698a509598727e0540af8ff9a8555b64c2969d07b245cef6653048205e8611f6

Resubmissions

03-10-2024 11:40

241003-ns91hs1cje 10

Analysis

max time kernel
436s
max time network
437s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-10-2024 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b.avif
Size

24KB
MD5

08fa9f024c8c489e6db9904d6ce210ed
SHA1

f1c5f35d85cb5ab1a81fdfb39bc4f88b7cddb7f2
SHA256

698a509598727e0540af8ff9a8555b64c2969d07b245cef6653048205e8611f6
SHA512

98a22d08e70758161abb8fec0f649556c496c2055a3924ea94d1377545e3ea38d1dfb41ea6c8f34e04e56e9a1262b658173746e26e1203238777e7b1bfc3c8f2
SSDEEP

768:MStI38psCXykb5qjuEv59oVRJlB+gyADqjva3:MpLHkibvoVRN+sqjvg

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
139	raw.githubusercontent.com
144	raw.githubusercontent.com
158	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
4660	taskkill.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{6CCB7998-2AD2-4E8E-A939-932340F13C7C}	cmd.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\kozalocker.bat:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	404	firefox.exe
Token: SeDebugPrivilege	4660	taskkill.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4200	OpenWith.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe
404	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 1468 wrote to memory of 404	1468	firefox.exe	83
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 816	404	firefox.exe	84
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85
PID 404 wrote to memory of 2964	404	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\b.avif
1⤵
- Modifies registry class
PID:844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae773000-c327-438b-8db7-2ae7ff4c0281} 404 "\\.\pipe\gecko-crash-server-pipe.404" gpu
    3⤵
    PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e987616-8d34-49ff-9fc5-e27647242934} 404 "\\.\pipe\gecko-crash-server-pipe.404" socket
    3⤵
    - Checks processor information in registry
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2756 -childID 1 -isForBrowser -prefsHandle 1544 -prefMapHandle 2784 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da8e0326-2501-44ad-98f2-312509a5f3e3} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:4752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 2528 -prefMapHandle 2516 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7ce6fd1-54d7-4a09-82e7-27265b33dc1f} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4828 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4836 -prefMapHandle 4788 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4937e3cc-b2a7-4845-9933-3a27bd75a3fb} 404 "\\.\pipe\gecko-crash-server-pipe.404" utility
    3⤵
    - Checks processor information in registry
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 3 -isForBrowser -prefsHandle 5264 -prefMapHandle 5300 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73d633c1-c347-49b2-9664-a1c1c37e1f1b} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 4 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be731f1a-fd29-4a31-8486-0c9a94c70a83} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:3880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5656 -prefMapHandle 5660 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15dfab6e-d599-4479-b3fc-84a6055f1fc1} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6136 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6124 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f51f668d-171d-4ddb-8322-9064f2bbba79} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 7 -isForBrowser -prefsHandle 5496 -prefMapHandle 5488 -prefsLen 28253 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d969749-b0a1-4920-ad8c-9f8c55b5812c} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6468 -parentBuildID 20240401114208 -prefsHandle 6460 -prefMapHandle 6456 -prefsLen 30923 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80c89217-8085-4c6d-ae04-a2ac15d3f248} 404 "\\.\pipe\gecko-crash-server-pipe.404" rdd
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6476 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6500 -prefMapHandle 6496 -prefsLen 30923 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8bbbe8e-603b-42f1-85d0-1a6a978c767d} 404 "\\.\pipe\gecko-crash-server-pipe.404" utility
    3⤵
    - Checks processor information in registry
    PID:2592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6828 -childID 8 -isForBrowser -prefsHandle 6824 -prefMapHandle 6820 -prefsLen 28253 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c5170c0-59e3-4a61-85a0-ab68f8540765} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:2364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7176 -childID 9 -isForBrowser -prefsHandle 7052 -prefMapHandle 7036 -prefsLen 28253 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4a4c2ee-5609-4524-b12d-99f35da800cf} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7796 -childID 10 -isForBrowser -prefsHandle 7784 -prefMapHandle 7792 -prefsLen 28253 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {942434ad-661a-46ce-88ec-279e0d9cb704} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 11 -isForBrowser -prefsHandle 5784 -prefMapHandle 5772 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f3f71d0-7205-4481-9df8-d728c1ec0be1} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:3724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7196 -childID 12 -isForBrowser -prefsHandle 7308 -prefMapHandle 7184 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c197cb8-ad38-41cf-acd3-654fb6bbd8c9} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7084 -childID 13 -isForBrowser -prefsHandle 4960 -prefMapHandle 7172 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61429a90-c05a-4ede-bfc7-bb0a822e77d1} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7176 -childID 14 -isForBrowser -prefsHandle 7512 -prefMapHandle 7472 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e504bcfa-ba2b-42a9-acda-ce7919341f09} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:3384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8160 -childID 15 -isForBrowser -prefsHandle 8136 -prefMapHandle 8124 -prefsLen 28332 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de4ca092-ec7b-4810-a902-2bc6fb758870} 404 "\\.\pipe\gecko-crash-server-pipe.404" tab
    3⤵
    PID:1460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2028

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\kozalocker.bat"
1⤵
PID:4252
- C:\Windows\system32\taskkill.exe
  taskkill /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
80f1d2a78d11df370af37788e14ae51f

SHA1
39f54aeeff8d1a256d8b1d0ba2c4ec6e0267ddce

SHA256
99410f77bd954364d9876ee14a746b21cf11748a200decbdc365fb1c20be8a88

SHA512
61b030fad43cdae073000e3a52eb6c0c8d3bd45955ebde2aa4edf45643e1c97e5b9697fc21669f894be5b40a45e53e67f5130518c4c842fa34be1c5a985bc146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\0F077B72026AEAD8CF051A3B6F0DCBE36D195821

Filesize
2.1MB

MD5
f5b344cc9c006804b961750eb8760383

SHA1
59700bb4376206ff901d3ab71a3ab48627924b28

SHA256
603ff8cc511ed5210bfdd33c8fceed642b65435c2650ecf640a5438539a4921c

SHA512
73ba561a265f82706c402a8439d3060a8889adf3e55e815d2aff606aa20f9271e35e9d2ddb548cb748dc539ea97398117763332e96b20834064932207c90c5aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
792KB

MD5
c69fc0e18db00eec2d3f4eea8409a5fc

SHA1
7e58d0830d6722f60cd16cf475ca4ec29259fa4c

SHA256
306bbed8c0d1ca1454bb566c6f866dc81efeca0bf38b8065305be15e4c4622d5

SHA512
d7654ed026398274ae159e34bd6c897e160555e993ee350dfd18e0bbea52dafb46bfd3a33c15ab832d0399d676f7d4af2698ef6e3e3f218276d20af801a1a552

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\36E236217D9F25C7A86C9126F7388649F0D6BD2D

Filesize
117KB

MD5
878040f3ca8b799ad8cd68757071390c

SHA1
f49e2eb82a7b2818ee1b1ec138113041a3e430d1

SHA256
ce3cacd891bcb291b9bab36f37e8be64c029de26e29d20fb8db61b0a96fae60d

SHA512
7e23db48811a18754fbe70bca99ffba8139737a08ca5a6afc66e0ab3558b46362536b0309c7624cf5c4fae6f95d606ffcee1a669f5d6d734038ad95abe76d7dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
e093fa0d737a7e60fa6afc2c5089a4dd

SHA1
9c37355d8932abe68969cf8203d643090267e061

SHA256
e865f7c1c028ce531329d852e42b79d945f75af0bc014d5ab5c2b63f2023b7fe

SHA512
f3474e1f5f59ffad9566cda0293450cd4c5d9b6993bae57c0ebfca25710cdfb28ef1e0e080e7673440070dff068c3b23a019efa64a5bca42f2fdc050c16d9ca6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\81286DF82F3C4D1CDB8E2BC78CD4A520BCD2FCD5

Filesize
144KB

MD5
e1d711e12b0be444bc071d4b427b6a70

SHA1
f8630398c761b2748112df8edfcc6c0f2bde7edd

SHA256
de97a3cce200a7f8b5b174572b668edf201831f76aa6ca958de197e401c2e103

SHA512
f76596eeffbc9ed6507ce2574f10972a14c89241890608557f79e8602ef0eefd6b77905509f75009bcc7c06527afcc9d2121fe5995f8f0adc5c656be5470df4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\87448AF01C02E6C57DD2CD1ADC7CE77C921FA9CC

Filesize
126KB

MD5
41023c4de0d171a8cfb12f79e4d50c74

SHA1
66ce72fd936be0abd877a2956f4d424c93deb1d9

SHA256
7689d60aa8dcd4c749a624d6adb76cb7dcc259d44480796197bccf8edc62210d

SHA512
7b2859466be6e58b37d6e9b1fdb482e62845753aef42906693c34d4a54089c89c2a6878731f0842e50c47dadeb7b87a74cabe0b7b4b7c89577e0b38e03d43801

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\A5F02E6B3D442BABF77BA16FA6FC8A8A04375FD3

Filesize
165KB

MD5
5280904270ee38fbc6e9d38b3e468ad6

SHA1
5b46fcb47179fbc61dd32eee5471c318547c8387

SHA256
06b7e0a11cd84772906a80e2fab93d6a15665f5296005020ed55e609167f70ae

SHA512
f9901b130780b6be6fbb7e3ad49bc95608a612a51687f16d31b55058e0ed625dac3d0b4653c71bf397766b27e59cf2e310381ecb77e97cde71bf12c365cfe61d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\C61C190239DEF843B26BD458E88ABF6CAE260365

Filesize
78KB

MD5
d8013f9d4bed6ce38ea05e37e0c1d9d8

SHA1
af190624e5865bf0bfb36973624feae5c1f8746f

SHA256
24a3d54025b50966aff949f01dc44e87461031fbb03649cce44cbf6096935360

SHA512
9947949204713f818f08c4ce48c6fe427d8610e743c466616e92d28df5f8ba9535d988cc945ac60430ddc34a3b10f60c9706f3713f7ec8184f377b89ce4292ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\cache2\entries\D16479E925AF122292501EFEF9D2A14A47D3245A

Filesize
79KB

MD5
5da494978fe2a0c39916311e8c98c2b6

SHA1
9103910fa6aad08fe0e6ac4c22343ed665720c0a

SHA256
d4d9ac16d1e0805fb426732e3c60fb0bb48bafaee1f113aeb74aa6c3ace453a2

SHA512
4987a218e31ec5ffb5b8825db39b1e2cc410dd5cc2eb8361cf1d9838a9fe726cf101e1911139c1006ccf3a260f9cfe2c7662033d2f6c214825ed0d319bef58f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
a07dab35a82c78a7d48f7a3f061729dc

SHA1
e506054b161d876104445c70dc9e5aea60288604

SHA256
9d1f4a68cba885ac3918d0b4e5de4ed2bec10f54eaf428f3b2e0306441d070dc

SHA512
2be35fa255bc527b97a52812e8888df05c4d4c3a9d1bea856d39d9eeeb93ea340ab4a2ac96e0fccb7aae4ecaebfeefbb57c802dffad917d91ffee04bafc3318b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
f15daebc02d3840f580f6d854cadceea

SHA1
46df9d33641a87bf7f865f06db21bdc81a5ef8a1

SHA256
815fcb755481081fb7931a4edd8a5e64b0a1df1ce121907d97bd53f040541350

SHA512
07674810a2c743efd74d6bcd81ab437286aaf2798c17569c82cda24caa81fe9b493af71ec69e00377b8ef4d592508b090610dc1c6cf3567ce933c6cb96fe6b5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
6KB

MD5
aefc6a01edd402ad949aeda8accc78fa

SHA1
e45af45c57fa082286fb77859247e8e24f3faa12

SHA256
c890377aa1f4e9ecb5f2fcf5acd09a95a9aaae26578e647ee819a055d1dad0e4

SHA512
d22c336f09e8ea6c281db6f6df073954be6878fc0b8d13d03cfdeaba5424a66acb965134b767187917639be197a578034fe010217844c806f8aca50f9e574adf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
12KB

MD5
c53ae4d55340421b46e7401548be28f8

SHA1
6083cdf3d33fa4c18c77f1da66251c67eb914e2f

SHA256
fb08e4ac9e60849e0b7a332718e0c9de0630316a3cb9ec071daf8eb7c75e233f

SHA512
e271fe76e4abe496cf1e180ef2bb0925d30b785a681a5fcb103726b4545b7ed67a337e29ce1d6b87c8bb2d47d45b7464d1a42fd259dbe6d952906e0f29c21adf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
12KB

MD5
10bfc991ef0eaec630f6d92b8e5d28a1

SHA1
f280132afd419660f5555cb5d1a621746fbb1115

SHA256
f030a56df0e367da96580bd3ee9720593ed3cdb5926fa53c217e8c2eb3a4dcc1

SHA512
5276ae12330934a2cfd6e415f7e3f2c3bf033c153a22e96d7b2aa70e002a9f4dfefe1e261d86a12d1c664b8b10cbdde4a3dc8ff1051de59f778896372c227ce8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5d0749e2dd48fd7cd8cba931b86385bc

SHA1
3ea5dca7c3b11767e8189b0cbbf53e53b5a9c587

SHA256
4d312324d0495e0481e16435bdc937015b62bcb01a5397b9e45600ba74de3093

SHA512
f1407c6b1e0f130430208bd6d7e822acc21e74ce104eadb50dc93a70512fbf1e18a2338217fe5be87e5432ad6e7a4657155f2476636843dffed1a3864f4f2019

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
f7d55bd4b3c8c6f081da078908969c82

SHA1
db09e755902f3193dc91a342625ef64e4a164a77

SHA256
0cd7f473d973140fff4b33633e8544209a7390a7332e91ce6a95872edac3c3d6

SHA512
77a15e436835950b7f4c5628452d415846a3d6b04b6a2abc13f012f4ad4eb0c0fa6654b4320516dd6992a9e68fce84edd82771f3668b8616e8b750f7fd655f27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
797e265a6a92fda3befb07499bda4a42

SHA1
2d967121a82b49cc59e242dddcff64f436f02100

SHA256
c1681b46b6fe0f74d2b935195a425391f81a649ec8da8dce570d68fbd2615190

SHA512
d527347e60f00eec7cfad89308a58f1d683fa5344b886881082c832f35be093d4e24befcd0e89ef74207844562792a69b13503feecec479e1239c73da431f143

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
216fa4bbd9a28a0dffa5cad9a54085a4

SHA1
0b08d85a02e0e40fcf714c5e08a25d3098aab503

SHA256
24b3bd2ff96f6ac0b095372fd6b91a1a9715798900355cbe6943619035a50da2

SHA512
ebc35279793d7cdac3036db15ea9f19c16689c69aafdd7c95c62a1b81b55738a747ab3b29318605055f93bdc78406443f0724acb9a969d8ed0a9c9ce969e3c09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\3a085bb7-ab4e-4e72-aa65-65797cbb84a5

Filesize
982B

MD5
20068e835a881b656b8824e0c9b1fe1a

SHA1
1709e83a10f624f03cba5a8f1e4713c8702826f2

SHA256
0b4c7986919801da379cb037d9566a6659b6ad0b252d9018e08578b45c248ade

SHA512
1012beaa7f51a48585adb910f587dc9b7ef8ac1ecf90875375366d8e06be47b0dce01d1581d293b41a768318075fb83aee312ff0a474a2c8d498c40c10bb47bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\d4f4b0a4-c0c5-4945-b9b2-4da76292741e

Filesize
671B

MD5
c04b6222569cee81995bcf1d0f10a1c6

SHA1
2fe91113405812c5226b63de3033255304b30be8

SHA256
1ecd254b485229d7babd41a16b52021e4049c3e1b126534ffebd4bdaccc2196f

SHA512
ababea97735baa64864be4485cb3097f2c6ca83639ecf3219923f1ef2e42bf6134d3078fc31392c8b24bf688ab562b01195c6c9b8f960178671c2f1f3cd336a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\f0121a40-32e5-4f64-a253-689dd4d67b47

Filesize
25KB

MD5
b06216a48504a3fdc8e5beab49a4435d

SHA1
6847539e7de76fc3675c4291ba3a8413018004c6

SHA256
287409ee949ba83c455a0820e241a0811ec4143eb31ecd8992e1f84b7cc29b2f

SHA512
0f6e281641477bf7ccf325e9f18de9585f07b8e14b15bdaa9687c23af7fc910c3825d53d8d54b846a1fb66aafa74079e546cac09707b2c8556193ccd0f091b58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
11KB

MD5
372bd32dc24a6e3811335548bc6b24cb

SHA1
740974daa347b08d3469c5e4b7ef7f747a64ba37

SHA256
e9b050e8025db01b213ccb31434cc3d7a2cc04c6773bc5d058ec4cd76af64041

SHA512
4c1e1592061c60a382485f7ec6a6bd58e2e2e1c798781ed5c622df879918075c917dea4435569521060625b0d48155baa7bcd1e411d442e71e618a7377211684

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
12KB

MD5
09bb02700c6f24c7cf1961bbb3c4a8ca

SHA1
8e726be3ef7f250e75eef1b4193f038078085494

SHA256
ce7e2d9c1f6b716937388dd821159572a32d28762316ad2bbd05145c0a36b6e9

SHA512
f1cee58f8e1c4f00975cc25a1373475aeccd9bf9c0d72e77886e70bd557272ab087c1cb4cb9e8eace3bfffa34205bcff9ba258dc666cd0dd7f52bc0fa898e987

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
12KB

MD5
58993f6d20ecfc638c442c117cebc21a

SHA1
807bd809f11a2cab333efa3e35bcbd0951625065

SHA256
30be485dc13addc2158381c2fd523075ec36d3f8117aa8537a7d0288d0c57616

SHA512
5ff64bf37e312eb550871f4c3bad90c1dbb44443294545ef5b3495684227893d14278933cfd25796e87de0fe3d0967cc7f65970652acceb9e7933c9a5b9afc8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
10KB

MD5
b23859a80fcc86341ee3559c8101b978

SHA1
fd86f8e5062e52a85e7eed6b3fde7fb4093548d2

SHA256
3a56cfbd760183be3015837255e6740a6c7270a545c4ba23cf70872fc6bea4b1

SHA512
3f6d0006de19b2048922589ed2feb3b5e54d978307bf1b712785f6d66d1562cd9151b652cf400d0b4523bfdb03cf94a7487915959b19b6be19d044b53a05eac3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
adf4e8825fdea35bc604db0a14e03acc

SHA1
f8e2857f4a1089a198d09ff5cf803ffb5d1796ca

SHA256
28bc071ec0cc9861cd97a47a11df8366c4d5849775035e71a6b17140e3f31651

SHA512
9be0f5a2b28ec64267b426f9404bb371b7f28f934432bab2e24fe6ffc7e363dd9880c0062c933573aace8cfce941ba19817ff03e3ceb5935f1cc00f966bd9c70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
ad3c2bd567fe12001e27cec8be259c0f

SHA1
142801422415438fc508cda6d5ea8b264ff42809

SHA256
9ea1da864f579b996d203fdc9e6019cc8bb72e15a8463707dedac1aed46f171e

SHA512
80345b023649c5e53c32478b7cb2cba4a00101fdcd4e121eeea63c380c9c4d72567b16214f2c664c654fac59a359b56d3ca647ed0661c7874d496f1a951af4ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
28fe464a9e6e20ebce5398435a4a4494

SHA1
57e8ce3dcfb0f622a90fbd5cfed6f068a3a1b87f

SHA256
634a21f8d07b2931a380e1e591f194b0eabe2663dd75fa395105ccf9590fd35e

SHA512
a603acd41542eab24b6eb02bcf1aadd376012a663446de2cc273254ecba96d57e85b0044cb289b2321205fd33db555434443fcc825776fd465a86b32736e31e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
1e629e9ebc1010bb608c4c0a62ac5f92

SHA1
7a14c5c9d2ed43b887064078ac58dc1c2cecba44

SHA256
717c34dabcc3646e54e7533ca88064b91ae0307e5f7d990e2ef697a9b08de98c

SHA512
e98edfda5c3e197b2e4b6f788829f892fd6a6214c94499a346f1c1e63fbb0323f49a57251d6e18a342f3d2ee73675ac505ed78204eff0ec7d2ceed256c17a227

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
3291a6675696823923e8e409e7090195

SHA1
107d1042770aeed9284de67646386e934431089b

SHA256
81525c1cf6a1198565e66f10681573b4f4d02edb20558f19f6f9893be3a39cdb

SHA512
1ec88ae0d3f79e75e3bf139609b78d8e0579aca8c9f0b1dca737556ff6b0a3949614762aa61de846cfbd2a6c6cf1987e0f06dac184d91d9312e912c59b679e29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
6f8d96df5a03d9b81c7d32a75e174426

SHA1
3fbc34c9c47c4b4f8cbc92b5153cbe6d4e894594

SHA256
39c59e62a6c62743cd25f2c997164f56c5961ed389c05b87dc05173327afd5ee

SHA512
be2ab509b77a2852505d66ca274b94ac88bb30234648fa8f555ef38fd421ea1dee04e12ce041b50ffaad0fae5cf8c339dc56b639f80feeb8b537184de0692767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
57be48a8429046c016cf2db1572ef501

SHA1
ea22c173c209af4fe67eb1a205655e20b7ab4e1a

SHA256
3f63ccadcb94de04eee6e68d85ae7f3c2b2ef3e5967f7cfddf25a5bf23a8c5c3

SHA512
37c3335260331afcbed0f20e014c3a99dfde6c68957c6437d56644d60a560caf65ce45e3b4490b52d3698ac6a00779a14bf913e5937188d74543e273faf9d076

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
1f5f72c4f66b062ccafd9ca5fec1d6d6

SHA1
19cd29d7993bb374ba9c50378796b5501a64510b

SHA256
03932149f35468fd585dabe20d99cad0446e29cbec664164703272f83eeb0d9d

SHA512
718d2dd7f1eff62ccc410ddb0997d0d07126da8b9c86512740cbd8571ea68a58fb340d2e770b0b370fface249e6cd7545ab806f3cc96b4f1aac4e9bf13a5a7dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
6d720e03dbd7c43b1fd20c83b1f66901

SHA1
f264db7378a3e770ccda83a182ecb26d9ace3cf9

SHA256
76d02659032ed9e6b3e5f5ea82faad61cc12610d31e5c712f8850f2bf828b78b

SHA512
5da1b0eade3a3ca444e5c17d8d1832b130fb21341de741483cbd8eefc12f12b220aa96aea90f091e28b669da1b2ea7cb9f129c2ce92e356ddab5af66e898355c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\storage\default\https+++www.youtube.com\cache\morgue\139\{34d823d3-8cbe-4c37-a31d-51ffb39f1c8b}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\storage\default\https+++www.youtube.com\idb\3547186790PCe7r%sCi7s%tee5nbt2E.sqlite

Filesize
48KB

MD5
a45bdeaa989126e12415ac388d9fbade

SHA1
43d1c62e68f6954e7aeb1d64bfc0436dd8b9a91a

SHA256
589d54e18e66a131a29fd70069bb6063df57a9707f7a95c023cbd8c2580d5405

SHA512
bb3de3dd13255f0fdcd58ec03bcd4e5aaf3edc7ec27f333761703222f797414caef1708b1189155ff6a0c1173bb70b8ead110c3f5e6e9f18579d0f8e9fc19f84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
995c968346a9700036ff8a0f3f7d5a0d

SHA1
738baee7ec015ec0375db5e891f71e88e8c1db84

SHA256
da5cabc7f11dfa4c70d7402f126ef6cf2946b75a3726e4922e21f839b8b6025b

SHA512
a933aaa787239707d8ba4c522608dec3f707abe500096f90b3cbb09f2aac8e11c19deb07003cffc8df608192425549516a8054ac8d6c7ca2d8587e6645f0473e

Download Submit
C:\Users\Admin\Downloads\R3rS72LE.txt.part

Filesize
406B

MD5
6cffd4eb27148b4f0d89321e16d631f9

SHA1
6219c8d97f24aecf6985b989aa1dbb36e3f0a857

SHA256
9a9d32a973bce988ba1a72ec0f160d84de2e1d659bf8158e121e3fc3360abe46

SHA512
f3bc7e3f74be3e89bbd8a0ba06df578a3ec7dbb5060b412c63eb2e14048f339e99588ff35bd1581466ee33b0a041c40f61d83351df244b7f839535f0bcebc586

Download Submit