Analysis

  • max time kernel
    1661s
  • max time network
    1503s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 16:55

General

  • Target

    https://lnky.ru/sd0dr

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

  • Detected potential entity reuse from brand steam.
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://lnky.ru/sd0dr"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://lnky.ru/sd0dr
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3740
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59155a6b-53c9-4fe5-b865-1c5c80f79ab0} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" gpu
        3⤵
          PID:1880
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc10e39-54f8-40f9-bd57-683e4b4cb569} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" socket
          3⤵
            PID:3856
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060e079b-f987-4ac7-a086-66cf0cf9640f} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
            3⤵
              PID:4288
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2584 -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 3592 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42aaa6b-6c7a-4fde-8333-6954674cd63e} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
              3⤵
                PID:4312
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1548 -prefMapHandle 4344 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5957ac74-509c-4e86-84b3-e8501e99f822} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" utility
                3⤵
                • Checks processor information in registry
                PID:1712
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5296 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8c86e2d-491b-4a1a-8f76-70efa0e3ea5c} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
                3⤵
                  PID:3992
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5576 -prefMapHandle 5572 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52144a84-86ed-413e-af26-65444cde23c9} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
                  3⤵
                    PID:3604
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 5 -isForBrowser -prefsHandle 5480 -prefMapHandle 5728 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee006b9f-2ed3-48ac-b166-ad17cb6c04bc} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
                    3⤵
                      PID:800
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 6 -isForBrowser -prefsHandle 3188 -prefMapHandle 3140 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6ef0dc-cc25-4178-81a9-ac5fb7d76944} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
                      3⤵
                        PID:4872
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -parentBuildID 20240401114208 -prefsHandle 3156 -prefMapHandle 6036 -prefsLen 29278 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ead29a17-4b60-4b35-8029-9eeb0d02dba5} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" rdd
                        3⤵
                          PID:2440
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6076 -prefMapHandle 6056 -prefsLen 29278 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1587ae39-6400-4145-94da-c0502bac519b} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" utility
                          3⤵
                          • Checks processor information in registry
                          PID:4816
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4628 -childID 7 -isForBrowser -prefsHandle 3788 -prefMapHandle 5172 -prefsLen 28006 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ce5661-4c7c-40fc-8d2c-a4445c5a6cd6} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
                          3⤵
                            PID:4564

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

                        Filesize

                        20KB

                        MD5

                        9a5ce3be51d4d5f5b12168ea414e4e5d

                        SHA1

                        14f755901b3135604c5c849052693769db8f192b

                        SHA256

                        98dec55807096505c95ce0acc89862c9c2e23ece3e623988accdc7bec476493a

                        SHA512

                        5413f9ead51f8b392b8e93ecc307a900dcda704494a44de4e47500065aa14165db21d16fa7e1a7c67364e2dfd30e918ab2828f86fce0a8a4c82f1653837d1bce

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json.tmp

                        Filesize

                        24KB

                        MD5

                        53bf275a8af58771b94b91622f941367

                        SHA1

                        2422ef2ca62bcb2fea486878727bec01a17c2bc2

                        SHA256

                        cdafc82210c82f51a345af69687f458b4a1dd3b31f72060116208d060db6baf6

                        SHA512

                        c086d55d4b2daec5b538b770d81013e51f2ee280a2699d55906a9840ac75ae505cbff4e3823ddd94e6748ec4075104235221b4dd5e1425787ef35c25dae8032a

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7GBDECYECTP2GSDBJ1Z5.temp

                        Filesize

                        13KB

                        MD5

                        1a78e6eea8a66b72bd272345adbf7061

                        SHA1

                        614c19f2fb00d898d664c2c4bd85dbba5886d2ec

                        SHA256

                        b8bff226223a11ff2088c0c9863d5b800ab5207550be6fa8ee40a1ab2f720fc3

                        SHA512

                        1f3a308accbe465448a97b9ba96f863a3e89f2b42b43220e3ed28af2d7e53414d5f6dc719fcb1a176aa436a76d931b2ab2a62625de5613c6de7e9651f254eacf

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

                        Filesize

                        11KB

                        MD5

                        299f7fba64839867aac78a89f27e0d25

                        SHA1

                        a05d936e74a1f1ef822c05f2b2f90ec50478e58a

                        SHA256

                        653eae65c1463022d91d18dc61c1d7072200c4e30ff7ade94ad45589637f9b6b

                        SHA512

                        ece171cee8f8cbf52075401b7466238a687f726e05a19a1a81c234b7d6cbdee8f2c49b4039d10d8fb822e60a932f7cd9b696f9b21200d7d770cae94e815ed696

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

                        Filesize

                        13KB

                        MD5

                        e88b3d15c1f09ab0fda37dd37b0557f9

                        SHA1

                        489941be5d1f61c5e8465e319871008a4f0b4035

                        SHA256

                        4b37c1e0fc8a4a125ff3ef2beec9c9997159ff6459784e2e4684550ea6a2b616

                        SHA512

                        34ef51100baaf912dbe081ae801ccd4df74f1ed14ab8a987ab9ad7f0e87cd290d42bf271131f4b3a76749e8517b18dd61a5535d959c7a72c5680d2cfe6e92381

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\bookmarkbackups\bookmarks-2024-08-08_11_UT4wYQLgjY-3vFiWOpYIog==.jsonlz4

                        Filesize

                        1012B

                        MD5

                        07776d530444df861ad61e28b81ce943

                        SHA1

                        e5b401ac606af8d3bec6e0a12e2e2e958b52d60d

                        SHA256

                        f98d76826cdd3a0a6fdb4a0efbd6362092f5d53f4330dbd8f03e05d4b3adde42

                        SHA512

                        c2feeca7e99e211b80902988c21e39dc95fd306da0160213b26e1bacb480548b44468ed3dc75e390ce670800248d97655a9939e7976becf1f1db3141d79d9f77

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        5KB

                        MD5

                        8853a387120c1c078f99149c1d4b79ab

                        SHA1

                        9e20b7ca10e9d3ec0a62dda2d745d6874ea6f910

                        SHA256

                        c432eedf123a1db7b7775e46248d59c6ba6f84c73a6c92fc8ca7fa7c1e556ac9

                        SHA512

                        b8b5f0c03d14301cee7cfb1f87a06289da83ae0ece6af1aeb06687c310e4ab67d1150da4897702a59df2bb1ad7203292f865b3394125dec26753acd818db41db

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        6KB

                        MD5

                        58936191fad6a8711bf4fcaad986c2a4

                        SHA1

                        29abe74424b0a90a583874d9cca1db7ea4c9a337

                        SHA256

                        503b136d505119bd05435731ba8b16707d4ba7294fd7c262b74c11ce1e915a0d

                        SHA512

                        1091bf903e7887280a66b3aa873950e4c98349695438cae05df8817c9f1d75f9fdc701c378cecea58b2a35d9efa094cf4f00b4465304272c624579446ca40f78

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        6KB

                        MD5

                        22b000eb012b38cbdd87e9da242a5ee0

                        SHA1

                        dbb3720b844327e97c329595a41651213312da8e

                        SHA256

                        de659bdadb74398e63ad7c565251156e5ffce6ca8c9786e52c909350963ddc5a

                        SHA512

                        ab96dbcb6a1ccf4c4bad850279f6514feed843f142980481b331243d8d3a8c616b185eec4d2d48abbbea167f64bcc5f371597b98dcc5e4bc6d8f657a4017a17d

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        79KB

                        MD5

                        6523715bd7379774847eca407d88542f

                        SHA1

                        6b2a638f08f12ee8391dd48b663a9b1c976fb9ab

                        SHA256

                        155b717af7610f5c50944495dd11f12fd44eeaa4046d51db7ee3cfd8c2300ad2

                        SHA512

                        58e5f14fd22a708c6c14f82dd36a7c93b650464a64d75e9c4f17bcec90afa64d9070ceff2a095e6ff5fc822b09bffd371bbb4cc5cdf5185af4e42ac157fa5643

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        79KB

                        MD5

                        2a4866e7fd5312e65a907ec0955aa79f

                        SHA1

                        e25a5f4b3fb95196627ff1a08bd0171c30ebaab8

                        SHA256

                        bf50c3a96ef0154d1a0dabe641119bae5da36de3fcba3515f2f9d11763b83b7e

                        SHA512

                        03ecc6978146aacc09f22b68b25b5919319e398091550ff22728995989354f1181c6c6d2f956da6ae14216673922014b151d98a8e2cca4ad3949225dea325deb

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\0b00ac54-4eb8-4860-b468-17819a0fac19

                        Filesize

                        671B

                        MD5

                        7c0e9d297c4b3fb3b9fa3f9b491957ba

                        SHA1

                        e3ffcee823d826981259cad01ac0e75fcc3946a2

                        SHA256

                        82f10f51126a4003f22435ab3709039119e9ac133d79d1c9369b02f490b6c6c2

                        SHA512

                        6293d6b108385c40ce5ddc1f76bd0f8ec07b33d7eaf697b8fa3e69c3f4b31533a91e4ae2b6222ca40d9ba0aae195de74db651d92759f98621431113ee272d307

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\96795047-9b11-4cb7-9308-517d8a8b8456

                        Filesize

                        982B

                        MD5

                        bfe131bea3c77264ea6f92e200895f91

                        SHA1

                        0e363223e777363fab0c39c720ce3c79078dc9bb

                        SHA256

                        4a52071b42a792e34b0a6daf8cce36fdf0dd446d102ae2b87edb9de981409e53

                        SHA512

                        a3df33dca569e0de233d3e095587f3ec78307bce064af43c61a389cf4ea137a91e9a271aec77755b3f5d06cf4ba307060159e06706e1ecefb2cb2add94d29a2e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\fa11c908-4ef8-43a3-be63-8a455e88582e

                        Filesize

                        25KB

                        MD5

                        5a2417373515c95a29bbf253a6544466

                        SHA1

                        32f3aa4cac48d2a3d8387ad636f768d7bcc86dda

                        SHA256

                        d23e8b9a778d362dfa86dadfe9bf34df263c1fd07d0e85c84447a585b4d633a6

                        SHA512

                        5868bec2ecf68074bf365998e0ba183de5ef691267c4b6f77d99cdb38f9dedcadaeb961c82c0de8c80d0f4baa8965fde41d1aa6161f8c7c8b9170a5584c98de7

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

                        Filesize

                        12KB

                        MD5

                        10ba3edd02be29d1352f7380086add10

                        SHA1

                        889f282bc385ed1c946b8b3593468611a2bf811a

                        SHA256

                        02130a8c05e5eebafef6c4562c691922369e4433ebc0b2617f7d738dbc596441

                        SHA512

                        bace8727839151a761cb1b1f275df018fee15a848f38722bc29737c05ec69fa2f5087313820c11d8c809cef72bc172410cce1807608d532932b26fe6b92e1271

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

                        Filesize

                        10KB

                        MD5

                        9096f4e214ae9a8aac61d6512f95cccb

                        SHA1

                        9690c4f92c8b440605bfb855790318fa681894f4

                        SHA256

                        2b3ec38402cacf203fe1bb2f621334b029902a6f446654354cf57a886c43841e

                        SHA512

                        9519d814b23f3210f358a500cf6fca233fa35a098824230eb5067f48f791d787c7e8a61f40eb51ba8391bcb7ddbe2daa667259d7e003d3aa732e71d2814210ba

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

                        Filesize

                        11KB

                        MD5

                        66f7886bb85aac926bcd39eb8f5064e4

                        SHA1

                        bdd9d02c9209b8b36469dd4e41c0e54c843b3624

                        SHA256

                        e7dec6adffb4dfcbd1f0fffac99e2fac1de3ec442b68ebe39e8d1f39247cda7d

                        SHA512

                        ccfa4279082de3b130fd56ea53168bfefb9c3f3d3200b613629ffba90540d79a8d418291abf2c0fc51d3922d017961082fadf220769d96a13cc8046437555a22

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        40KB

                        MD5

                        3132f0457d6277dedf6ae018544191bc

                        SHA1

                        505f9eb9b11a259e08887e353f94147b025c8003

                        SHA256

                        75ca9910bef55d6d08854b90f947d8fee8630d38aee90ad3f165a99bd819ea8f

                        SHA512

                        6fec6f9493b7f584e4dd49293df99a19afb1287cf813735d40c0dafa387de2332ee764e0c13813727f0b07694ce2a28d0a458a97cc3237bef3a3a71259ab1b18

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        43KB

                        MD5

                        5758e1bd65012f4598aad3376bf48786

                        SHA1

                        06d5fc0370c3a74b02e16474807487cbdfeebeaf

                        SHA256

                        e2e93591e81270e469e4527f94420b60def86e17a25540705341cca7c6242d1c

                        SHA512

                        6b1d99b8aba013cd79b980f70f75b42eeff47b619fa65a8ceec9fe5a410165b379342889253bb9c1b9fe5cc988583bf3ae43ce83dcd32cb58eb627067a92afa9

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        1KB

                        MD5

                        3881f92d85da6f67416abc977a2ba3a3

                        SHA1

                        2359a65164b01bc5b9c8a49522676b5a1ac60d5f

                        SHA256

                        28553f31b37eb6d4f6cac2590a97956cd5a376f30f1ba7d5de29465669c3f23b

                        SHA512

                        17d7bef92ac5b9d2d62f0341f952a1d7e3ea44a4d186a596d8cc74286cfc22e54ce268d6601db075594e86382a4c753487952dab502a1a56f583d93ed14184c9

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        43KB

                        MD5

                        f72c101d2fabcc556b9e399177dbc0d4

                        SHA1

                        df408f9e629b96223686b658844a1255e59061d6

                        SHA256

                        c77a46707e0ccd9817b535299739af063a68825bba7b3a6e7b47ace0d581d462

                        SHA512

                        bdf86fe9ecfaee1dc225623364bd66b27f6a4c21e578fa6d3f95598ed676e374946b1c5696163fc66595727216112196edbf6e425b8ef1e6230685f93d5f8f5d

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                        Filesize

                        592KB

                        MD5

                        d438dc28c9d463318b234a54fd3630fa

                        SHA1

                        1160b9903dadab55dbfeb9bda0299d17c982dd8a

                        SHA256

                        96f27267e7a89c0ffc5ef8b838fd5939e69ae4b892782618712ddb2ab6f498ed

                        SHA512

                        83ef8ac55baa63702ef3b9e98ed12c93983f1dc5d2a34a32fee58eea698db68347b92f182ab9b4486e7a3b613d55bb52efb3f11db6164e898b99e60ac9697075