Overview

overview

4

Static

static

1

bitch.txt

windows11-21h2-x64

4

Analysis

  • max time kernel
    258s
  • max time network
    255s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-07-2024 08:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bitch.txt

  • Size

    43B

  • MD5

    0115a42aa3c20de74eb732031f0bbc8d

  • SHA1

    60724033944aa856b81ce5ccaa70e55665c0de54

  • SHA256

    f05abd96955b6745fbe1bfe25d1740710a4b20099adfe3a942272ca0c5674fbb

  • SHA512

    80ddb8336e2ce121adfa2f1a9026653585774bc663a459427006e077ce04669ed3727398cefec7de7c86531e2c99e773d389f8c27d7065e0e496d21ded6f93aa

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 37 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\bitch.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\bitch.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:5680
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2076
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
    1⤵
      PID:5620
    • C:\Windows\System32\oobe\UserOOBEBroker.exe
      C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
      1⤵
      • Drops file in Windows directory
      PID:4176
    • C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
      C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
      1⤵
        PID:5548
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:5968
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004D8
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2732
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2112
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2944
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb0df897-6e9a-44f4-9eaf-61e7f2b32cea} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" gpu
            3⤵
              PID:3976
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2348 -prefsLen 25787 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3866f31d-2650-481a-a737-79e90c91a36d} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" socket
              3⤵
              • Checks processor information in registry
              PID:3112
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3240 -childID 1 -isForBrowser -prefsHandle 3284 -prefMapHandle 3028 -prefsLen 25928 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb6cbb13-33f9-4179-bfe8-f65bfacc4ef8} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" tab
              3⤵
                PID:3124
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3556 -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 1272 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0260a0d6-30d9-45d6-9d9b-3e7b6bf3c8d8} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" tab
                3⤵
                  PID:1596
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4876 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa4296db-edc0-4eb1-a1fc-a4fb4273cb75} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" utility
                  3⤵
                  • Checks processor information in registry
                  PID:3284
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {395871a7-9d5d-4348-9433-09ae300928da} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" tab
                  3⤵
                    PID:5484
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9b6fcec-fbd8-41b2-835b-f4dd7a4f2970} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" tab
                    3⤵
                      PID:5176
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5324 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1080 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c709bfeb-9dbf-4fa8-bbfa-148fa110c011} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" tab
                      3⤵
                        PID:5528

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\activity-stream.discovery_stream.json
                    Filesize

                    21KB

                    MD5

                    67462592e14e4806dffbac4bf1c41453

                    SHA1

                    14c6439976646864554c4b248f40bace502fe4fd

                    SHA256

                    602a3dfdc07bb7ac5f2c4d191a710f10f286ec1edb05c190be82851353795e61

                    SHA512

                    9d01421f0ee2fc3b391e2c68901afd16971fe937d279687b37d478030151baf754f5f46aa3b6d85e1100390b39b3f4129ecf23aaa06c57c3d76e5a5d98a366ae

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.3br47z8760aq4z4lgwo2wvjod.tmp
                    Filesize

                    9KB

                    MD5

                    24ebdb1228a1818eee374bc8794869b7

                    SHA1

                    79fc3adb42a5d7ee12ff6729ef5f7a81e563cd2d

                    SHA256

                    92a7d7d3b0bfac458ddcef07afcdad3646653ba7f4ad048fdd7a5ec673235923

                    SHA512

                    63764d99a0118fac409327d5bf70f2aa9b31caf5277c4bc1e595016a50c524cd6c3d67924321b0fcad12cd968de1a62bd292151e35fd907034efd0f40b743d6a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.etkbi57vee8rqo95vg87016ee.tmp
                    Filesize

                    1KB

                    MD5

                    4085b7b25606706f1a1ad9a88211a9b7

                    SHA1

                    31019f39a5e0bf2b1aa9fe5dda31856b30e963cc

                    SHA256

                    b64efcb638291c1e1c132ed5636afbb198031cee44384f3ecf67d82b73accecc

                    SHA512

                    9537559523839e3e708feabe8c04f40236add7d200ec36bad00c10a69337a15001103c17093dcc0d8cadb4713d911f39a6411624c1db4cbf1ea1af272a716168

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.nb3j5o9y8pj52n4hpmfzy3wj.tmp
                    Filesize

                    2KB

                    MD5

                    530f1945913c81b38450c5a468428ee6

                    SHA1

                    0c6d47f5376342002ffdbc9a26ebec22c48dca37

                    SHA256

                    4112d529734d33abda74478c199f6ddc5098767e69214a00d80f23d2ea7291ff

                    SHA512

                    3906427ffb8f2dfea76ba9bb8cac6bd7dece3ebee7e94ea92da5bbdb55d8859c41260a2bda4e84fab7e1fb857ad12a2e286694ea64d00d0aa6cab200fbbf64f0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                    Filesize

                    10KB

                    MD5

                    2aaa4134481f6d4ef6b44658d489618a

                    SHA1

                    a30f020b4ea91f8bb2875813b2e8036a679e74c1

                    SHA256

                    56ffdcba29a25e206349d6f8805f3c8559d7b2eab82475e6b8fc6316c02aa964

                    SHA512

                    f4ffae089eaacfc819103dca1c330995b90ab797d3b2e9403da909691cda4cdcea2ba7b97046cd14c84c44bddc6ee565303b9dd4273dd1444224a343d4591b45

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\AlternateServices.bin
                    Filesize

                    8KB

                    MD5

                    4c3e910e129b92eb2ef9c729ab99bbe7

                    SHA1

                    26e8f7b635169ff7f393b4369b3a6e3e4a12993f

                    SHA256

                    7fee98c53a82fdc3aff19d3d828c8fdae7a5515fd66c378c0bd2d44f02b46c28

                    SHA512

                    ed90995d6f0673be4e8f2653bc3aee902420b6741be452738507486e6a7f3497f4945ca773daf4c76e3dc5804209d039a463c9e2381832ca794b756a10d41b10

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    3c01253fa7da9d1dbf6bb847eeb813f5

                    SHA1

                    24a11263915df8564357956d0a1911526808b5b7

                    SHA256

                    771acb2f11bcb39225fe31b7c46acc20216fec4fc624748d6495a1d9cb6fa35c

                    SHA512

                    40a7b2301a8f42c6372d08a2c533122b85dbb5ae6d004779b641cf572e607fa5eca5e83f20329ed8bddf0d0536b88cb373a414b6dbf667efdf7fc174952f128b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    14KB

                    MD5

                    2b80025a0cdf50537453456ca2ef615d

                    SHA1

                    8c169f6ee6d62b02ba13a201c3c779dbb3307b94

                    SHA256

                    8b4f3fda10a033c99a4a6ddceb222e1b75964508a0895f6006a4b9beaf5331e0

                    SHA512

                    93af2118d05841ef7fd3a974e68ef849f8ae6035550181f57c6907392eb778f9c5b38f15e13916821c49a8ec409828b2efb0f296747122e46b80ed5614c04447

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    32294998e82acbf1e266176fc786f4c4

                    SHA1

                    f0537d761368e5a7b44d060c72de388eedd8ac52

                    SHA256

                    4863bbc29c366186c8e98e41c6fe70c899c1d72357619a65f4000c606b8fe114

                    SHA512

                    d672e04a6edf826360ef02b8efc5cb8dce560f78d39ee6ba640a5a2bbe070d6e59633509d6241c226f7a697cefedc5920647482598378fe57f31b55126aad5f7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    14KB

                    MD5

                    d34a5f2cd66d29304de4dc990668a78d

                    SHA1

                    dcd472bc45894cc08d2b828affea2fbc0de1e8d0

                    SHA256

                    10ae4d4b48f534b09c8ad1c01d8870c0c99c56618798568d8742ab9a49b93f96

                    SHA512

                    245ccffaa17f3703cf29290864f9c754b4e0aec3e8940d758ca06c1daa8df28d0ba46edfcc7f64bde0230a5a8c84d4ea0a3e8c1f7115faad7a7bb7cc99a37fbc

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\3b03f6e7-c68c-41e1-b5bb-b2077df2f0f7
                    Filesize

                    671B

                    MD5

                    98b0b2d0e2f3af57b636e55da8046282

                    SHA1

                    54de4b6516e051e9718fc07f4a7aec51592555b7

                    SHA256

                    b4c3585d22c6f021a2926d23b25b5f1e828e1b4b96051dd23cbfa65801fc461c

                    SHA512

                    22e9e419b279697465362f66e8645d9bd2c979baa74f6c096f2f2e7e69c1bf6a2a5ccf7f38d088a9938bbd634764b7e5dc89d13c8160be70a506042ad753eaea

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\4c25f29a-a5de-49cd-9219-ba4502cd3c50
                    Filesize

                    982B

                    MD5

                    7781c1ad06577ef2ac5cf0d71e1689b1

                    SHA1

                    b5a8e9f509156b2334609bdaae565901661d1989

                    SHA256

                    3bb064d54c4536c2014cc3b03c94947c58d0923c12634c24af70aa3f1b40a3b3

                    SHA512

                    9f46127a676dc05c4d16f89bba2b5507f553372b3896b024766a4c9ce7930db373298d7395d7788ba632b94ad334f2c347a3ef43c5bb29dec6c5547fb6f3b428

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\afc0b68a-dbda-4830-b41d-bfc79f04c3b7
                    Filesize

                    26KB

                    MD5

                    a347ad6ecdebd322eee1f9f0b3626cc6

                    SHA1

                    153c00a07ff18f63d8abaaccd5dcc2aa3651f6aa

                    SHA256

                    2750bad0ca01bab062687093f4949cda5425f25acf954ba48909afb42aad796d

                    SHA512

                    39dafc26b7fa309c76910a2ad54156efe54822d42c28ada287718cfc52a7261871df6665990fd1b214cef8ab6ae0c0b8530e308e1d51c209a87a5b1c2bfd5033

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs-1.js
                    Filesize

                    12KB

                    MD5

                    f2f5753b0258599aff44df2dbdf8e600

                    SHA1

                    5fb7a5f899c01e416e12b9495f9bd588f39f5499

                    SHA256

                    d4150fcb17a1f599a3c2ebcfce2dee8a02f66a3fa60b218e8f3410e2e555e4f3

                    SHA512

                    b1c7809214455c2f7d358f234cfc88799b9f483b071031173d0f3d99e5c0f8c9c2630a0b061911f670825d62dc98da558af466c4cc60a4e14d837b2288439cc7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js
                    Filesize

                    8KB

                    MD5

                    abb9521dc55274a59086612675508b9e

                    SHA1

                    0b3050482cfa2170216299e72b55d06320ee006e

                    SHA256

                    88f5e213067c94bfdef9d8a7b3d85644eeb4686d7d09c43ec94fa6f0c320d2f8

                    SHA512

                    8c7fd521c31c9dbbe6e60423f6817456d4be9a59baf67033c20a31ff83a3919210b62fdcf36de74868367a72b6abf131d639c887c84a16f55a6a820895111543

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js
                    Filesize

                    11KB

                    MD5

                    6b7fc2d9f18f35f54c6cdf089edeff4b

                    SHA1

                    97a47f874c21c9614c0158c01cb8d46a80b09973

                    SHA256

                    1ace6ce350355be625fdf7680bd883392d4be3f3422ab8f7e0f27b51bf0d3e02

                    SHA512

                    9acb2f2024789b5b583f88d807f774acdcaec48b00d1998699d487c28651a1931bd840cf4eaffc978b571c447640e4490d0d9855e3d28b0b2f3b7d67fabb9d10

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\sessionCheckpoints.json.tmp
                    Filesize

                    259B

                    MD5

                    e6c20f53d6714067f2b49d0e9ba8030e

                    SHA1

                    f516dc1084cdd8302b3e7f7167b905e603b6f04f

                    SHA256

                    50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

                    SHA512

                    462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    1KB

                    MD5

                    9a442088345e225ea712605836bb4e84

                    SHA1

                    ee21bb622bf8dd7633f33a3d6294d6a81daf1b7b

                    SHA256

                    42f7270366c181cacca92ff0d601e1ef13eb9c67bea3ac87edb47e78d93537d9

                    SHA512

                    d329eb85b8908d89429bd2782b1301cc6592c5c7d60608e8a1c616ec46ff0914f001f18939ac420c14c5fe2a6a84fa688b0532fb1c18a03f9acabb5ad91796ac

                    Download Submit