Resubmissions

24/12/2024, 19:13

241224-xw3kaavlen 7

24/12/2024, 19:08

241224-xtltravlam 7

24/12/2024, 19:06

241224-xr869strgt 7

Analysis

  • max time kernel
    125s
  • max time network
    129s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    24/12/2024, 19:08

General

  • Target

    Archive.zip

  • Size

    2.3MB

  • MD5

    03a1ddc324751540b1e293051c630c0c

  • SHA1

    8659e8049aa13d81189a0ffb13e36dcdf4d31f71

  • SHA256

    ebdce938512e6338a6e0101e006e9a22237bced741086cc932eebecc03e9a820

  • SHA512

    25b2ed837d4f824701fb9d24ef472c7f6963acbeef423a396568f947f671c6458cffaef09004dfb16f88acfb1cb9fef50f627e40aa6948a951a584563d30dbab

  • SSDEEP

    49152:emRvJShtDbHj9XAGSwFRuYuTIkqXfd+/9A2aDxbb0k71+FIg4/vj8d5E+PpfLUZ1:RS/DbD+o8TIkqXf0FFM/03FIgcCfxC

Score
7/10

Malware Config

Signatures

  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: tweet-@x64dbg-1DA1F2
  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Archive.zip"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3320
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=4112,i,17437436182398955805,1059754208013914332,262144 --variations-seed-version --mojo-platform-channel-handle=4036 /prefetch:8
    1⤵
      PID:4680
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:1708
      • C:\Users\Admin\Desktop\cooked\BlackRock.exe
        "C:\Users\Admin\Desktop\cooked\BlackRock.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of AdjustPrivilegeToken
        PID:3680
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:2872
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2108
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20513c76-3265-4737-bfc8-b33dae6f3629} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" gpu
            3⤵
              PID:440
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2356 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b09f3af-b759-4a0a-bcc2-ba631133f0c8} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" socket
              3⤵
              • Checks processor information in registry
              PID:1764
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 3188 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9db1b2e-04f0-409c-a3e6-8da51bfa5f4b} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
              3⤵
                PID:2712
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3692 -childID 2 -isForBrowser -prefsHandle 2680 -prefMapHandle 1400 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5de1ccf-c65c-4a6e-a991-62f5754986a0} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                3⤵
                  PID:4732
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4568 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16a7d71-952b-452c-b5ef-e9da81d1c1bb} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" utility
                  3⤵
                  • Checks processor information in registry
                  PID:5980
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5268 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5224 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6d9fc7f-172f-49ee-9b28-7588f9c781e3} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                  3⤵
                    PID:5976
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5412 -childID 4 -isForBrowser -prefsHandle 5492 -prefMapHandle 5488 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42620885-7541-4b50-b735-76f692559ab9} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                    3⤵
                      PID:5912
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5640 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b522d121-5157-4240-96e1-347250361edc} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                      3⤵
                        PID:5232
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 6 -isForBrowser -prefsHandle 6204 -prefMapHandle 6196 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a939565d-b0fa-4dd5-b056-12661e7702e0} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                        3⤵
                          PID:5348
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -childID 7 -isForBrowser -prefsHandle 4736 -prefMapHandle 3844 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fcaffdd-46cc-406b-ada8-5542d2369e02} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                          3⤵
                            PID:4324
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 8 -isForBrowser -prefsHandle 6456 -prefMapHandle 5140 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {453fa970-88a3-4167-b893-c573e3eae928} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                            3⤵
                              PID:3220
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 9 -isForBrowser -prefsHandle 4548 -prefMapHandle 1460 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0832d8ae-08f8-4ea1-b4bb-5294bbfdee39} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                              3⤵
                                PID:1776
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6708 -childID 10 -isForBrowser -prefsHandle 6732 -prefMapHandle 6764 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d81d82f8-59c1-4265-bf22-b312cbbe8bcd} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                                3⤵
                                  PID:5512
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6744 -childID 11 -isForBrowser -prefsHandle 6780 -prefMapHandle 6604 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be0628bd-3324-4d2d-8259-66640a03dd42} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                                  3⤵
                                    PID:5812
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 12 -isForBrowser -prefsHandle 6768 -prefMapHandle 6772 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcd1870b-b750-4dd0-994d-1da66bbacf6c} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                                    3⤵
                                      PID:5816
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -childID 13 -isForBrowser -prefsHandle 2744 -prefMapHandle 2740 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afdeaf25-f2e1-4d47-863b-9bd98b558154} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                                      3⤵
                                        PID:4432
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7204 -childID 14 -isForBrowser -prefsHandle 7212 -prefMapHandle 7216 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9482fc-7176-4f9a-94c6-736640185dd7} 2108 "\\.\pipe\gecko-crash-server-pipe.2108" tab
                                        3⤵
                                          PID:4480
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations=is-enterprise-managed=no --field-trial-handle=3272,i,17437436182398955805,1059754208013914332,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
                                      1⤵
                                        PID:3516

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\activity-stream.discovery_stream.json

                                        Filesize

                                        19KB

                                        MD5

                                        8a9c1e63206f20fdbe871a5dee322d4f

                                        SHA1

                                        1c9c506dfb502b1e1d42eadad6d606ef37f3d455

                                        SHA256

                                        3b7cc366504525ef3ce4a896447fff6e78d1d00587c4915fafa3f087b4745054

                                        SHA512

                                        4bfb20e6b6caf74a902122b3b78649eefca45a4b05b19e9f5f2b2dc6587ac1255556a7a1db8ae655c68f68bee5717f78a7de04174b28370f3e8082b9223c021c

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\6751EAF940B45945962F07B498AEF7F97B121D34

                                        Filesize

                                        113KB

                                        MD5

                                        a35d2e30f770171a06724b6d78c458b5

                                        SHA1

                                        0cdc7580132bce0ac0be053b89a7bf324aa1b697

                                        SHA256

                                        4a8234c5d732a955f203d19b7f668d485b06803a2da4356191de89e0ff1e6657

                                        SHA512

                                        e0241b0b05b9213aa6ce65a0ae6a97012706e7d42c5c590ff61cadcb0f4694fc0d032e7eabf7fab951d4c387dcaeb191689a5c5398c0cce0e9e4401405587854

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\A316A67D82F673191BAD9C75885EB5E7557D7EFD

                                        Filesize

                                        68KB

                                        MD5

                                        4140b43c6b9bb9e4c430b8ca424522d2

                                        SHA1

                                        39ccbdb12d081ca550418c79a731963395c4a793

                                        SHA256

                                        0be6d190dc45f09d96204affcd96026143dc2d6880f806c585483dc47e201e3a

                                        SHA512

                                        d6cda27d39e893163f784352dd2268bcd9b79ebc2f3595fa546f1f92bebaf301c56edf4d83697f4414befff70c02ff1a487b52a85867f0243e0ec521f5372b0a

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD

                                        Filesize

                                        1.1MB

                                        MD5

                                        503d2804ec2bcaa5039e081a1aae15c5

                                        SHA1

                                        4fc4135f5da6f1772fcfda3bb203cead8baac8f0

                                        SHA256

                                        693c3359c0b010b67bdef474c68578c319ef60e629dce6c82c1f8ad086df8513

                                        SHA512

                                        0c2e9774037deea23b01f5ed76e1aa7bbe831049eb415a64b932d08156079daf93ec660bbe61f24a740a35f5144db544a72718a2c260400f2c3a2fe007e1810b

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\E3E096661CC12A0FFB4E42A32E6157FAAC411A71

                                        Filesize

                                        97KB

                                        MD5

                                        bae4c8aeb6e4a9f05900f8fea13199fa

                                        SHA1

                                        0f9b7d19bcc6fc2a633b47027a4c358716880177

                                        SHA256

                                        ce9a8d449ed0dfbf2a699f8bf9b373e3eb8981f08585e27e7e6d12054c2b349c

                                        SHA512

                                        6d5d8dba4994e1d5a2cb59afbd592b2e58bf0dde643c3a511859b37689f199fc18aad77f88f0cbe01d40eb32245280c82ab181697e574013c729ce73047e855b

                                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\igamsxea.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38

                                        Filesize

                                        70KB

                                        MD5

                                        02e2c4e2324042580a5499e0496f79d7

                                        SHA1

                                        186575678ab4682dc46c284696326b95ee99f949

                                        SHA256

                                        065133340660e5a8fb9bf285873d92fce0e18749473e9ab2e2485af77a6a0661

                                        SHA512

                                        e7070376696fc93b88fad19b2b2050c1d2bf1868048d1a77b7e312733b79f0d381ab1ee3526e0a4631afdd4618743bb282a00eb92a50b37239c70b0d773da460

                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                        Filesize

                                        479KB

                                        MD5

                                        09372174e83dbbf696ee732fd2e875bb

                                        SHA1

                                        ba360186ba650a769f9303f48b7200fb5eaccee1

                                        SHA256

                                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                        SHA512

                                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                        Filesize

                                        13.8MB

                                        MD5

                                        0a8747a2ac9ac08ae9508f36c6d75692

                                        SHA1

                                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                                        SHA256

                                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                        SHA512

                                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\AlternateServices.bin

                                        Filesize

                                        7KB

                                        MD5

                                        7be02750fb5cd234cfde805c713e87f5

                                        SHA1

                                        eb263219d6909bbd09cb2db1accba86ead6385d1

                                        SHA256

                                        527f4b4d3a0d39f4d6a77892850e46815e521e5e6bd8fd7efeba739f9cbde5f3

                                        SHA512

                                        a6c8be4a0b7bd4970a079e6cf4d0b7af671289f4f147e8ac2c14eab9769fd75324067240f874b8a3ef8a15197e564ce99190821a17a620ed4682e4ce0fee383c

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\AlternateServices.bin

                                        Filesize

                                        12KB

                                        MD5

                                        ffc24fdc3201258e54d1f99d05a8ad80

                                        SHA1

                                        c46b612854908a2b09dbdade8d08c2904e296d0a

                                        SHA256

                                        b4c8a92eb2c52bba723fbf5ec19c56a2cfaadb8d2e43e2267e48f730485794a0

                                        SHA512

                                        11b9e9d5b3b591c8bc2585ef889dacb6b2525bdf831b339112acd9a512e102c99ed0d33e06ffc60715e80cdb65dcef6fdde3fc9b74db28206044fe7c3adf6b8f

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp

                                        Filesize

                                        5KB

                                        MD5

                                        d9be3c7a22eb496390acb9d43bc8a4a5

                                        SHA1

                                        34801e0437f05fcf67c232fc71096952a4d09383

                                        SHA256

                                        60cee212763b678387ddc83f9788865ef465a1b9710bc650f17fad81f396d8bb

                                        SHA512

                                        ae6ab8200da7e9a48c386d9b81c9e25dfbc15d38f6d1a6d20803f654087db68b589525617f33c79a4456454f8850d76dc1436debbf970c63fb6d97d4aeb1f71f

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp

                                        Filesize

                                        7KB

                                        MD5

                                        47e8f87684a4a6db6a59efe92dcb37e7

                                        SHA1

                                        c1b681011081f529e66418ff5d60ea77508495b7

                                        SHA256

                                        c7f928c7032a0eda5967b7de8665d693eb8f734a6d6b8963e550e3c33f39d99b

                                        SHA512

                                        dfb88b22d377fa246e984e1ef16c845be832c9865cb2c69e8bc4ce595934f4fc152442cd30e9ccd07b56774633edbab1131ff516b990c5c3251f94b1b5075376

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\db\data.safe.tmp

                                        Filesize

                                        6KB

                                        MD5

                                        d90c2f98d5eae88992c75bc5c250a30a

                                        SHA1

                                        cd37be23d4beb1b76e41acdc936f7028ff269e3c

                                        SHA256

                                        ba36bcb36f9d116a33eb68bfc32e276658fd28556d2d833624a65ffc1185d656

                                        SHA512

                                        74cb201214299583019a61c1d57d8ba31180d5e26ae516d168d699ab19711bcc166857693391e956ba65755e5c79dd212ee54d7d15a8f2a95d9b5703fee25195

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\042030e9-f2b4-48d8-9ee9-61c277f78923

                                        Filesize

                                        25KB

                                        MD5

                                        9b44d43392fd5e74fec1f587fc01c073

                                        SHA1

                                        2845bfdf32a5ad3ad2edf329a2645bebb353cece

                                        SHA256

                                        f92f5c325e297bc45061a703ad8a978f681e929968ce072ebfeb45e70a10ca94

                                        SHA512

                                        5c75e0626d857277d0b7e8c3ddfa44301997a4290ce04b27a7f951a81978ac4c9c87a4ef247071c169f0b3c527dea289218e640fc317093e12d5af303091984e

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\0cf6285c-8436-4a60-9516-db9c2ab9f657

                                        Filesize

                                        13KB

                                        MD5

                                        d00ccb8af4a17883e4444a0c4bf2dd3b

                                        SHA1

                                        49e3aee118c71ef266465dc0b89ef525352d7415

                                        SHA256

                                        ab5908b4c79848b319d5026dfe457fee939211a583c79c7789627a2d2dea6aca

                                        SHA512

                                        804918cefe9004eff99a530d5b427fb00635e071163cc6ec2eac4fda0c82ef189e079d40d1f9c86d824da591cbf813650bc46b58cd6f51d52d24dd86c279970d

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\25bef0dc-e869-4e59-a8bc-3a391d513c3c

                                        Filesize

                                        982B

                                        MD5

                                        e4f480a8c08bfa69b1b291149c07117b

                                        SHA1

                                        2b31264ce8031010a4727f1925e081d0f47b8fbf

                                        SHA256

                                        04c09df8dc0a30c1cd6046b7afc62190bab2d01f95676ae1f8511c030e7b8fd0

                                        SHA512

                                        2d092bdcd3e48f61e9f56495ca1a22757773737ecd103cd97b686f95e0487dee14331e40b5b686b1d7f98df26f3609eb3698a6632f943f12c898d5ad2125e379

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\datareporting\glean\pending_pings\a669d258-d58d-4b89-bca8-e776de03cb3b

                                        Filesize

                                        671B

                                        MD5

                                        3429b281ee995fdb65568077318d27a5

                                        SHA1

                                        f8f77887810ff2057b1ddaf7acd65af87e4f75d1

                                        SHA256

                                        fdd1753fa7196e532d4ccb3540ae412ac147868850e35feef81053d505dd0c25

                                        SHA512

                                        7596383cd1dbd68ae90c7e7615b9084afa0379bb41af31bd30e56e65fa8f354250721a060bc639a14f940dc3816654897a0282d5a9d2e8cecb3982ef5c029e7d

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                        Filesize

                                        1.1MB

                                        MD5

                                        842039753bf41fa5e11b3a1383061a87

                                        SHA1

                                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                        SHA256

                                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                        SHA512

                                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                        Filesize

                                        116B

                                        MD5

                                        2a461e9eb87fd1955cea740a3444ee7a

                                        SHA1

                                        b10755914c713f5a4677494dbe8a686ed458c3c5

                                        SHA256

                                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                        SHA512

                                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                        Filesize

                                        372B

                                        MD5

                                        bf957ad58b55f64219ab3f793e374316

                                        SHA1

                                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                        SHA256

                                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                        SHA512

                                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                        Filesize

                                        17.8MB

                                        MD5

                                        daf7ef3acccab478aaa7d6dc1c60f865

                                        SHA1

                                        f8246162b97ce4a945feced27b6ea114366ff2ad

                                        SHA256

                                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                        SHA512

                                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs-1.js

                                        Filesize

                                        11KB

                                        MD5

                                        ce506d2d455dd6416244a235e95aa782

                                        SHA1

                                        3366879ff5fb4534280cf4927c0b76d3f0c826d2

                                        SHA256

                                        82ff13d440b89f7d9437178f47d84b4a53205880fbcccf35794e7eccb90258ad

                                        SHA512

                                        bbc194d29e36c1fcfd38e100335020265848e991be0a0ba4726d328cee9685a222ce4d9ea01240fee9ef2fa9a8885c0b5a529d6d22629f043d83de9d3a227d8c

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs.js

                                        Filesize

                                        10KB

                                        MD5

                                        572007d385caae3ca65a53d0ac80af90

                                        SHA1

                                        b3d22ec78774f29fa7bb60a521c41713c6315ed8

                                        SHA256

                                        b11c86c81da3d66066aefa73aa3818f7f6596109875b5abfae63f419ba4576c9

                                        SHA512

                                        e0da49121564c61fb2906491abd7e104e81a9d5ad74b1a6be785ee014e472873c0e577215b063e052aeb82df529f9ff94650a3d14a66064081942c76bb14485b

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\prefs.js

                                        Filesize

                                        10KB

                                        MD5

                                        20572247adeeb0ef6cf566cdc18440d2

                                        SHA1

                                        502b98633af4c5d539736eda485802595a1f3ae9

                                        SHA256

                                        2fa1e8bd3a89f3dcf38762ba0da2e6e535972e734d120a045ff323d65bd997fd

                                        SHA512

                                        6ac0d942bf05ae8ec8056b7f5b1e917e62a6512215bce3ddd471acb72e2c3eee653971d90ebd67d115a2f8c22917e86d6a79e88ee993f630add6ab3b487339d5

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4

                                        Filesize

                                        1KB

                                        MD5

                                        9250119e1240489c15ec21624e8aacf9

                                        SHA1

                                        3677dea1d240b6b3552a4803e24bf8537bc33da3

                                        SHA256

                                        61dc6bd80a84aa6ab25ab851d8b6e9f9f77380453259785161fe421f8eb22082

                                        SHA512

                                        98c8792c2ab3511f404611c70151f5bcf4a24f11c492a24e5764967b89468fea35d245ea61150d55e88e4ebb605d283ee25536d3bd3a8fc052e7e4fce293476a

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4

                                        Filesize

                                        5KB

                                        MD5

                                        0aa33ab8f3f45e463dd0d4afeefbd1a0

                                        SHA1

                                        870d2a7f47a2c152a4da19e8bcb0be6491cf20c5

                                        SHA256

                                        84e0b723643a5527b3a33ad83fcd736e53df79c2b6c50ea9c66b7f37a357e016

                                        SHA512

                                        d50e13952cda05865db55fba3830fa69ab0fd0709447db3de232f9dbfd7aec930229ec5fed395b553209b80af8eb95c17ced9ddc8b856dfb3c8be43d5d6209c0

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4

                                        Filesize

                                        3KB

                                        MD5

                                        23992b45711699c149080148527874ba

                                        SHA1

                                        461f94c1566b86ebca4c40e9747a4bdbb1e163e2

                                        SHA256

                                        8349b3ce1994ed44e16ad5cba1e4e485d7aa8b93f0212ecc6d256812012cbd5e

                                        SHA512

                                        9e37068f5407112e951c031c909b171f6ef0ae10d3e93624f76485319dc7cddfc27dc07ff39ef86d475ed745aa13c7d96e0fd2f7e2c242fa696468de850c9caa

                                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\igamsxea.default-release\sessionstore-backups\recovery.baklz4

                                        Filesize

                                        4KB

                                        MD5

                                        949e2997f366226d09df29553aa90ef9

                                        SHA1

                                        29f3447908106b6aa0f59e1777319b78ab879ffb

                                        SHA256

                                        8b0fd74aefc8ae1acb8da6b52adb01f0cd0be6d437a3958f53940b4193c4de35

                                        SHA512

                                        67d0a0ae730a58e8d85984863d0b95ea047c25dc167bd69247a27b64fdfb62ca5787e182da19b4cb178e7f001e68400d26181bf67c232f70889fa0db7d0b9eae

                                      • C:\Users\Admin\Desktop\cooked\BlackRock.exe

                                        Filesize

                                        933KB

                                        MD5

                                        fb74ea83b0013db659ecaf1ea222b7f4

                                        SHA1

                                        17330d6bdd9ab973d8a0a0293202a8343a2440d3

                                        SHA256

                                        c413dbc4dc71a512432bfe2d64b3aa0e8344000a0daa88d6020a76e01018d1a7

                                        SHA512

                                        e22c2f582babb9e76917903e1df60f76c0c8d30604ccc2c87e56e875aab2ae584e9afcee4575c449abd030e8613b17b4b8ce14fb15fcd3cdd4dd22f1ff3bb238

                                      • C:\Users\Admin\Desktop\cooked\Newtonsoft.Json.dll

                                        Filesize

                                        695KB

                                        MD5

                                        195ffb7167db3219b217c4fd439eedd6

                                        SHA1

                                        1e76e6099570ede620b76ed47cf8d03a936d49f8

                                        SHA256

                                        e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

                                        SHA512

                                        56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

                                      • C:\Users\Admin\Desktop\cooked\ScintillaNET.dll

                                        Filesize

                                        1.3MB

                                        MD5

                                        46c84ded17d245234617918c27afd4f7

                                        SHA1

                                        3619b22c33e6146c3d3c4f1e76ff61cdf35e5bb4

                                        SHA256

                                        4779af90d40a141a6fa9ac8e75611fccc5e240f20f34d560df7a8bdc05ca27bd

                                        SHA512

                                        04948e1e3e99d769054f318a7637740012c75c0b2b0dd1618e94acea308c871a7fc2902ca3fe4b83902a1a86e986e2849f7341c37f8ae1cd99c6529b49328a25

                                      • memory/3680-20-0x000002AAD6640000-0x000002AAD6794000-memory.dmp

                                        Filesize

                                        1.3MB

                                      • memory/3680-22-0x000002AAD67A0000-0x000002AAD6852000-memory.dmp

                                        Filesize

                                        712KB

                                      • memory/3680-23-0x000002AAD65E0000-0x000002AAD661C000-memory.dmp

                                        Filesize

                                        240KB

                                      • memory/3680-24-0x00007FFFF2933000-0x00007FFFF2935000-memory.dmp

                                        Filesize

                                        8KB

                                      • memory/3680-18-0x000002AAD6460000-0x000002AAD64D6000-memory.dmp

                                        Filesize

                                        472KB

                                      • memory/3680-17-0x00007FFFF2930000-0x00007FFFF33F2000-memory.dmp

                                        Filesize

                                        10.8MB

                                      • memory/3680-16-0x000002AABC240000-0x000002AABC241000-memory.dmp

                                        Filesize

                                        4KB

                                      • memory/3680-25-0x00007FFFF2930000-0x00007FFFF33F2000-memory.dmp

                                        Filesize

                                        10.8MB

                                      • memory/3680-15-0x000002AABBD00000-0x000002AABBEAC000-memory.dmp

                                        Filesize

                                        1.7MB

                                      • memory/3680-14-0x00007FFFF2933000-0x00007FFFF2935000-memory.dmp

                                        Filesize

                                        8KB