Overview

overview

3

Static

static

1

File-Plagu...92.exe

windows11-21h2-x64

3

Resubmissions

06/09/2024, 15:55

240906-tcwqvavhmg 3

06/09/2024, 15:52

240906-ta5kzavgpa 3

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/09/2024, 15:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    File-Plague.Inc.Evolved.v1.19.1.0.Incl.ALL.DLC_866692.exe

  • Size

    12.3MB

  • MD5

    39f02b44a06fe0e45f5ef008975d0da3

  • SHA1

    a38c9379877cc0e4201e81750f8dbec8c49babb9

  • SHA256

    953a702f9d78c99ac1f5a05b5f3e14fa0b475e3707249abf322bfe8efac97794

  • SHA512

    c5007e27478835edb926753619bc9c2d4ed404453d15449234ffc6fcfd33372b14bfbfa326d88144b128206419c4a47187903b9aed4f147645e11c35c84873a4

  • SSDEEP

    393216:V/slbLlESlvSFvKa7A1dpI0bdCK5jftRdeqmLJeyA8Y:ClbLlESlvSTApRdeq0eyA8Y

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\File-Plague.Inc.Evolved.v1.19.1.0.Incl.ALL.DLC_866692.exe
    "C:\Users\Admin\AppData\Local\Temp\File-Plague.Inc.Evolved.v1.19.1.0.Incl.ALL.DLC_866692.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4988
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:332
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b25264-7ca4-4ae0-af28-a3d533dc2dc2} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" gpu
        3⤵
          PID:2876
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2340 -parentBuildID 20240401114208 -prefsHandle 2332 -prefMapHandle 2320 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2ff6c06-b29e-424b-b1a2-9a44d533d6d6} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" socket
          3⤵
            PID:4472
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa7e4808-e86c-4c37-ad2f-1b30b90d6bc7} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab
            3⤵
              PID:1516
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3000 -childID 2 -isForBrowser -prefsHandle 3124 -prefMapHandle 3080 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a530a2df-4e84-4f47-947d-0e40419b0c2e} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab
              3⤵
                PID:5028
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4524 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4516 -prefMapHandle 4512 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b23a596-4715-4c9e-a17f-20f6f88c61fd} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" utility
                3⤵
                • Checks processor information in registry
                PID:2656
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5360 -prefMapHandle 5356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e868a23-0ebc-4088-a908-9a70c37d893d} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab
                3⤵
                  PID:3200
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5600 -prefMapHandle 5604 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14dd7fd3-b080-42fd-9884-94713e3b1457} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab
                  3⤵
                    PID:1088
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5880 -prefMapHandle 5876 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a53dedc3-ee01-4dee-9d23-8ba405d868a7} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab
                    3⤵
                      PID:2944
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 6 -isForBrowser -prefsHandle 6180 -prefMapHandle 6176 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a93bae31-a89a-4e2e-b19e-89b95624e29d} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" tab
                      3⤵
                        PID:1420

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\activity-stream.discovery_stream.json
                    Filesize

                    33KB

                    MD5

                    eff3ebf52d4ee49d692ce34dbf13bbc0

                    SHA1

                    4fd3ad1d409fc5834a9147020456a661ce0b078a

                    SHA256

                    2fdc90c74d72944a7d0ec1f2eeb6a77f599f05251066602bc90f40258afbed43

                    SHA512

                    a0f1bf57b636873a2b526f0c6f51f98bc4e69e7c3f70cbe92be515743bd2addab47dca878fdc0c6d6fbaab8c9a8cc35dd59644eca0b8bb47f6c13351c755a0e0

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yel8o60i.default-release\cache2\entries\00C8B4DAB30394D24482931B05BACC88FC707DDE
                    Filesize

                    60KB

                    MD5

                    71302f47182f1340ea4fb8e2e2dac1af

                    SHA1

                    09b459e7836e9d08d8bec2e43bfc4f59f8864de3

                    SHA256

                    f81c57f8e9c768c5a49dfcc9bbc202a2d43471507f4665163bdb31f28eb978da

                    SHA512

                    9c97f44bc18e9b8a4bb70445c9873c98cc96b7f2db2654644e3a6ef6da9f31051f583c54b1df647d925664d384e6046b96b8c4d3c2e20c9fbb940ef862694838

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                    Filesize

                    479KB

                    MD5

                    09372174e83dbbf696ee732fd2e875bb

                    SHA1

                    ba360186ba650a769f9303f48b7200fb5eaccee1

                    SHA256

                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                    SHA512

                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                    Filesize

                    13.8MB

                    MD5

                    0a8747a2ac9ac08ae9508f36c6d75692

                    SHA1

                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                    SHA256

                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                    SHA512

                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\AlternateServices.bin
                    Filesize

                    6KB

                    MD5

                    d1dabc59cda1f9051e9ce405c1db9b1c

                    SHA1

                    4f1273a1ce699d07a93a61f8df70cbf3c04e9a65

                    SHA256

                    9362a0fc83f3140839c994ea64f290a19f54db9a9bac1fe3e9d83e3d51b3060b

                    SHA512

                    32bc7686a09f7f3d6f329dddb6f6a1fe188c736835f504b4018103781101630c885bed9a1f15dc765e4ee61f9e9960120d68609a78a4f625dce27b4bc5f3d442

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\AlternateServices.bin
                    Filesize

                    8KB

                    MD5

                    7ef29c439cfdbe8701bd1f8f2ec0c6a8

                    SHA1

                    809d4d271091de3b28ad427e5a5fc435c21d601e

                    SHA256

                    43f04387b5c5f06f7cd032f3968a23e4fd53d7762d500e85cf2f75a0ce03f79b

                    SHA512

                    aeba9d6a9c48e297939dd87dafa31aaee48284f4c30a35aa2deb016932d7e150df97e9ed2edbc06d584f2ba0fd59b77547b5c4610d832a5c2b535d3ca68f69d6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\AlternateServices.bin
                    Filesize

                    12KB

                    MD5

                    e36660d0d65afa41737ad4559a250235

                    SHA1

                    a0e0e08710eb19ee3ed4a769c496ff2a38920f97

                    SHA256

                    789a8be63fef359f2c226349f1f3e111de580ea2eaba0cea75f2861252af1335

                    SHA512

                    98d6feea420017c03893eedd0bcb11fa86c26443f9dc31612a12174f30734391b6acddc3eb356e36c303669e1c3314c7580a23d91acf155f59df4219c359ac1c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    43c9f2ad164164196b723f194c6144ae

                    SHA1

                    a7c846a7d5afcb5cb716193c4038c579e12a65f4

                    SHA256

                    2b5be66421ce8539ac7c47a81678566a93b8f425e5fa62b7b78e7b75b8662a23

                    SHA512

                    879c8c2405e181c4cc299132d70965c6a4aa3edb1faeef5cb39bbadf2a1853be537deb08208892b451310a5ce9afe95e0b786f91a752a3c2467cb25b6060bf32

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    36dcb0e13700aaab051c1ec3eb1de127

                    SHA1

                    18bed8db35eef8c37825e498cee1ff212c9442e5

                    SHA256

                    2313c94906b8327485f85e800eec3c39ac89c94e0aeb1dddd549e0bf21987019

                    SHA512

                    10e7e7ea65c60b26e1b6319f532d6b964f0ba86be6cc6e395989aca4c10926ecc3cb65f84ace204fa25498e11a097d06d7dc726a9aef04708ac97cbb6e439dfe

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    6KB

                    MD5

                    a44b26fc8d432cfabeecb3606b38a8e0

                    SHA1

                    5d1f80c7ef0a87b147ec0a818af9b7dae56725d6

                    SHA256

                    792f1a44cbbbd8feca92d7352ed568f2fea1b3f9c637f9f35d9ec5c4c5938e10

                    SHA512

                    3c09038dd1e14671d545b35fd2a7ad01e10aec4ba05a40cb81ea4972efeb2cbdda160c2353dc4bc4a74751a4f3d98e801e4c33c8eee92bcc37b73004196d9629

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    a390ac8f8aa0cb6a5338bf577918b59b

                    SHA1

                    c48bdaed9346a8f72bdc25c4c6f3211df0dcfcce

                    SHA256

                    df4980bc8e5138c186732568604b0f135a91e2f8d8b00d965991e10a8e62069c

                    SHA512

                    2f90eb684e8938e816444878550aaf71405fdeb8b9b2a88b738374cb71104857d355f1f7b5ca39fab714568e7629ca4362215e67ac1a2b1ab2bae9c8bf0d4372

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\0544b347-e102-410b-81f2-f07ed3e16f15
                    Filesize

                    25KB

                    MD5

                    24a5aecfbe5e1a6e43575105f2b26fd8

                    SHA1

                    4ff386136cf53616ec77e3d0daf386659e96d082

                    SHA256

                    14479edc7a7742269b970d7bf1cc38b7c4e59a07102034debe409017aaeaa1dc

                    SHA512

                    c28f6b2207c6f8323d58531f374042d35e3563f15813a1f084ea0f753a078dda444f1e0dcfa0c181a95fd0522b455b6b77423264ea22ab2e2bee0e2e9ff48393

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\23916027-2ef2-4472-a89b-af4ea443c18b
                    Filesize

                    982B

                    MD5

                    03376cfd34da0235cea1c4109a02d741

                    SHA1

                    667352c770f560e3f5601f762445deaef3833346

                    SHA256

                    f30ed4606a1e9043b0f0bddd177b3bb081532151a90d7a7b55936487d96c6f55

                    SHA512

                    20d9248d023bc35fe72464785734206f1131383612c1413752000ae06e052de565a20678a5815a36eedd00a3084a1f28930b45e6e05e588c94bad6d6bcf03398

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\datareporting\glean\pending_pings\ebef9352-3421-45fb-b42f-a38b62ea7261
                    Filesize

                    671B

                    MD5

                    39ce08d90f6e6f7562ddd655bdfe96a4

                    SHA1

                    6b082c302b67ec3cefaa39ba648a7f0bb14c0546

                    SHA256

                    e4ab88e03f93b948aeee3c45cd72660ff67a1eba5dac7eade315dae9e38abbe8

                    SHA512

                    a737cd0b3b4550575688a22504f663e7f32f8d0e2e3d635b21f18047489914cd3b1bd553272ae55202f7b3b199d897bb7fad6d2cd0044f0cd43f65d88ddb9b34

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                    Filesize

                    1.1MB

                    MD5

                    842039753bf41fa5e11b3a1383061a87

                    SHA1

                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                    SHA256

                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                    SHA512

                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                    Filesize

                    116B

                    MD5

                    2a461e9eb87fd1955cea740a3444ee7a

                    SHA1

                    b10755914c713f5a4677494dbe8a686ed458c3c5

                    SHA256

                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                    SHA512

                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                    Filesize

                    372B

                    MD5

                    bf957ad58b55f64219ab3f793e374316

                    SHA1

                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                    SHA256

                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                    SHA512

                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                    Filesize

                    17.8MB

                    MD5

                    daf7ef3acccab478aaa7d6dc1c60f865

                    SHA1

                    f8246162b97ce4a945feced27b6ea114366ff2ad

                    SHA256

                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                    SHA512

                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    1f1cc3504b4bd0f66b56f51ce8e0af8b

                    SHA1

                    4be1ff6244f59c26ed4d9ec9a2339e2ea0f522d6

                    SHA256

                    6cb90b41dd7910b6eb2e40e60dde174586c38a2d96e85fa5c5e866011c689e1b

                    SHA512

                    6317b9abd24293a64cc7dcbac91843142c631cc0c9421a87f8f85e873c846299bba437aa504a4c2c7653c06ae86a06da14bac0b1531e2c0ce0f237b9c00881d8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    4177a937e9f811c1344d8c6a6a2f30a0

                    SHA1

                    8a43514a6a9ddf7a8ed23827d23d731f97b26626

                    SHA256

                    a8ee44d714d0350fb8bfb0fbbcf17070d5787c12224af08cf14fa35e5912ddb9

                    SHA512

                    27a8a32aa047f7cde2f1098dbd67bfbf9d7029b6d46229811747ba43f0180e5b5cea364219bbf226371566cf05c24e07233fc66c9ba0688924b936cba3935462

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs.js
                    Filesize

                    11KB

                    MD5

                    84717aafb62931aa74854ab2670c4e41

                    SHA1

                    8241543ef2644a0bf3999ee639eace28049d4f07

                    SHA256

                    678128d62b176e6cfe6b0c2d7bbf8e9f6263413dfa1d6fd6ed032faa053c0662

                    SHA512

                    15ba9a8399f75926ff9e4cd9e76e5e3d8945a468c7fba8cd41418b2e19b18a88e0689f60168d0e8c8095afdc62ffd3005c7e08c9a7f8ff6f22d90c3ca3f4d9cd

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\prefs.js
                    Filesize

                    11KB

                    MD5

                    76364198d5ea740c663654e2f156de26

                    SHA1

                    a6ca40f1112bbe260f1ee81f2f1ece944549348e

                    SHA256

                    b9fee1e7d0feee715af4b5cce521fb94de4b1d4e7c55d5bf351eea1517c3fde8

                    SHA512

                    8b17b8bb931431551e80c45078fc0d0612504914b8a152a40f3bfb93a5fbe9bcf90eb46628f05589f5bae07db7b9704bbcc8f77e39974a21099beafa6d712ce7

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    4KB

                    MD5

                    0abde24d96cbe24a339e6c70609d6ac9

                    SHA1

                    d25af3e7423d36cc520d894d483c7c2cd41b95a2

                    SHA256

                    bcc334ae7e32c7c7a210f45040696a1fe14e32e13b6fddca790cb6223e86eb6c

                    SHA512

                    71c22ab31208284e7d7844e4b0997133c26f410806492e359c1e2b05953a35ee5b39938fce26f7bff6bf42f9db6a6a9422ad00fca08cbe8469a38cb95328f414

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\sessionstore-backups\recovery.baklz4
                    Filesize

                    3KB

                    MD5

                    8cd4174f090b9607be683bd3714eb76d

                    SHA1

                    4bdac383fc5f91c736784558f23fd3552d3ff2aa

                    SHA256

                    e0c916826f674e9dc2ebe1932b55f1f4a9c0c60dbd3df3772e1f68eb12c6e7af

                    SHA512

                    1baad29f6d3542e8dc1f2c71c4e9b6617a82c96e602734853047f5f2983b931242b1b0bae933b89091d44e3a64e20827f69b362adf89cc56894f973a4b8860c6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yel8o60i.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    376KB

                    MD5

                    4a10625127eb08a03e36c40bca883f4f

                    SHA1

                    97d9b342be1b8a9fe3a1f74ad16e19ece7da6e02

                    SHA256

                    18c65f0365eaba0ef67e0b32e0b5c92f63518ddfed1007c87eccd4059148c452

                    SHA512

                    6c4b868c7e27e6a878d34d226e300edb20884225f9b0d9ca2d3e6047bd90ac9d7c8897f72149d7cbb7b92dc42849a83af1abc1439ed49a12e0ef18eb065b8e78

                    Download Submit