tab
                                          3⤵
                                            PID:5072
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.11.408371872\1923070658" -childID 9 -isForBrowser -prefsHandle 9500 -prefMapHandle 9484 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfa1d075-8ef2-40ca-9520-2124fc720cf2} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9336 175dae96e58 tab
                                            3⤵
                                              PID:4756
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.12.1997064004\1240957416" -childID 10 -isForBrowser -prefsHandle 9156 -prefMapHandle 9152 -prefsLen 26879 -prefMapSize 233536 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f09542c3-a83c-48e8-968e-c84ae5e49f7e} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 9164 175dae97758 tab
                                              3⤵
                                                PID:2152

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                            Filesize

                                            9KB

                                            MD5

                                            2a5d991dbc7939a7f05d6292ba1b95f6

                                            SHA1

                                            3c0a66a7556cb4d4c7ae0e850070704d50ca0187

                                            SHA256

                                            2f367158dd88b014d21cbbc1a8b6f1303dab478ab5b0c1323081e7c3dbea1dd8

                                            SHA512

                                            e8214a6f7f13db4e378236e54c3670003b8b1e6d346ad95814dcd9cee0b0cbe64dca3117b37f4650197aee437946a2bdbbe15de682f1890492287782c98b50c6

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                            Filesize

                                            11KB

                                            MD5

                                            cd6beff75cf34f10429b1699b254c2e3

                                            SHA1

                                            da40ee47bcc201b301bfff7f9141e31edeba9185

                                            SHA256

                                            dbafbf64c69592e0b06a7f3d40a309d80fbdd4ef88cdfe61e2562ce6abcfc1c9

                                            SHA512

                                            f4c85bc31a8024256b18dfcf1a295ffc3ab2180d1a7061091d174bf4f0ece6acabaf7b2b34de740ea1be45c355597876501c247266138f32ff6571d5f7b165bc

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

                                            Filesize

                                            13KB

                                            MD5

                                            63376b50631f9a4968eb6d2b9c6a4938

                                            SHA1

                                            378d22ff8bac83db73c2143c8f617c0e706f59a0

                                            SHA256

                                            6aaffe0d1a052a10ca93372065cdde06f9aa13e691ac0219b5cef0ed34309255

                                            SHA512

                                            f44b646653d117392ce1058c42ae66945ad367dc1838d1fb1b3d2d4eb96fa3909fffbb9aecf08fd1e138791eb973d07de5b8bea370a4a5c366a3cf1a499e7a0d

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.bin

                                            Filesize

                                            458KB

                                            MD5

                                            ba124be5761a8fbe221625fec2d7ee84

                                            SHA1

                                            f8617b00ee3c0d312c28852369da1878d564ad73

                                            SHA256

                                            2f4592abf022de009ea331c95b31ef760e78efa67b20c7d66b054e8914d027dd

                                            SHA512

                                            53ce61703079932f08d881d51daa75f46a808b1ce64c1c0c85d56b6af2e6922294ffb7245ffa6375b8106ffd6e9750612f1ce53b97d955e792a707a2c277cbeb

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin

                                            Filesize

                                            7.8MB

                                            MD5

                                            96a3edf9bc4f7adfe3a36c81bfa326c2

                                            SHA1

                                            e7dcba185cd5b1db12e407d1bc6123c1519df15f

                                            SHA256

                                            deb057a910e0c0f33f841d236ec56e197224eb6bcf10f8f702f8cd488fa05f1e

                                            SHA512

                                            ffeea7557ad6ad612532fad25a4c29e5f3136e8316a66c50bcb8a11db24f59f3e250aed01caa304877fb21b054653c5885ec8ecf8bbc85e2216ef99d083f395a

                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin

                                            Filesize

                                            3KB

                                            MD5

                                            78e9bde83fbbd72e2404532880b2b473

                                            SHA1

                                            0ce1a50e320f9e019ad2e9bec8c8e32a710a2bb3

                                            SHA256

                                            9ed3efe6ae9073daabdae60d35cb57276377b4106d6e33ff75c5754a62e7e33f

                                            SHA512

                                            83aa93970a39209a876d37889f4e8e673578055a6798b586565e030850ac7cbe08ed4fe09a702ca7171653c9ea317b058157b12c037d0e08402d2a50186a9167

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txt

                                            Filesize

                                            163B

                                            MD5

                                            d03fe0ce1a5907cbb8a6904c15cc53b3

                                            SHA1

                                            363cdc58a832031aa533f2ce6f4f50a8aa8910fd

                                            SHA256

                                            a5b8fd4d4720329e6875bffe183a39bcf9612cf1b784c888a8665411e1cd8ac3

                                            SHA512

                                            b4ac52688dcb4402161c26b572741a69d819abb92f509194542f327d0edfb3af8037d98f92a2e245d2dcaccf7c920d1aabfeb28772bfca7d6f034be843b13e65

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt

                                            Filesize

                                            324B

                                            MD5

                                            6ab17f83f6a990949a2670330ecd5335

                                            SHA1

                                            4ecef939aab21b9f1be25b44d89a2fc284d89d9b

                                            SHA256

                                            a937bb55b3c88e94907be287244fa132b10e15740a078e29ac9bd2382d792603

                                            SHA512

                                            3d3bb66cd0584c5e1c814b6a69cf1aaeb9194fddd20192029f5137cb94dba9a26fb5b6e4b25030c510f037d9bba8011283052181223f01c22aff9bfcedeb2508

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.db

                                            Filesize

                                            224KB

                                            MD5

                                            ae9be5ecea458a0a5d7a48c997db7f67

                                            SHA1

                                            2bf3217a38c6a2471fd727aada9b352b42ebe79f

                                            SHA256

                                            a7ca2edb552a6754ce7be3dbb4e1856b5b0bd00bcfb88b16ca78bb04e8d4359e

                                            SHA512

                                            43e9a2ea7ecadc0b2a1e720f4a9e698ddec9486849725ac428867c695624300b74a580bb4bbd63d87a9862460cb37aa173133679e7d8d999de97e9446f82d362

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

                                            Filesize

                                            2KB

                                            MD5

                                            2648406df869daf6f7b0b63c228aacd0

                                            SHA1

                                            99a181bbbb8b3d6907cfd04c3d626584c345ab95

                                            SHA256

                                            238ce1a280c329872b7ee1fc3c8791dc82dc5614cfbe2fa4896cc966e356e486

                                            SHA512

                                            caea151d3dc7e11fbb6b2b3c656bf4c2ac43869cf595f716f6310293dc47991234f21314e76f0d1e216516e1f61c144cd738ce055e06dcb81d96512371355424

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

                                            Filesize

                                            4KB

                                            MD5

                                            f3aa0d48ba52eb53fc74832aab250ff2

                                            SHA1

                                            676e739b686e71258805dfa7610d63befb353837

                                            SHA256

                                            2467a71f47f7d793c56dcfea267a0cfe0c3f342f082b48abe77aa2d7e0b192d7

                                            SHA512

                                            04616ba138bd5c459c11c92d5364237977accc9159b1f4bce2cd5b976b6e70eb65ce1ed4d1e7e3e5c8671beb9627369676207254a0fa05caafe645529f48abe2

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\58a5a68f-a2d1-42a3-a9c7-559818c05e4e

                                            Filesize

                                            746B

                                            MD5

                                            f88f4a42d763e52d93e8e2d04e809134

                                            SHA1

                                            0f1e3b262f08f9101d981a9900bd7e977db7bf86

                                            SHA256

                                            726cd0bcae54c4e5823fe4b25116ee07b3f08e55d26a1c3f69f55cef1707478c

                                            SHA512

                                            bf339c5829b9147ba1c807d3dca0a4c3a8869151988f88deca1c08ab3a5eb126d294281c6ca5c631e7af7a8c69b908554143e84ac8ae3a2ade2c4c102d9ae615

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\79b410de-f328-43f9-a464-e5e033913f8f

                                            Filesize

                                            657B

                                            MD5

                                            ff1234ca66cfa93e9695d738992fdaa9

                                            SHA1

                                            e0629bbaa1b28c1a9bd6109908b9fceb55e2ff35

                                            SHA256

                                            0f57d2ea75c4b4d30845fe3510c76f46c234ab2f21ce428aa828860b58e59370

                                            SHA512

                                            6571c6345d28277d88636e3fdaf1b3efcb133ea19db48479b6ad1014ad1ee8108d82c187eb03da639cb7d0f10584a8b4c5c7a3b3c3349f4ea539ccc635ba0fbd

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\8590be2d-85e5-4b05-a2a7-12344350c942

                                            Filesize

                                            10KB

                                            MD5

                                            a6859621859e17dd64da3693e597f864

                                            SHA1

                                            d5ff0388c89ee08690c7a478b5dad98ee0bbf672

                                            SHA256

                                            294d622bb5b9cf29ab9c4439cdc10fc0b6288069b10526d7c6d86db34c3035ee

                                            SHA512

                                            8ff4d5a3b97a939f7c066d5433f47f445234f8179f36b40cb4cbbd2ea33e6e8070e2c624ababb2dd565255c09491cd64a8672a43ae7f4f02d848e4aacf72c899

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite

                                            Filesize

                                            5.0MB

                                            MD5

                                            ebdc8a10755644311b89fd4ead0bbdec

                                            SHA1

                                            8762835c61375df637416676d56e5bd5797c10c8

                                            SHA256

                                            2d0f5cd517d899f2373806e16fdfd9757f094dcad61a2008e21380da4ca48692

                                            SHA512

                                            cf74f53c660a582d8bb40afd3d31bc1a6ce0ae57b98dfb95569fcc1167634f4af429ebb54cb81f08472071d7643f1f888cc8694c8e0849bec73b097792e00004

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

                                            Filesize

                                            6KB

                                            MD5

                                            883e26bb5ae3aa94c1f7bd4314dc75dd

                                            SHA1

                                            da17c67806fd00e07845ee95d9950aff49267b90

                                            SHA256

                                            8adcfb82f660d2ae736c21141d4052c81eb192a7fcf3fc3fc9e2a13f7e52b98a

                                            SHA512

                                            a671b1eba634cd6e659d8c01d22d115629b79bed6c819e63fb2c0492cbd15b031cd11a778430b2e795852f48fc170ad0db2af6a76dcbc51afb419210fe61f64e

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

                                            Filesize

                                            6KB

                                            MD5

                                            9f2e29af97c337b0a1f75a5f0db7daa4

                                            SHA1

                                            233d14f0e1493da4ec54e6d558be6771e570d8ff

                                            SHA256

                                            dfa1bdefeba851772b9140bd9e8e9aa1b575913ba67d44f7eb54ecf96bdff488

                                            SHA512

                                            3c22b987e300ee3cae283a0930e89ce153cc782ca4a66bd895587b2f143caa459fdd91f65ea3e5942c968cd3b8e9e68f3614c172c0612d52d359e27d667d7f41

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqlite

                                            Filesize

                                            64KB

                                            MD5

                                            49397db0486dc59d607907a086f40c9b

                                            SHA1

                                            08742ce9db9569062def08e99eea8470702feb7d

                                            SHA256

                                            890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

                                            SHA512

                                            fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json

                                            Filesize

                                            288B

                                            MD5

                                            362985746d24dbb2b166089f30cd1bb7

                                            SHA1

                                            6520fc33381879a120165ede6a0f8aadf9013d3b

                                            SHA256

                                            b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

                                            SHA512

                                            0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

                                            Filesize

                                            53B

                                            MD5

                                            ea8b62857dfdbd3d0be7d7e4a954ec9a

                                            SHA1

                                            b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                            SHA256

                                            792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                            SHA512

                                            076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

                                            Filesize

                                            90B

                                            MD5

                                            c4ab2ee59ca41b6d6a6ea911f35bdc00

                                            SHA1

                                            5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                            SHA256

                                            00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                            SHA512

                                            71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

                                            Filesize

                                            1KB

                                            MD5

                                            f0cbd46100f12c56d8fae2f9d68976ef

                                            SHA1

                                            cc8681b77cb8d185631f8bbffd84ee447ad9fc3b

                                            SHA256

                                            e65e95fd4378d074c2f09c86f28fb2020a3a3858715f1752dde4fd95691811a1

                                            SHA512

                                            e9268459109f91baf4d62bff8eb1de2acb8afc2f355f19101037b9352b86c53278c3e0a9264d8477084c22f57cd49c4e93f147e990c94b56e704b49da0c3b870

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

                                            Filesize

                                            1KB

                                            MD5

                                            7b66e749a31e901f28bc02ffef78598a

                                            SHA1

                                            7bed739f790ceec0d223c1d65c0b2c947dbec15d

                                            SHA256

                                            a6468655a8c0f59a376c0937ab41dda0bad13fbd5416e57f8cc108a23330d469

                                            SHA512

                                            e7ea963473b66b4403854656649e883d810878017f3e70740a8501e43fa88851c8df084df7216c348fc2a844525149ed8f0ba0e0adc875e4e1cb224865e20d8a

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

                                            Filesize

                                            647B

                                            MD5

                                            1daab3344552b1029d2dc64e281eec27

                                            SHA1

                                            4314979740f3b938ba0f903654762649bb1eb57f

                                            SHA256

                                            038385794b27bbca12a2c46f60d2a8bc65abe9e302428ffa72ab4dff3285c35e

                                            SHA512

                                            e5dc5a45759979c22e6df2e887559aa3a49fce194d0c99585c141dc30a91b50e5f885feab23a6a3a3481042386a78d188c57a93784763b432c8d80385d5019bf

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                            Filesize

                                            48KB

                                            MD5

                                            14ae155c2e864ce7c50f42c2724cd2da

                                            SHA1

                                            e487403f5dcdbc3228ba7c7a817e33eed9a5a521

                                            SHA256

                                            4db348b54f151afda5d1d155de5e576396a84f6086c7a6ba6ebfd72215296d7d

                                            SHA512

                                            143541d02fc58e1d79efa39392dab83e8d595778858c7eb27b6ea1479324c9034d883b16635ebe379c75afaa3e843c7e6df91f134985a6c2e6462e46db462c5d

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                            Filesize

                                            184KB

                                            MD5

                                            3018d1aad8385b734068dbad441e344e

                                            SHA1

                                            2a3925bc92ec843db64b6db2cd6fe18ccf084a86

                                            SHA256

                                            f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

                                            SHA512

                                            7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                            Filesize

                                            184KB

                                            MD5

                                            1eadee17eb5170b7fd19d16f83948ee3

                                            SHA1

                                            1df425538a67802680339e4cd3e1926c7c39ce9c

                                            SHA256

                                            f060c3546dd41785ed96b74fd8572193e51c8fdabcbcbd7b99b797e638a85737

                                            SHA512

                                            9e080d3c8068338266d6797e77dd9e120d45b42ebe749bad06b6f2ce65213de529ad4510337670ef82713373abd9f6f6f8639b62b7e403f586c8fc5b8d55cf19

                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json

                                            Filesize

                                            217B

                                            MD5

                                            58e240288763218d12bf235d34e5aee2

                                            SHA1

                                            89135494b57f590011c09668dec3b90d2c5ee9ae

                                            SHA256

                                            615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176

                                            SHA512

                                            caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

                                          • C:\Users\Admin\Downloads\KmrSCnao.rar.part

                                            Filesize

                                            30.8MB

                                            MD5

                                            f5a74fbbe227e97606196d2ec04b6b1c

                                            SHA1

                                            fb859eb77b7b336469c0e5e9535de3e765aabaaf

                                            SHA256

                                            9d2c6becf74342dbe3b00ee4f0e01aae146d3ae54ee89058c56702ef0487ccae

                                            SHA512

                                            8a1b1544e23b945d3770d375dcbb740b8b158f0b270d4ce89243a142f1e4b26607565040480d748fad5a5c8753a6bf009f3e3042b1ceb04e8cf6230a04852c27