Analysis
-
max time kernel
544s -
max time network
542s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
30-07-2024 19:23
Errors
General
-
Target
start httpswww.dailymotion.comvideo.bat
-
Size
47B
-
MD5
2a565f8142203f2f7df3ca43f8b55081
-
SHA1
e0dc0fc6274234e7738c246dc6dcbb4811c49417
-
SHA256
5c6fabb375f1b5227747c2f22868f552ab696881903591632de43a6a46c99dd5
-
SHA512
b0af1e521f95719718a0dd0015c47b72471d8b4bac918f527c854726994f06cf03a44e85454de56f18fecce670608ecb268b4e19cb30c90a04fcc5284baa1311
Malware Config
Signatures
-
Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Deletes itself 1 IoCs
-
Drops startup file 6 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Drops desktop.ini file(s) 64 IoCs
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 15 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 29 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 17 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 2 IoCs
-
Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies Internet Explorer settings 1 TTPs 7 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 27 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start httpswww.dailymotion.comvideo.bat"1⤵
- Checks computer location settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.0.1702982628\831283148" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e428850a-daa6-4623-8a59-9429d774f32e} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 1776 29a2f015858 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.1.584198684\1434295366" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da968a15-0025-45c4-b6f7-81152b1039f0} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2132 29a2defa158 socket3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.2.454151853\151350607" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2868 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {767a8c33-8844-4aee-b28b-313a30e74359} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 2860 29a31dcea58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.3.880203455\1317107631" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3d14324-a380-4be9-aa00-428a21d2b4ab} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 3492 29a22f60d58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.4.1816811308\847760575" -childID 3 -isForBrowser -prefsHandle 4244 -prefMapHandle 4240 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8567bec-2f60-431a-ae5f-c871fe9cf72b} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 4256 29a340b2358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.5.757565704\1599382461" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4860 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {54e4ec29-a8b4-4da4-88fd-04413ad8ad77} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 4876 29a34925858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.6.1679270290\2092662785" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {502ebb82-acc4-4c2c-af90-c602f8257b78} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5016 29a34924058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4912.7.568752860\469657361" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5e33e0c-918a-4ebb-817e-3809dee57524} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" 5196 29a34924358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"4⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.0.1529995496\1540325185" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1620 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {427b6a15-4763-4383-b961-f4a29ab6ee32} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 1724 1d3751f2558 gpu5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.1.1699234483\1890398527" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1888 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e75bbfc1-bd51-4aaf-b487-33915fea751d} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 1916 1d375038e58 socket5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.2.840499375\1297750247" -childID 1 -isForBrowser -prefsHandle 2128 -prefMapHandle 2092 -prefsLen 23650 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f395cf4-b48a-4ac4-861b-c739a9e3c098} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 2604 1d37789a558 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.3.1425269032\72628667" -childID 2 -isForBrowser -prefsHandle 3300 -prefMapHandle 3316 -prefsLen 23805 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd30b146-15df-4f41-9f98-120625b2fbb1} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3524 1d36b270158 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.4.2092348208\2128296863" -childID 3 -isForBrowser -prefsHandle 3052 -prefMapHandle 2784 -prefsLen 24887 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15354e24-ab42-4a42-962e-8e7ac1d0669c} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3540 1d37ae9f558 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.5.221582599\1712807171" -parentBuildID 20221007134813 -prefsHandle 4124 -prefMapHandle 4132 -prefsLen 25821 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67b7aa8b-dcc8-4667-9212-08762e02947f} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 4152 1d37cbce558 rdd5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.6.298531774\15169424" -childID 4 -isForBrowser -prefsHandle 2508 -prefMapHandle 3192 -prefsLen 31954 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b11f032-5718-4d2f-93f7-2bca6998562c} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3184 1d376947e58 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.7.617876677\1991425433" -childID 5 -isForBrowser -prefsHandle 5036 -prefMapHandle 5016 -prefsLen 32126 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {892f1e61-190a-4d58-8831-68f59a1fb791} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5008 1d36b261358 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.8.1986404252\1059236466" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 3200 -prefsLen 32126 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9968801-2250-4b92-ac7c-2d3f704b1846} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 4792 1d377042a58 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.9.246921213\60495469" -childID 7 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {feb49a92-77c4-4fad-997c-e41253950a90} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5468 1d37d590158 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.10.402779621\223393683" -childID 8 -isForBrowser -prefsHandle 2736 -prefMapHandle 4528 -prefsLen 32267 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea3adb85-7eb8-4e46-91f3-10356ca6b831} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5732 1d37b3e8058 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.11.189566201\1759029480" -childID 9 -isForBrowser -prefsHandle 3980 -prefMapHandle 4140 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2e4861f-2ed1-4657-a768-7d3fe08167af} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3972 1d37d5d0d58 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.12.106454337\690951923" -childID 10 -isForBrowser -prefsHandle 9868 -prefMapHandle 5608 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6cb9cf2-0865-4e83-8595-edf4cbbd65be} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 2168 1d37dec0558 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.13.270374301\59260896" -childID 11 -isForBrowser -prefsHandle 7572 -prefMapHandle 7568 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {875f03f1-0d1d-4133-bb1d-89ec23279703} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 7580 1d37debde58 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.14.850557662\1675758592" -childID 12 -isForBrowser -prefsHandle 2120 -prefMapHandle 4976 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7f98d7-b9a9-40d6-bdb7-b8f9c940ac96} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5940 1d37dfee458 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.15.1469751097\2078836130" -childID 13 -isForBrowser -prefsHandle 7224 -prefMapHandle 7220 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd523e4d-0004-4ada-b9e0-3e87e988291d} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 7516 1d37d548558 tab5⤵
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"5⤵
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"6⤵
-
C:\Windows\system32\mode.commode con cp select=12517⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet7⤵
- Interacts with shadow copies
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"6⤵
-
C:\Windows\system32\mode.commode con cp select=12517⤵
-
C:\Windows\system32\vssadmin.exevssadmin delete shadows /all /quiet7⤵
- Interacts with shadow copies
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"6⤵
-
C:\Windows\System32\mshta.exe"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"6⤵
-
C:\Users\Admin\Downloads\CoronaVirus.exe"C:\Users\Admin\Downloads\CoronaVirus.exe"5⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.16.2125326951\189146787" -childID 14 -isForBrowser -prefsHandle 5432 -prefMapHandle 5988 -prefsLen 32860 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e3114f-f102-4f86-a91a-73af1bff663a} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 5752 1d375426858 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.17.1534570535\1747957860" -childID 15 -isForBrowser -prefsHandle 5380 -prefMapHandle 3000 -prefsLen 32860 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be7b62c3-ba45-4b65-af92-2c68df205b58} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 4768 1d3755d6158 tab5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3336.18.804496584\1912167147" -childID 16 -isForBrowser -prefsHandle 3092 -prefMapHandle 9780 -prefsLen 32860 -prefMapSize 230321 -jsInitHandle 1220 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b10171dc-a084-4686-b599-0f69f67c44b3} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" 3100 1d37702db58 tab5⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\08b44331966545f8b8dc5d0a8fbaccf0 /t 41424 /p 414201⤵
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\6c4c4162b7c74cf28c6a1b901e204a53 /t 41388 /p 413841⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} -Embedding1⤵
-
C:\Windows\system32\Clipup.exe"C:\Windows\system32\Clipup.exe" -p -pfm Microsoft.Messaging_8wekyb3d8bbwe1⤵
-
C:\Windows\system32\Clipup.exe"C:\Windows\system32\Clipup.exe" -p -pfm Microsoft.Messaging_8wekyb3d8bbwe -ppl C:\Windows\TEMP\tem1233.tmp2⤵
-
C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe"C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe" -ServerName:x27e26f40ye031y48a6yb130yd1f20388991ax.AppX4vyq5e9tkwa75gjkqsjevyh36d6vk0pz.mca1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops startup file
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\explorer.exeexplorer.exe1⤵
- Boot or Logon Autostart Execution: Active Setup
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x0 /state0:0xa3a65855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\bootim.exebootim.exe /startpage:11⤵
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Defense Evasion
Indicator Removal
2File Deletion
2Modify Registry
3Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Direct Volume Access
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.jsonFilesize
102B
MD57d1d7e1db5d8d862de24415d9ec9aca4
SHA1f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA5121688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.iniFilesize
174B
MD5e0fd7e6b4853592ac9ac73df9d83783f
SHA12834e77dfa1269ddad948b87d88887e84179594a
SHA256feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122
SHA512289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.priFilesize
171KB
MD530ec43ce86e297c1ee42df6209f5b18f
SHA1fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA2568ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA51219e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\2717123927\1590785016.priFilesize
3KB
MD5d41e13c3ab092e01760faad6db7d73ef
SHA12503b4005077df06547b25bd3681f69aee591953
SHA25629f9d4b3d2caa4012ac5e8d47fdfdb713d2e9e633b4ce3a3a127cd5896913eea
SHA51235d73f4be9f7ab65e808ad81b22582d42ee5c4f0c90c70987163ab30a1943910d3a3cae8c2e8aaba1ebe6315f4023446b84742c7df4a1cf8e5ff362d85ad5abd
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.priFilesize
2KB
MD5b8da5aac926bbaec818b15f56bb5d7f6
SHA12b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA2565be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495Filesize
9KB
MD5b41618ef456d70a4d355d130f9262c25
SHA16474a8ac115e169da4ac5060a37bb34e3ae8c252
SHA256ce4d0f70c60403bfe3b58be6aef86a3689536b7ec7bcce4529443440e5828503
SHA512fa8dac242045499541d79ac9279201883f1c4563fd8746d805c54935d57caeee29fcc31123d9a2e8e141f98c1ea978160d6e83eacaeeb1a22a7322ea907f970b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5FFilesize
15KB
MD53920ca7447980f9ff036e81ed817e484
SHA1a85c7708e36a0f4b79c615cb595f6883d689e930
SHA256fd2fd996f863a7b9b019d4099c66536499786ced3158e12c2d1958d5cfd3f01d
SHA5129d6edfb55ab9aee8557a127da0a0de8b2613385a219b5281bcc886842e427c61606b9c00f81af923dae6253b89d1daa5a17f6e13fddcf97cb1b1e382bc98f87a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937CFilesize
13KB
MD50c7ccaffb85143f2b87db7d05aaa9400
SHA1f0add03bb79b1de89ce7483313293bcef398598f
SHA25659f6090604168d52a5209aa8e864341c194652b946519431dd4daae3384a594a
SHA512ca14af553d60015af7b9807e4c3ddab780b9da546df6587210b54c90536c9420f6d16065f7a1381532f4f1ba2beae1144bb21ca564a3dbac04692fc715f2ccd8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.binFilesize
464KB
MD5b1c0b3951a7abee30fb0ab72941beba3
SHA13d996cedee1d6eb87d144f8e220d41740978247e
SHA25641edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f
SHA512dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.binFilesize
7.7MB
MD525b835313a9644c2a7cbc6c250a824aa
SHA10d6d394972282481e4432f96ffb113288e1a8cbd
SHA256c8481abad4ddb24f99ba3c24ce8c3a68770db793b141787d0c3ae919b521da99
SHA512c60d328fa956adb7178980c5a8cae865361f69b48fb63012a0e0e39d3e0d5dc3fa6a3d77b126d1d6494fef1a3c42d18d4c33aa399bb7f1f02506d39677c4d76c
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.binFilesize
2KB
MD51b56104a4f0a0b43d3d6ccedebccceab
SHA10fc13faca49bf572d627c91b17491e8e8ffb5a84
SHA2560d8d296609b534ec0279ef25b87b15bedb2d8c2d65d31cdbf855911d1c89fc06
SHA5127fa856800e87b9795983671670406553b92139069597a3092b2fe38372e7db911a71d2ff27517effabeb372157e47f36b9f8a5e6e49a85efed279ef13ce71218
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\activity-stream.discovery_stream.json.tmpFilesize
23KB
MD50a2c773d0d4f63b2963bd1509aa7e203
SHA1701f73e7b474923ddd8309e8e3777d20ef745427
SHA256f93d9ea1f437429ffa97ff25b6c61e26f8f4ad2b877e3ef810e60fb7d9dc4da5
SHA512e3dd0642591217c6daf92ad525b1466817c0ad78da6c635121ce268ecd8808f19916b35577c8643f0a7fc0630dafd50bd0810803e18525a0eee2e613067dda42
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\doomed\11737Filesize
16KB
MD56e1a65b3c019f8ac67bbf970a730e865
SHA17564bb8b96be2432179743ffc3f6ef089e962e90
SHA2568255bd894da5f7991ec906a42b11222688ff2406ffcc5c752a37af37c72c9e0f
SHA512b2d65c3bbd5de4acd01148913dd01201197ad1d4bd0e7243ad325cb87a63c2db71ce1bad2ca4715c7a0ed75d6a7127242e05d40d404347d7e920a071149f5f99
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\0A73C6E23F02820E5C7F05AD9890531BF91D87DBFilesize
111KB
MD56ae990bc570ddf4ef8c4e6bbb94f4a73
SHA14a8e6d69d0242682963a6e8fa7cc2e6178ed02a5
SHA2565c15ec10620c46f0f6b5c97127a5b4527c4e86fafdf93e29dbf55d723311aa9f
SHA512ad2203241e803f76db2eddebba3937ca08fc5ba420ab389ecd64782b8a15cb9fd3e8fea0d2edf26908cd5c8b0728924e66c762dc65401f0c42b7680b0796505b
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\0B53C302F6A45D03A20551BC6C1791671BD91106MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4Filesize
1.1MB
MD524cb35fd146a546cc8c2cfd206789367
SHA1f2e7daf6de720cb7a3360ac7c108d036b75f63c7
SHA2567ee15f2dcc3dbea08fa78038e95d219bdad3dab7420b0f74510678c296eb9ff2
SHA5128e9fd5099bdf8607b6198d381ea7478f54d5d82de1d94c97d24c3b7779f4498e6056597f65c6c9cf54e7caee3a87b86941aa753130401964fc95714f0f701bb3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6Filesize
2.0MB
MD571f84351691c6b7c6035ac3d1b7bd305
SHA1e0d2c948dce948aa88cf300fe365179f69e252dd
SHA2562a4ed4a43aca2a10902622e520d3adfff99aca0d623ee0ac7b4e5a4852d397a7
SHA512918739ce89b41d5a775fafe0f88dd912e47294e22cef756677676137b6915d9d2a4db27a210943566011055e468f56005f061f4ccf71ade6cc97e22f8fa18ed8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\98AF737DD946CA3B37F8CD63EC1E1756F57F2E19Filesize
68KB
MD5b3b3db8e23049bd8eb2a589791b6a429
SHA1e154a6774671f6e6e534b3cc8e41f3b63f48c179
SHA2568320405a42e5c32444df6053d8b40ef81af2ed3c77af24025f529a4b6b778068
SHA512f6d3c5915966660a087abca1d055d7985b6d4f0b906ed1d1cb41b60b0f5e13cc005d5392c4d70887472b1e4c0de4c50effe326dbe030957ccf7b56afaf4194f4
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\9B5B2C1CE0BF92E80C0F618DA32E2F7D8653A4A2Filesize
197KB
MD521393fd86c2234cc149769f5b501176d
SHA1ca1dae4298c87ca1255c521022ef241425ef30ce
SHA256e26bd1c3ebf6e5d5cfbb498f251f46457fe506bd5afcf4dc70b860fefc2327fd
SHA512b4ca67e555c920f1b8c7f92e5e2a5ac59b0d0ba7e0d41c555e7d350bb0cfb404e18d0ec07a8fdb40e0248af1c570089b130443d17bd19b5d97df0a5165b52dc7
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\cache2\entries\E560318F02F0E2FD35176F9FC365E72D99E1B64EFilesize
96KB
MD556be80caa1637fc7d45cdc90ff2c45a1
SHA114f2924216c4914681bacebe56a48bece14c8dd9
SHA256c60ef2eb135700410572d56ab653684b509956c57495fbe915c99e6c3790caa1
SHA512e2d49efa5a37c5aa5bc46d1d2c495ab395a24f8afafba0c14f3a5a14cf82e0af861dcad142f1da3456c42ff78aad099cb29fb6e596c01b726eff661fee2e841e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalCache\PrivateTransportDataRemovalFailureCount.settingFilesize
1B
MD5c4ca4238a0b923820dcc509a6f75849b
SHA1356a192b7913b04c54574d18c28d46e6395428ab
SHA2566b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA5124dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Messaging_8wekyb3d8bbwe\LocalState\SRPData.xmlFilesize
397B
MD502c4a39bfaa0c5948a64da615746c577
SHA10bde299ed884cbe410368e6eb13061d7eba7ed4b
SHA25651156000326d4bef23a164484766e02efdd9643fda057268a667151aa15eddeb
SHA51201fa92b72ffa9d6d7942a21995fa447958e03bff8107f5b28d9ef26ca921d7d4aea5cd2cb80cb1513feb94c42f2a242f232ce6a3a66215c030e5b5c39e22e270
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF61497DAEDFF55508.TMPFilesize
16KB
MD5361a84a2fdb7c60b75f7a158dab2aff4
SHA14d1c131decee7c86c4a4dd76fbc5d4840f4d2730
SHA256185bebe0b333b7c28ac4bdad97a1ae57b9e8e422a5802f85c70780508f554c90
SHA51217d86e9e071054acb2772f6e994e67cfd3c9b6bf69fe055e02228cc9673ce4848eb103373379a537ba7ceffb681334ccec2e4f54efd78662b70d4115d6455e40
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\D1ASO0I0\microsoft.windows[1].xmlFilesize
96B
MD596383634a487e9b541976168c00dbc11
SHA188bd60d9455b7ccf3010c01a1e9f307825d19de7
SHA256f8dc20bd5a9706023873f3eddf3ca02dc324db9ab055edb4d41b2d09babc6d0b
SHA512ce855737529352d441bd567e96379d4401fc3d11d076638ba7376814efcccfeea12fa23183b3d3c93d941ac127d2731c86c6ef56c28255f06838d3209428ad21
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpgFilesize
14KB
MD52257fa8cef64a74c33655bd5f74ef5e5
SHA1b9f8baf96166f99cb1983563e632e6e69984ad5c
SHA256ead48b70e048de6ccca219a229ca90b49a9d1b9c14bf3a7c5eaad544294fcfd3
SHA5127792be9b935a46a923e97bb76b76957070e116dcc4cb6fcd8b883c2d6f142285ebc9fd26cdf29bd19c8bdff412487f586abaa1724332b613e71afa45d7f3e4f9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txtFilesize
163B
MD5ab0ea627f49ec7405b992f81c2a525a5
SHA1b69f38f75fc955d9e10da37951455b24f3658292
SHA2560f140cc566c033e5dabeab6b36b6bdf404451a39f50d044805b4523adac0f32a
SHA51272332b818d28299c49cca6af0d92ec5060be62ef3a9cd73a349c9004db831f180faa1c34e5353eda4a899d2d504949801b534c84eadc2b38aa746f2560094ef4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txtFilesize
324B
MD5760c3329b7060aa058d99461269f06b2
SHA12258c8866812448bb169ecca5b64214cf1b78ceb
SHA256d3d2a569e22bc7c09fbe850ff4538649ed17498ae7670b1e0e7022249e005aaf
SHA512166b3e020ad129a20672ccaad6c9b4565ebebf877252fbd4ab286475d39c870795841fcc28524dbb05caabecbb13ceadd0bbb361017acca26b57535b5c4e4049
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.dbFilesize
224KB
MD5888c3966239de849919812f8b8c0fcef
SHA13045fc320ea494443428fc6b32862cd652634a1b
SHA256e7a1b170ac84e909d37ffb8ca99add2698e1c82843bdf382c51c919c0503ea3e
SHA512b3eeacb3578fcb435fe4859d9210ad1f3ea86db921e584ee0380430e70c533fd6ebe3ec10d600817495cd0a8dc1f487e97ecb43ec00762615bf41a299ab9d450
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.binFilesize
4KB
MD530dff4007ccec6ceb023072ac0ae0827
SHA10f246baea494703fcdab6ef30fa6c450fd7b09a8
SHA256ed4754d80adca24add6d2dfedfb72a3663a3ce2dda53c66c4d75d87db092cb17
SHA5128e8bd02bba69d5b7bec78409272939699c00b4d081716087c7cf9e848117cabde0a6d6af7bcbbfe457740cc0d10f597cfbf06ea98bf332d55394a2721d5e8c4e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5f3082e6f2c9478737e72059bd3f9a3f7
SHA17272cd5de1fc51fd90b9a34919d0289bd984366b
SHA2569600bcdfc6afeca1148b7abfd0b74d122ccef255be3561c818f408c17e4ac505
SHA512cd7cef3cb4b4bf5ec819ef0dd652cb304f322b30c934fda941db7c48f719dada6380305b34fe8dcfc14151d2927527bd4f59aaa97ba7948ee3b81cab086591e5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\0a40a555-608e-427e-8a24-56f6ec2d0fefFilesize
746B
MD5b019e51082b5bce3a774b7cec424fe0a
SHA1060b21dca843f047537d596a7070b4fc7a7e1f19
SHA256be41168c0e6bd02c7442ffc49ba870211bf565026e8280bb7215c8f41234cfd5
SHA5124e5c37fffebfc074be5eacbac27d15ee9c5393080ef6526b00341e44f21175d27906ff4dd81a8ddc42bf545c84fdb321d068830a89b4baeab564ec7cbe15ccb2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\c0c64d92-1edc-48cc-90cb-98ec422832c0Filesize
10KB
MD58c2090cb64ec064e1d3c9bd3c5cc3022
SHA1cb4c21fbecd33329b8662cb52b6c0a50574837e8
SHA2569224f24083ab7e65606fe9409cac96783ada56151bf28eda1896a92048ef67bb
SHA5124159a3b9583468802e60a3038cfb90c3acc15a20183845f81102e6482c0ba16c2dd194031537deba8f75de35a5dcbff4b1df401031eed23632655f7cb213372a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.jsFilesize
6KB
MD5c55402ca8807e43b24cf2be052ba3726
SHA1eed3572cd2a73061a215a22cc4049caed18a6e71
SHA2564efaf460501ba5a5384eafa5d121ad530d8cd8a0685798eb4561317cebdf9157
SHA512b5490e8e7b4b3da21b2fa44dc3c63b647647700ec46829e4e9b914e42d2149cce031304975b897b34a0e62186666ea525043ecedd3d8bc90c262e3bb0bb8f595
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.jsFilesize
6KB
MD567d7c0768575453b00bf036d50097d86
SHA18dbda4d46835d18cb9ef11ef06671c10c76fd9e2
SHA2562852b1801a4142dc3f6b11e9fcdb18475a6b64e82daf2a37f6bbb0b7d05d9023
SHA512af16eabd0857ce6952b28625e924065f7d1f796bc3ad3e94325c40f3d8da5c4810a88c0fcb21c6e310d12e588f32ef2024df4d7bb4f2953a37a5dc1324bafb65
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqliteFilesize
64KB
MD5deeced8825e857ead7ba3784966be7be
SHA1e72a09807d97d0aeb8baedd537f2489306e25490
SHA256b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54
SHA51201d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.jsonFilesize
288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4Filesize
1KB
MD5385c63af9612d0a4db181d39e1894d17
SHA1c9a59f3c7cfb973a33f2cbade0bd1907b51c5508
SHA2569da8a8d4e4887846f5833ccca49286b5c0aac12847fc757c56feb4cb0bd83090
SHA51227a3c307e4113757ea6c9e2b06af98a65956ca66290d530049f81421d15c751f647c3fe9a3ec65652f8bf89a8b2dbeca72e327ffafe4f9861372ebfa571fbb38
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteFilesize
48KB
MD518b5950ca2cef2b0a4bf6d300928c60f
SHA1f95dbd311496dcb1b2d8f03b110a6ee2d17a3d37
SHA256d0140ced5ac89fb4cef12e2b29651ef8b6b5f5ef069c646ca32e7c14f9d6144d
SHA512d9af1da08bb127187ee818acc2bff5405cf536bef7bc91beb4f169cd978dafc1bc98e606e0e8f49a68754d672c246f886e2193e4865485329b1f7c792223c7d6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD53018d1aad8385b734068dbad441e344e
SHA12a3925bc92ec843db64b6db2cd6fe18ccf084a86
SHA256f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88
SHA5127ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\containers.jsonFilesize
939B
MD594a3843fad8c45c48b0e07342df3dfdc
SHA1d55b650208bda884d573afebd90830a3f4d7c201
SHA256854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72
SHA5124d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\datareporting\glean\db\data.safe.binFilesize
2KB
MD5bf0f13d3a5bf7d5e189a90c8f72e1fcf
SHA1c4833652a2c150b0b8b8ebafe175b5a208dcc08e
SHA2564bab6bc2462d851060c6aa269b4b5fc065c9111d7a5e8fa158131acb93704506
SHA512ad93e638a0dc74ecf3d7c00be46e70718e03caef3fd6788d171ff6839fe95deb0717426d4d030e81c4b5fc9eb40c5e6e62d36dcd0b0b7f7abefd6e52aa58d71f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\datareporting\glean\db\data.safe.binFilesize
17KB
MD5369aea2a94ef4c160d3a169795e3d5f0
SHA10a27b8c1c04621f9e68b076c9fb96542b9ecd927
SHA256fb02f581ac329f02308b7f26175c3645024d96362136ddf274fd30dc01469d27
SHA5122b50d99370c2c137a71bd0fc1aefcc7f1d10d32ec18668821c59e1ac6bb0221d36db0201ef2b4aaae5cdb3dce0c288a7fe53cad379c8ba1cf8e25f084ecf6f50
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\datareporting\glean\pending_pings\45673665-ae1a-4296-85f8-f91307aa9fb7Filesize
587B
MD52b184e002d11edf0120cf4f1968b7a02
SHA155e531da9c1a490492e92cde4a56856de082b763
SHA256278fb81e7f2e31d1835f4eb6cdeddbe259c630e7d56ab79cd25645f5305adfc7
SHA512b0f940459466b7c1e2589c08373679cfc430b54d18bfd96898d67d273a39948d0c2366867b620cead64fc574621a73877b69369a99f70f3aa39e7ada945c0015
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\datareporting\glean\pending_pings\4da34cb7-2292-458f-a897-ce2fb352b175Filesize
656B
MD5bba77c1fb610da4417daf05249d23431
SHA17a03a9ee4d67cf460885e77151dd397c4f4a6aa6
SHA256374205abcac147aa4582c02e1e6cc1906009f3c228008bdd9051b5e4e99a5405
SHA512dc9be6a702174b7945002b1acf0a9755798307154110bab804c4f7b35e701a1cb642b533943a58f77697e20c2bea7d505eaef5ec989a1f367fbbae00c5af7227
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\datareporting\glean\pending_pings\ce0053a2-aa66-4538-a1e2-c3b8ed14cf31Filesize
779B
MD5e97314c979402fea2c0fb2a026b3df27
SHA167b9b92bcd82c82f35c5d5cf183c9fb12e0b08a4
SHA256cc649dd4588b8a0d277be699d2a9e0c15deb099d02337090586dfef0793e15f1
SHA51266b773557d6d3bc1c164c6f15a5ef43a8c6d80ab0a0d0ed2f466286d6acb830016909513453ff07c6b692e926e6bb3b0ed52190bc4da8769433b4fd26374f509
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\datareporting\glean\pending_pings\ef4e6307-5e68-4547-b67c-0f653b136abbFilesize
1KB
MD578e95f52c317ed5fdaad8e953c572d8b
SHA1116c77c54aad1518bb88611a512891937236116c
SHA25687ca386813b52362a425cff33b78bd11e8c37277810ab27d407079ba084731f5
SHA5129e547ef5b61d9d43db7435a4c4d3c24f24d70c7d4c45da066dc34c8be1c4f7fd71a96438684093302eea1281383dd3b379cddc055397d6d68a1c9b2e64bf3ab6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\extensions.json.tmpFilesize
36KB
MD5d1c3db5a90cd93be84432f417b040077
SHA14a6a4ea86737e93dc6bb8f80458e4ce91c808b7f
SHA256cd2be8e1b78af2e40dbad48ee138c47a86cda4806cde51e22ad1c3d983c23ecd
SHA5124827f4fdccb38724d9101a929cb9c6291438e88eded236744d3c63a5b32a3a32edf96d4e97a113c92d175df3776afd6c97aa85622e63ff0344269423900013ba
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\handlers.jsonFilesize
410B
MD5e7a65c5ead519a7b802f991353c26d3d
SHA134cc3c1cf9bd4912dba5fa422010934e46419fa3
SHA2560e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2
SHA5122a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\key4.dbFilesize
288KB
MD5e518510546ca4529f5cd1cb668b43cf5
SHA124d18b6070211f1347a848b1558b6d9af943fcc8
SHA256d8cf52de33499d50f757799408e39b7bdcf20b843871492050e87c037b36f7f6
SHA512d0ff1b6c9e66fa753049d5b76d38b3096d9164cd332a40fcf5dbb20fcfb4659cbb1728991d2ca6f9d46b01205aef9a2b4809963ee7f3417a73ac54009dd45a3a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs-1.jsFilesize
6KB
MD5d1987dc515afecec2a4bc17f4f26037b
SHA1287a873f2bdfd4070e7f1446a5edcffc79507fa1
SHA2565e9d78536bf5e98c220fedec5b915b7d6744eebd1106b6474e4b2b9f328434d0
SHA5123be322a3bd6bd906223c09853620bf14494a85ea640748022155dd2a573d77db7886c8b147c8046a2f757e106efb182bd36a31deb9d7178d4ce876dbbb738b3e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs-1.jsFilesize
6KB
MD5d82a1ba4d051de10a013cf947d630cee
SHA1de85eccd775c9dea8b34956027535f25053a695b
SHA256b19ed869cd080e9d8daad15e47d5eb091b18fb4bf894e60bd85d874667b30b04
SHA512cbf29a4971ed7257943766ecac5c29648ea52988b1787ac166c26a44e4e1dc84f171be551f90d408fbca3fe4c8077f27f871fb41bd0be9e1bac53c6bc3be4910
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs-1.jsFilesize
6KB
MD53b829330c75379ddadee4447b3e5196a
SHA11ea877d9a36584684a322e8fbc831eb022210e67
SHA25675c6ae122cf900c9f8330f96da44e390d039223238cfa3de09d63e27c86447b6
SHA51237e22fd6672732be0c2fc0b849ddb0abf9f2b304a935c2ddd68ef74550d644b1b77e618f040c37c5dc47d6d7f2ee96c1d86532146078b4d5081f710f8e7ae103
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs.jsFilesize
4KB
MD5b5beb671bce4d6e4225eb5d7cb896d8e
SHA1994680967c148d34604105929a1fbdbd94fecbe9
SHA2566fd86b31f4fd4d02ad8f906b586f5d93c6ffeefd43efd5241c963c3d966a5467
SHA512838e2916780ccac9140e80efe0b7dd8ab8f50e96d8099040b939f64c600746f24e7b0da3610f5999fc531a1e74b339521ddd994a596b979f67c11b9f03b0c911
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs.jsFilesize
6KB
MD56ee87f4de834ced126b0eb5d5429862e
SHA11008fc97a69fd358e0dd6d15e8b5e2ec96333797
SHA25647868f6c54c56e232812abcf6607e1f7885a928661a3f23e64a312bcac0542ed
SHA5122d7cb7bf44db0d821ebc98e3e530c40d8bcdff72727966a4152378e6d6529fc61e9acf5845e327981478686cc86abed7072d24d2f235ce7ae2a2b2f74d317a79
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs.jsFilesize
1KB
MD53c1cd0506b7ca122d49147763888e94e
SHA1057aa20424a8f4f2549163b81c093ad4c6840eb1
SHA256744e0d2f84ef426f9c75110818c14101b6a57634bac16af3d45e72a8faa66f33
SHA512a85cdcf8b0a4e8da140eb1a75827b0a2394d33ca7e39c291d2bd63a25e1f9abb86ce1ae26a5073861a39041eed30f2a6aed4cdb465d8d7008cd65a3555ca39a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\prefs.jsFilesize
579B
MD54975ad0a555ed22e5ad5aaaaf8100e86
SHA163ca75b845088fb227cc48f77ef940b3aafa479b
SHA256191c36b735e89340fed0439669b8e6ddaaf1b531a08dd1d02245a5c648411c33
SHA5124b529efb5a6f31b8830ee618e8858d94a1d5ed0e1452c49c578685ba7a3ff224752bb728196900a60cf10f0ed63a553a435fa597d22632af2136b1ba281c20a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\search.json.mozlz4Filesize
280B
MD541d220d4783f67d2b57beec20c135229
SHA16e97765e77920b6010fac2cb4abf1e3cea106541
SHA2565d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionCheckpoints.json.tmpFilesize
146B
MD565690c43c42921410ec8043e34f09079
SHA1362add4dbd0c978ae222a354a4e8d35563da14b4
SHA2567343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionCheckpoints.json.tmpFilesize
53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionCheckpoints.json.tmpFilesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionCheckpoints.json.tmpFilesize
122B
MD599601438ae1349b653fcd00278943f90
SHA18958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA25672d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
8KB
MD5713e5668505dea5053065d8157a1d288
SHA132f614e74f40b79028f24313d58b3204edc99004
SHA256435109878e5b9518f95d0c064c82d099c004d5748fa585956e27ab123b05fe47
SHA51288c998706eb1509e54c6592b3b43c5911bf2e09eaf46e122cd0f155843753e66466607411da209758f24b31e5d6bc57a04427d616559e85df88600b68be9a5a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
8KB
MD56e88d40aebc5badce7a957d04b577631
SHA1c4cbd9350471e479b89a5ddadb3290c485ca3f5b
SHA25638e6bf3c6a28b5228ba19cb710fc79e20197faba9ebeb6c46cbdcf8c464450c1
SHA512c048b7040b16ca75b95ba41c850e1a59f70e5f701db971ce78d71e81800e7b367b90428580e809c0a355b3f7d9f93657ab22c3754cc663a3f00a17bddb3e1f10
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
701B
MD5958809d38f570c545974e4c4be4a8e0f
SHA1931dd3d2b6067f0880b6b62001a8350b06b87e2b
SHA25652c6c21883d580f2b362068e4c5cc8163ce9fff38d0527dfcb2f7ba0afd5477f
SHA512b6559669f6d6b287f21a99bbb0e370ef615b2659cc9ec05955ffea3b979fccbf46c42fadddff099a13ad8dcf194f4cc86968be663121d23c0be4f60fcb6b360b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD5a96d44f777d7b6088cf4d1873f71444b
SHA10cee2cc00e83d780df2945468857a0601b65bb54
SHA25653b0a5af5a2dcc45b260a9fb415fdda24fa2aa9a64f33709163282dfb23dee55
SHA512ba08dc2c9f05a9e80947b2d4d8597a70ed17557e5989e2de5f1ae2045ad3f189bb6528e6607c8beac709394f27038713e88d1f556610129652802190fd272cfd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
8KB
MD5b5813ee8e6cec963ba1bf6334985ae54
SHA100101ccdc38e6c2f7c1363506f101fb2b76f0f1c
SHA2560f84ba58b640db271654890ef60a2ca5449c76f7deb4356bd6d8153d1f78c648
SHA512551d6429eaeff47f25e52da600d8115e09b8aa672969ea7e6769662452d7a0e89f1f64e82baad939d1ec60099b74e1504c962a42ef090a8bd3f5c908a39a5a3e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
3KB
MD5d9407d9d50bf8074744869206c1c24c8
SHA13ff9ffdbf15861cb56070986c8d2ff849eda4449
SHA256ff737ce13bd2ff5fb286c8ca5b5b6da97aefe314d34dd3277bdf53dc3b57e642
SHA512acc36676cb5a68dee02bd42e5bff2a0d22a553249663f7ea9d5a4bce37d5421654a0f2051cc4428ed491a64bf70cd0548cef28a81ca088898684171e6b5c1c74
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
8KB
MD5ad5a96eb6f7426aa84301c9d0c7ed09b
SHA170a8fcc022a102eb781f411f9de875e2c1f1d1b6
SHA256f77221c7c967d4df901ccedb8f942d00441592b02a8a46a3cf73bc3aef8aa014
SHA5127050021a61dbb95f52f2988583d2dbafda2cda27094413914860fb9be9530b31694c0817b680fed09a3c03466565845cdae1ac95d5405da49617e782c3d3464f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD559375c43269743fe34de21664747a78f
SHA15f7d8df79d7fa81377aa423f06b390ab66ac4407
SHA256a5561dcf4e6c1af4aa60cd1fe4dfaa63e01c9cb65754dab29dfe5914a0ebea96
SHA5120dabc24a778b883a40da220bda98cc0d0132d41ac5b47444c3efe05bae9bf2a5b589e145335a79a9c4c77bd52803e151e732064a8b45ce5ec8a9fc868db38750
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
8KB
MD5a92489c45f535c6e6d5169259a890a70
SHA134bb95f7e2309f7ea1401248e4a002e5da61353e
SHA2563087e2042773baf4cd460ef5d84b2bf707212ee2730fdcbe90b765acbadb6959
SHA5129f34cf6c7a2c22e3eb141a65403886df497d1ef3c93a6d0c2ff570a5a1f7f0b67379c348fe14bac30a47cd1739b738d428bc3572f790722efe5d72da652cbabe
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD542f6160c47b84630e724b08a37197ffb
SHA154200f92165cdd114cd1e5a5e86790d43d09a121
SHA25675183a2aa534deff980bea1a8f4596bc6633f9d76119547e28ea965db35426db
SHA51203a568a9cda260bea415a9e4889ebee30d19aa3a88d17fcb0d595d04f1488073524aed0d4b3b40a77e742ce67ba8dde7ca77480838bf94971b3af8e801df72de
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
8KB
MD52bc822259dbc82f93c367ef1530ce6ef
SHA16690e099b50a4b03ad8a0db653c28f58b4edf408
SHA256dbdb759937a3e42275a8d3eaa01160639634ed1a4b9bf886c9a0fb7765743f70
SHA512b746247f5a0c30114f8b655ffc2794f77950d52585aaf005de29f4f7e56fa830567e0aace22dc9999fcadff7ccb686c429eb917a32b1aefd61b15ae88b1c29df
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD5165ee71fff48deb9d673a82d02676c6d
SHA1c93f2002207bd80cfc630459a876ed7c3866dcd0
SHA2567768c24fefb9e9004d409bd9ff50d4b7f418b829744a00d07ba14aba1791cdfe
SHA512c75a849e07f790388e4908d001eda11dba343d354ed0a5f2f4eb41b1c7bacab084441c58556fcafba7f953e559f9a85785834ce0b752c69d0ecc6b7c467ae14c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
800B
MD5b2738a97b58f762510be155cfc2f7d5b
SHA1b1cc7d5ddaa1ae6209cd7aa7f7de944d9284a5a8
SHA2563fd7597c49cc3e5efa69b104efd5f3f192240d976a12d35fddc740eb22cc213f
SHA5128c6f4f160ce905b8d18fb1eefbb9aef9988151c67c41a282af4e421021ec3a99093e02fdef96f28fa154915e7982ce673905772c7034f02921a7bf13e856733e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD5ace337a8c708fe1aa3d0c191f89a968e
SHA1a8e2b58a42b44d2e94d9d6ad467a1b0d2da3b0cf
SHA25621896b1f2a3d6d061248d189d0c68f25f213475c42f3bec2aa5ba5fec247ec4c
SHA512bcec27dd571b35b61809122c5368744f0ecb9df52b7a0bcfdc416fccc0b7ecedbd3ad2309a529a33d9c8dd393646c2971bbd54d0b001decd21b8d7b51d4f5d72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore-backups\recovery.jsonlz4Filesize
7KB
MD5b04d91791c496b3cc9b302c1868d65e7
SHA1e0029a0c1999042d1102460921a921035b47e4e8
SHA256448482763d4130434dda9d494cad6e61c2648dab76e031f0311d2328ce8c01f0
SHA5121660eab55fc064479aa574f11962dbd71c2d1925d150607a1803cc42a9cd51f7581fffdba4c896b0e93be3768b28cab628e67c1733f0f5a51de2298f499b83f6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore.jsonlz4Filesize
8KB
MD57a212ae1732292b5214898017bb5a8dc
SHA12bb9be5e685da71483f6465ff1de34ca53e69bc5
SHA256afaec58e58fad2f5b5d55a9314d6412502e897907c07ac42ecff2397064238a7
SHA5124e8299f42eae9a8468dfa072fe27a8044e164c5661040e432dd3731f0fe11a840679bd1e932f16f4dee3e49d315a4d5ead7fe8521ce23c42dadaca6398147592
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\sessionstore.jsonlz4Filesize
266B
MD54fdb7f9a51ba177262d07d38c0238915
SHA1f12c5a74467bf624164ac77ab7af517ce46ace8d
SHA256a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7
SHA512fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gwdm5xie.default-release-1722367478432\shield-preference-experiments.jsonFilesize
18B
MD5285cdefb3f582c224291f7a2530f3c4e
SHA1f816c3e87aa007b6e6d31eb6a4618695a7d83439
SHA256704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05
SHA5128f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58
-
C:\Users\Admin\Desktop\Old Firefox Data\6lk2b5bo.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqliteFilesize
48KB
MD5e22d991a158104f8d22b351c504f8e8f
SHA16c39e37dd819b132bfb18602f8c110af8d0064be
SHA25673232362d7b7ab9a57ac3de5ce2fc4e1c4c9d3cf98b1123a8f30b90b384337ec
SHA5127dd3949079bfe260d7e21ac224688ecdf580765f85306c33a1cbfde6c4b671bcbbcecf34e23e0ec850c7ed5c1506914ac59be9c9327673ab64acd894e2cf4d09
-
C:\Users\Admin\Desktop\Old Firefox Data\6lk2b5bo.default-release\targeting.snapshot.jsonFilesize
3KB
MD56ec3e953ce60dc539e50aa72cad39acf
SHA1b79859be5c1c1a45509b39a9fed6ac6cc0aaadf7
SHA256ce7d3f2a814d881dca0ed7a01125fdf56b297491ef1a01322c8e9bc741b453d7
SHA51266356702e465779e9143c424767bb0ead2c377b2b1b4c891ad745f71eed42a4d6126e35e4206958012505173c10e93990006884363ca4d2fc9b2c5e9e3b2723e
-
C:\Users\Admin\Desktop\Old Firefox Data\6lk2b5bo.default-release\xulstore.jsonFilesize
120B
MD505e1ddb4298be4c948c3ae839859c3e9
SHA1ea9195602eeed8d06644026809e07b3ad29335e5
SHA2561c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA5123177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e
-
C:\Users\Admin\Downloads\CoronaVirus.-A46gEsw.exe.partFilesize
15KB
MD51f2cbe7cbe780053c3f3ad00ff10de05
SHA1c5a551181270eb6fb5f6223994643d56d135475d
SHA25635dcf82f2b99910ec372543969fad5db099d8241bca439fdaec0fd413952a673
SHA512cb14d859f2f4ea6cf85217b90b2265aaeb22a91cd3b72b08ce44d261c830ee300f2b26fc24d8bccfab935194fe2adc049534e2685ef55ea46b056d42a521f94e
-
C:\Users\Admin\Downloads\CoronaVirus.exeFilesize
1.0MB
MD5055d1462f66a350d9886542d4d79bc2b
SHA1f1086d2f667d807dbb1aa362a7a809ea119f2565
SHA256dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0
SHA5122c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1
-
C:\Windows\Panther\UnattendGC\diagerr.xmlFilesize
13KB
MD570757bb715401d58378cefa1164902c8
SHA1bd3a062d175b954461d0f0f705520648e87836a1
SHA256eb1bd7c706c8294fb195901c8f0c653df6850504c913484f070ce13d4159973f
SHA51209b6d56c517f236a631c9cdd82ae997ddb44d28b9c7c458da77b279048245a7842f01543aecbfe1a3887903ace1a29e216adb5884e0f8d8ec93eb41d247ce821
-
C:\Windows\Panther\UnattendGC\diagwrn.xmlFilesize
15KB
MD56bc675f06be66914adda22b2ce6218d1
SHA11de9756fda5b118ae0176c91677bb840d3d26be2
SHA256e7ca993ddd707aeb28b1a8e8a90659f0500b5ecbd410a5cf72f9655bdbb515c1
SHA5126da375ce727f5fddc8d404fea136a4e45e7793c7c8c334d7ff60d8bd92533dd2d71be75a89699a67d2f282070df2a83497305b560c27e4af6fc5c3329662a333
-
C:\Windows\Panther\UnattendGC\setupact.logFilesize
52KB
MD5463544a13ef437d316db3b63decfd933
SHA1a90b97e87cc253ea2e5f8637f6c58c858dbf2290
SHA256ae0c5b0e088e30d9e1e0322b880d5a3140506dc45de5931580e6dcdcbedd9333
SHA5126063ccb5486924bc0f41c370968604886ccde13ee827c6c698de7523b0e79a847b029d24f6dba46c3c9e5bcdef423ba54d06f359791be52b68e054017ce49d16
-
memory/1444-73-0x000001DF71BA0000-0x000001DF71BA1000-memory.dmpFilesize
4KB
-
memory/1444-77-0x000001DF719D0000-0x000001DF719D1000-memory.dmpFilesize
4KB
-
memory/1444-70-0x000001DF737E0000-0x000001DF737E2000-memory.dmpFilesize
8KB
-
memory/1444-35-0x000001DF719E0000-0x000001DF719E2000-memory.dmpFilesize
8KB
-
memory/1444-16-0x000001DF74820000-0x000001DF74830000-memory.dmpFilesize
64KB
-
memory/1444-0-0x000001DF74720000-0x000001DF74730000-memory.dmpFilesize
64KB
-
memory/4604-45-0x0000019F7BF40000-0x0000019F7C040000-memory.dmpFilesize
1024KB
-
memory/5216-1802-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/5216-1809-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/5216-6298-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/6296-13916-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/6296-6299-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
-
memory/6296-17235-0x0000000000400000-0x000000000056F000-memory.dmpFilesize
1.4MB
