Analysis

  • max time kernel
    117s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/07/2024, 03:50

General

  • Target

    4733e0e5b18060021efc68cde49d5000N.exe

  • Size

    5.8MB

  • MD5

    4733e0e5b18060021efc68cde49d5000

  • SHA1

    ed972a3764e5096b79623cbb5caa75cc06f24b50

  • SHA256

    1ba45cd0782c5f07d93c0772a99ba3445a6e5e861c69573e390cd16f115f2e3f

  • SHA512

    9c12629d3b891def84fe88f6b1725bbe504ab84792f9e92e99a8da874eda6c27c2b18e1c64c738280318275392a0d33d64647f0297fd434f83d7679b0bff7a7f

  • SSDEEP

    98304:oGb9agIdGdUFP4PoRtG18frP3wbzWFimaI7dlo9NE:ygIo5cgbzWFimaI7dlKE

Malware Config

Signatures

  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

  • Detects Floxif payload 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
  • Modifies registry class 16 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 21 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe
    "C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Adds Run key to start application
    • Enumerates connected drives
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4236
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4004
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3076
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da30288d-7e38-4364-ba8d-0238ee464b0c} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" gpu
          4⤵
            PID:536
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1886c388-3f39-47b5-b43a-e2f093701095} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" socket
            4⤵
              PID:1188
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3124 -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3020 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0287b9b2-8594-4b8c-b537-82fde62a2ef0} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
              4⤵
                PID:4432
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4112 -childID 2 -isForBrowser -prefsHandle 4092 -prefMapHandle 4084 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b04aef7-f2e2-4756-aacf-a5a4f06167ca} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
                4⤵
                  PID:388
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4556 -prefMapHandle 4564 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d85f190-2c3f-4777-a7fa-c882283f61cf} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" utility
                  4⤵
                  • Checks processor information in registry
                  PID:5220
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5240 -prefsLen 29197 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3f91804-debb-468e-8e43-a01888452464} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
                  4⤵
                    PID:5828
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 4 -isForBrowser -prefsHandle 3400 -prefMapHandle 4284 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4badddf6-59f2-4b39-8c3a-6f05b02c454f} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
                    4⤵
                      PID:5992
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {841d043e-e56d-438b-8c5f-99f21516e8a0} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
                      4⤵
                        PID:6012
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 6 -isForBrowser -prefsHandle 5668 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1108 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab2b1d93-0f4d-4ac3-bf4d-9f8fa5188f97} 3076 "\\.\pipe\gecko-crash-server-pipe.3076" tab
                        4⤵
                          PID:6028

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Program Files\Common Files\System\symsrv.dll

                          Filesize

                          67KB

                          MD5

                          7574cf2c64f35161ab1292e2f532aabf

                          SHA1

                          14ba3fa927a06224dfe587014299e834def4644f

                          SHA256

                          de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

                          SHA512

                          4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

                        • C:\Program Files\Common Files\System\symsrv.dll.000

                          Filesize

                          175B

                          MD5

                          1130c911bf5db4b8f7cf9b6f4b457623

                          SHA1

                          48e734c4bc1a8b5399bff4954e54b268bde9d54c

                          SHA256

                          eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1

                          SHA512

                          94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\activity-stream.discovery_stream.json

                          Filesize

                          19KB

                          MD5

                          ddb5369dd8bc89eaf94b0df664cc8959

                          SHA1

                          8d8f4e12f71d6754cdf912fc9e6723b14cac64d3

                          SHA256

                          d4d8b6abebaf60f7b76ae158264a2a64a9d08a23143d72dd3204bd1faab298b6

                          SHA512

                          0b889953023e4885a89fb1c76890242cc7aa0952eef91c3f6fb3286d03b28fdd29f503b0a2edd71b0f7a5588556e97706c488535f6a22fc8d3890577d9dde337

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

                          Filesize

                          13KB

                          MD5

                          030b70d5ed3e2039f44d9274782ca0b9

                          SHA1

                          04f77a5c82182c9a21bb7af3a1e8203482c06928

                          SHA256

                          9a2f5333fcae5140ccedc3f599a895b30b804e91afc74e32fcfa2f81f131fc23

                          SHA512

                          1f6a08ff4aa3262d6f1ef98ec01154152437ec73cb84758443db0899668604816e32399cc9fde85d89e9c0b422089b676852c23d9411dacbf9071eafaf58879c

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                          Filesize

                          479KB

                          MD5

                          09372174e83dbbf696ee732fd2e875bb

                          SHA1

                          ba360186ba650a769f9303f48b7200fb5eaccee1

                          SHA256

                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                          SHA512

                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

                          Filesize

                          13.8MB

                          MD5

                          0a8747a2ac9ac08ae9508f36c6d75692

                          SHA1

                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                          SHA256

                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                          SHA512

                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

                          Filesize

                          8KB

                          MD5

                          6aaaa6b6532378769784878a80e06486

                          SHA1

                          326f6d64531e634882b15a7fdce793e5fdd5b1dd

                          SHA256

                          8e5d1d7215cc2f3fef7b975a38a321fcf45b56d8053fb757f1e019d78e7fd532

                          SHA512

                          85591980f304ae1d3dda9ed79f606b76dc89d790c8832ea2fd7495aa0a218f4adffb4b55fd6033a2824a5b5bc26bc55c520f6e01377a70eaf3b0fa31cdf58c4a

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

                          Filesize

                          12KB

                          MD5

                          29f8a1772a860bd7f7ccbb289a4770a5

                          SHA1

                          6713166224f091a662abe3ec55215b9a4c0b3a81

                          SHA256

                          3d6a74101b347e2bdc95e8c6c4e5301f1f581a4cf4921cd69e0bbdd32e42410b

                          SHA512

                          c56d238de26d8b3a5047a2babcf19bb7b8cccfd1cd3997d1c48c0d14d4571181c9fbd9ce04431d8b33d90805cafd358e67d05e8fbfbf740c2a4bce0827d4a2ff

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

                          Filesize

                          5KB

                          MD5

                          afae00f72496f0508b46bbac05c8ae82

                          SHA1

                          c2ce5267a8383ae90b4af50585099bd1f8c8866d

                          SHA256

                          d5755a1f4951ed76259e91f8e2a29dceb2bfa38c89173180dec00665ab4fe669

                          SHA512

                          d9cfef2d5e12ac35dada1f26aba8f8cf713d9f8d2341381bb1ff086d406312ecbf89e8d96a176de659d4889708dac967143c6d1d721c584329cd91d0cef29905

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

                          Filesize

                          32KB

                          MD5

                          28189666b16796cc92588a0f68422a4c

                          SHA1

                          94a4e53790c31e6c1aa7687dd60e6b7bcfbca9f4

                          SHA256

                          8901d83704b7c5dfdadf40c820a36d495279c872c7df0da0128b3368321466b9

                          SHA512

                          dd29f2fdeff7652e0924e0a78c858f77540c5c9ca76ad5c9a460dcafcb4526feb6d5e4044d17634139281c7e05b9d928fb9261bb2478e17319d49beaad845ec7

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\08fef3b7-6c19-49b0-8c75-d58b457ad54e

                          Filesize

                          982B

                          MD5

                          eef575d44ea406807775323e36f0f612

                          SHA1

                          dd1d267a2f940a01d0d0b658306722e10cb26a87

                          SHA256

                          d659b707b3c95287e080fb2d1691ee07e6d775435741cdc13fb5c5b5c512b7cf

                          SHA512

                          6f881b78f3079e68f02cb5f081c83783a6d980d17161ef464feebdfd5929aaee8689d7844ffde7eaef0fff8edd699dfcb3b5157bfaa98a74be0b2ce56a0ddcd5

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\a5e3c196-e58a-4d43-83c7-6c052dc3acc1

                          Filesize

                          671B

                          MD5

                          97abe222aab4bbcb67defe9053629c32

                          SHA1

                          be7ed175d78ade4fe190615986d82b355294b77f

                          SHA256

                          67c7c13278641f35d34e5c702288afdc5e24169739a99960cc4adbc619ee1f1a

                          SHA512

                          9f973a97321d209de372253f98fdec1add6b00177e48b240e2f13f74423b11e58ab268d613294b9f91974bafabf977974c077706e93af1a899e61c334b5b71c8

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\fb86c675-f2d1-4f8b-88cd-c6f8b2e8d2be

                          Filesize

                          25KB

                          MD5

                          5eba03a1fae42acc2dba87e16c13ce1d

                          SHA1

                          99a420eb19ce7b0bfe18e84498d3843e10a3133a

                          SHA256

                          7a4f0a560bcd089fa0218f77c9590b4f5bc74883c400c17ba2fe18a2a33f7153

                          SHA512

                          adf8c3feada2b99f673e52cfe4fd99b81fb0efb3945da4387911bc16468cafeebc2854c1ea1fa14cfaf806c70d10c34cb02902c546638ceac60918bb2feba246

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

                          Filesize

                          1.1MB

                          MD5

                          842039753bf41fa5e11b3a1383061a87

                          SHA1

                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                          SHA256

                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                          SHA512

                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                          Filesize

                          116B

                          MD5

                          2a461e9eb87fd1955cea740a3444ee7a

                          SHA1

                          b10755914c713f5a4677494dbe8a686ed458c3c5

                          SHA256

                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                          SHA512

                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                          Filesize

                          372B

                          MD5

                          bf957ad58b55f64219ab3f793e374316

                          SHA1

                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                          SHA256

                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                          SHA512

                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                          Filesize

                          17.8MB

                          MD5

                          daf7ef3acccab478aaa7d6dc1c60f865

                          SHA1

                          f8246162b97ce4a945feced27b6ea114366ff2ad

                          SHA256

                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                          SHA512

                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

                          Filesize

                          1KB

                          MD5

                          36e5ee071a6f2f03c5d3889de80b0f0d

                          SHA1

                          cf6e8ddb87660ef1ef84ae36f97548a2351ac604

                          SHA256

                          6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

                          SHA512

                          99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js

                          Filesize

                          12KB

                          MD5

                          234339d6014eede8840a3c25d735be3b

                          SHA1

                          b3397d2d4657abb4432b88beb047b4707a636bb0

                          SHA256

                          1fa5696750d579ed4028aa699fd1fb45b264384524f110f4c0e588cf448ce079

                          SHA512

                          202ef68269d7035e78d3dfa083e585f09d9f0d0cee6366c77ce811e1aa61015eb90144c53977adcb89e405a1f6505746833af67124735a66b30eb442817ffca9

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js

                          Filesize

                          8KB

                          MD5

                          f7f48f03503fc5a64c5ff6b5ff2247e4

                          SHA1

                          70f86909a7a37027f7116815cbf744f8b85598cb

                          SHA256

                          ea691b5eded88e8d5175058f26b4ed2b550fc5cf8595ef535e733c61c46be89c

                          SHA512

                          27c41e7f31a1c57bc383aba082031b298f0005a04ada8abf929712973160c30d316276cf6d24b1a5e6487629ed4850e61a9329932e3bbf853566610711259cfb

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js

                          Filesize

                          12KB

                          MD5

                          7a1bdea9cd219fd163fefbd33e05eebc

                          SHA1

                          9dd024e847568ebcd1a98cb28d74e5824825c3ca

                          SHA256

                          334d0ae6d89559ef4d771d97ceb5eea745410c92e2d502c1e7605c388cf64ab2

                          SHA512

                          a15ee8fe91bd50637f801becf5c8b6086c362af413ea991ba2e9b70e2f3051894bc3e62010f9762bc902145a466017a2289f4ca091e101007958cb1e970d8a55

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\sessionstore-backups\recovery.baklz4

                          Filesize

                          3KB

                          MD5

                          ca93e755d8b4f993bf9886f1dd5c961b

                          SHA1

                          42dc93562a4710854c780cb428100b4d552ae3e8

                          SHA256

                          2e425b50cffb4b8ede90b1cb5767fd2c51d75a9221029fea77177485324b499a

                          SHA512

                          d6ed8853842e94b4ea411d831e5ebacefb5428d3342f3cccc2bec5e805a9a45850f1575251d081e0e8873d0be99bef3b257908b5ba5608ae55d50ac685020c4b

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          1.1MB

                          MD5

                          5a5d4af49e26c9100cef2d44d515068e

                          SHA1

                          3c5575047b31351ca7e89fb423f790554b4f58cd

                          SHA256

                          4ec3eea6c104b5e45408b33ee498a8b1dec28c2c5a3e083a85ff3463dc271ecc

                          SHA512

                          f3a40f495caa8fefe73abe44581c0518f73015e1228329a6d3ccad73d0f67b54c17b5c6ca9265ae66fada819844229ff1a21f4c2068fb22ea897ae19a520d637

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          1.1MB

                          MD5

                          ef9d98518fd185de5f7fedaa79540166

                          SHA1

                          dd07ff61533cde872097fc7de8ab98df283c639e

                          SHA256

                          53aa0e55225a557ef1283eb7d1e016e35eea7c0c261e487e89b3e19e163ce7a4

                          SHA512

                          da968e17d7fc9ff8845cd40bdc8ce416128865a1541561d218c795c73ec56fff68a2f5436e7ca31ff95b7b6c1ce31928c3ccc2cbe7b6d04d00a5dc6aae89e68f

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          1.6MB

                          MD5

                          0257d87435dcee8e8f6e8b76532526f9

                          SHA1

                          cdaefe19d15006e1140e9d85142bb48e802da1f6

                          SHA256

                          d391e6fe75976eed321368720b304d407943794d322073e626a26f8d41555bf5

                          SHA512

                          a679dcee08aecab2221339eb5d272f6fa50de1a895401b2aa8860bacc5f427f21eae8b6549c1ccf609b0c0ae0067c475e5fa854f41f1337c0a4ff1940dddc03a

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          2.2MB

                          MD5

                          8035d85321a1cce0842fd7c3265d0575

                          SHA1

                          b8792afa0c0ffc803cbddf876ac175cdb0037982

                          SHA256

                          6a58b5015b32f9dddbb1e2285b0aa7efd210dea64e53a3677b86b6aff1e5d8ad

                          SHA512

                          12969797da841843e903d047cf050064d5b0feae7cdd4aac0a7c2e3e021a7fa41ba095d372103e1585a1fdaa71fe3dbe79da3db9f6bf2215568f98435bfd3de2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                          Filesize

                          2.2MB

                          MD5

                          695c66002fd2be1055117b8308df13e7

                          SHA1

                          c67b12c1c252f99805f6210c7a6aee634e902219

                          SHA256

                          13138543eb3ba93d726efbb61064c34467ff54b25d12174c0b5fe57d7a34fd29

                          SHA512

                          699c7f462e42ece728976f607cc9bad86c8beabb5128a500c7bfd7e844ec32f0f760c8970791426027d6f197a45ed98dd96477ae5090c224ac312e967659fd8d

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

                          Filesize

                          64KB

                          MD5

                          6c23041fe4b1ddbd06ab18b8bb9a691d

                          SHA1

                          b0385b7a54b37b93758399b761e308117b9471a5

                          SHA256

                          21fdf51f99a3913cd5e3fa6f8c83a20d89e89bb254fd6ebb10c2e9c69358b99b

                          SHA512

                          cc7c7e78a27dd2717ec920fc4c5606d5ea7cdc880a0dc3d158aa70b48419f8e08dde4e7f0cc47e423bbd1797f034847b116697e8afe81fd40c5a0e32a01df256

                        • memory/4236-383-0x0000000000440000-0x0000000000A06000-memory.dmp

                          Filesize

                          5.8MB

                        • memory/4236-384-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/4236-397-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/4236-404-0x0000000000440000-0x0000000000A06000-memory.dmp

                          Filesize

                          5.8MB

                        • memory/4236-12-0x0000000000440000-0x0000000000A06000-memory.dmp

                          Filesize

                          5.8MB

                        • memory/4236-13-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/4236-3-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/4236-2672-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB