e3c7c6bad4e82bb87c16e2961854829855c533bae311f429a417f226c9e65cd2

Resubmissions

22/09/2023, 19:23

230922-x3rrcshh5w 6

22/09/2023, 19:18

230922-xz48aabh64 9

Analysis

max time kernel
962s
max time network
1036s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Programador intelijente.para nada un bat.cmd
Size

514B
MD5

d335bfb5ea66ae9cd22040b0b0b93817
SHA1

2d9ecf0af2392dcdd142584c1cfed0a47c4451ce
SHA256

e3c7c6bad4e82bb87c16e2961854829855c533bae311f429a417f226c9e65cd2
SHA512

6a8ff7b5f96584ab63ccff244cdb16db0ad5b3e23318d4210298c726b3d5eddad279ded2938ba5ee6e7153e9c3336afd762fc25dd14a15eb97ef880be2ee77cc

Score

6^/10

Malware Config

Signatures

Modifies boot configuration data using bcdedit 7 IoCs

pid	Process
3156	bcdedit.exe
976	bcdedit.exe
3892	bcdedit.exe
4388	bcdedit.exe
4168	bcdedit.exe
3152	bcdedit.exe
976	bcdedit.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Boot\Fonts\segoen_slboot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\fr-CA\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\ja-JP\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\memtest.efi	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\ru-RU\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\zh-TW\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\kd_0C_8086.dll	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\fi-FI\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\nl-NL\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\ru-RU\memtest.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\ko-KR\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\winsipolicy.p7b	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\zh-CN\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\nl-NL\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\ro-RO\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\fr-FR\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\lv-LV\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\uk-UA\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Fonts\msyhn_boot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\bootnxt	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\cs-CZ\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\kd_02_1137.dll	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\sk-SK\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\en-GB\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\pt-BR\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\tr-TR\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\el-GR\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\memtest.exe	cmd.exe
File opened for modification	C:\Windows\Boot\Fonts\segmono_boot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\bootuwf.dll	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\cs-CZ\memtest.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\en-US\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\en-US\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\ko-KR\memtest.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Resources\fr-FR\bootres.dll.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\hu-HU\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Fonts\cht_boot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\pt-BR\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\BootDebuggerFiles.ini	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\pl-PL\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\it-IT\memtest.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Fonts\chs_boot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\sr-Latn-RS\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\et-EE\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\da-DK\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\et-EE\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Fonts\malgunn_boot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\DVD\PCAT\fr-FR\bootfix.bin	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\sk-SK\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Fonts\malgun_boot.ttf	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\ko-KR\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\nb-NO\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Resources\es-ES\bootres.dll.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\zh-TW\memtest.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\el-GR\memtest.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\kd_07_1415.dll	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\sv-SE\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\zh-TW\bootmgr.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\DVD\PCAT\etfsboot.com	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\pt-BR\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Resources\ja-JP\bootres.dll.mui	cmd.exe
File opened for modification	C:\Windows\Boot\EFI\zh-CN\bootmgfw.efi.mui	cmd.exe
File opened for modification	C:\Windows\Boot\PCAT\lt-LT\bootmgr.exe.mui	cmd.exe
File opened for modification	C:\Windows\Boot\Resources\it-IT\bootres.dll.mui	cmd.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3664	msedge.exe
3664	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5040	svchost.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeBackupPrivilege	2168	vssvc.exe
Token: SeRestorePrivilege	2168	vssvc.exe
Token: SeAuditPrivilege	2168	vssvc.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe
Token: SeDebugPrivilege	3976	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe
3976	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3976	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 3156	1092	cmd.exe	119
PID 1092 wrote to memory of 3156	1092	cmd.exe	119
PID 1092 wrote to memory of 976	1092	cmd.exe	120
PID 1092 wrote to memory of 976	1092	cmd.exe	120
PID 1092 wrote to memory of 3892	1092	cmd.exe	121
PID 1092 wrote to memory of 3892	1092	cmd.exe	121
PID 1092 wrote to memory of 4388	1092	cmd.exe	122
PID 1092 wrote to memory of 4388	1092	cmd.exe	122
PID 2188 wrote to memory of 2252	2188	msedge.exe	138
PID 2188 wrote to memory of 2252	2188	msedge.exe	138
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 4972	2188	msedge.exe	140
PID 2188 wrote to memory of 3664	2188	msedge.exe	139
PID 2188 wrote to memory of 3664	2188	msedge.exe	139
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141
PID 2188 wrote to memory of 3892	2188	msedge.exe	141

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Programador intelijente.para nada un bat.cmd"
1⤵
PID:908

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3428

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:2084

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5068

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Drops file in Windows directory
PID:1888

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete [bootmgr]
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3156
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete [bootmgr]
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:976
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete [bootmgr]
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3892
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete [bootmgr]
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:4388
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete {bootmgr}
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:4168
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete {bootmgr} w/f
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3152
- C:\Windows\system32\bcdedit.exe
  bcdedit /delete {bootmgr} /f
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:976

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2776

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
1⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault1c7e5f6ahee34h4c96hafe2h283a3da285bf
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffbf7746f8,0x7fffbf774708,0x7fffbf774718
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10100771696051537158,15866758813012070430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10100771696051537158,15866758813012070430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10100771696051537158,15866758813012070430,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta53af46ch5cdfh4a8ahbab9ha3bf5950682b
1⤵
PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffbf7746f8,0x7fffbf774708,0x7fffbf774718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15997741433262173757,10020481490382689551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15997741433262173757,10020481490382689551,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15997741433262173757,10020481490382689551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:3104

C:\Windows\System32\FodHelper.exe
C:\Windows\System32\FodHelper.exe -Embedding
1⤵
PID:780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5020
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.0.680671022\686076033" -parentBuildID 20221007134813 -prefsHandle 1824 -prefMapHandle 1752 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97350d9c-4225-44bf-be5b-4587a64f3928} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 1936 1df047ef458 gpu
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.1.1471365328\1283449442" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cce40f0-cc3c-4059-8644-3fe2a5495a73} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 2380 1df7fbf0b58 socket
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.2.1036275241\1937446097" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3364 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {980623f3-c013-4ba6-8ec9-4bdef4d2be06} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 3108 1df086eb158 tab
    3⤵
    PID:5248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.3.783200048\1568159947" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d95d26d-26f1-4324-a7dd-30bd49aa4de2} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 3644 1df086eae58 tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.4.968578930\1009849226" -childID 3 -isForBrowser -prefsHandle 4244 -prefMapHandle 4536 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca5a0b4-82ad-4157-b853-d4ecd9870d27} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 4488 1df0a363258 tab
    3⤵
    PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.7.1055766893\162454395" -childID 6 -isForBrowser -prefsHandle 5540 -prefMapHandle 5468 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c78cca0-b936-43fc-885a-16b42faa60e8} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5456 1df0bc5c258 tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.6.1884540714\775046427" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d39439d-2ae9-40ab-9e03-fee28a9596b6} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5264 1df0bc5fb58 tab
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.5.1227800001\1545310349" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5048 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f51799-600a-46c0-92aa-c084b422f348} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5136 1df0b6b6858 tab
    3⤵
    PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.8.13662324\1008911537" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5788 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f331b3-efbb-49c9-95d4-37a71ec80e8c} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5116 1df0c156158 tab
    3⤵
    PID:6084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.10.326968195\1198598604" -childID 9 -isForBrowser -prefsHandle 6012 -prefMapHandle 4616 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {159e88a5-eb0a-4fca-8a88-81a7a1133c6c} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5688 1df0afd4858 tab
    3⤵
    PID:6020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.9.573771823\1450745676" -childID 8 -isForBrowser -prefsHandle 5204 -prefMapHandle 5200 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c56a7596-7189-4ff6-805e-1282e606f05f} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 5176 1df0a539158 tab
    3⤵
    PID:6004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.12.518721249\581534810" -childID 11 -isForBrowser -prefsHandle 10084 -prefMapHandle 10080 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c84eb4d-828a-4749-a19c-be49632b4200} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 10092 1df07560e58 tab
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3976.11.1139325493\229589888" -childID 10 -isForBrowser -prefsHandle 7560 -prefMapHandle 7564 -prefsLen 27096 -prefMapSize 232675 -jsInitHandle 1152 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {94c7711d-a9f6-4a0d-88f0-96299031be39} 3976 "\\.\pipe\gecko-crash-server-pipe.3976" 6988 1df07006d58 tab
    3⤵
    PID:5636

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
7a4414875f1ef6aef962a12bb59d09e7

SHA1
075d02e064a0d2b678ec0b47bb7e925606e9b5a9

SHA256
f62b70f9ac5f6261613e45b18d8d06d1d3921691c0c25a120894c372ab9498f5

SHA512
cd4a27e0c8c1589dc0a8d4746c83ffe08b8187e7b1693bd3dee01ab1fba634838cc4c8317d64ea20264709de57b0d9b782dcbee28895ef603cc3acfba045b96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc4f61e6ee3b75f92160c7698142138f

SHA1
d632621eed6ced3d72e7938b6ee89d8a42a4870d

SHA256
91cbb210691bc1a480b0252cc809884b3f328e042a36c6c996f080830b92d7d1

SHA512
4030e112739db831a93fd6c0a90af84a0bdaff1486efefc14bad4701466c2197b7af271930ef963f418990732b2e6edb7b08ad016c301ca5b66d10ccce229439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cc4f61e6ee3b75f92160c7698142138f

SHA1
d632621eed6ced3d72e7938b6ee89d8a42a4870d

SHA256
91cbb210691bc1a480b0252cc809884b3f328e042a36c6c996f080830b92d7d1

SHA512
4030e112739db831a93fd6c0a90af84a0bdaff1486efefc14bad4701466c2197b7af271930ef963f418990732b2e6edb7b08ad016c301ca5b66d10ccce229439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
fe22edacfc491a68151a72d8ef458d92

SHA1
9d5756688ce2805731327c91073e5c45636846f9

SHA256
1450140bad4efc64822ca2f47d830014aee7cc4c999fcb8339b9275c0be81ce6

SHA512
69ddccc098c16fdfce9147543a203c282d61b5d30470dc752a1cedc138515cd9e0d4c3dedd5e61026adc1bfe00d580bc9cf6461c3c78f9b8447458ac76c1722f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
688851c089ea955f40637ef09ca7d3fa

SHA1
802865f26ee959a938154a85d8feadbfcce3e665

SHA256
61c62ecd52b009188944b573e73fdfa7b2fa8752172e37283d1e55ad3f612b59

SHA512
782b959b3284ab2b9c0940fc11252ec68cb2d744760b0990f7eaf5f9fd907f06d2652b4eec3af9ea819dd7423d52acd7cc89080c26433eee3c108e89d036c3d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
b407c9b14424b1b460816a8313f93fc0

SHA1
8e9f37d8459a12fdb3197a757b9c00ab043972ce

SHA256
6d6f9812527b9c4868dcd1fda6d1a9eb43cc82610ce81d42979b6ca2731e4fc8

SHA512
ab7a96c8723609723b94b27b00bae9f3f9e45359a4d8538c87a68776ae0c89646a6ab4bff93e045c3b520fd41a4be1e0dfb1bd025f23e038efa94d7cdbea8f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
b407c9b14424b1b460816a8313f93fc0

SHA1
8e9f37d8459a12fdb3197a757b9c00ab043972ce

SHA256
6d6f9812527b9c4868dcd1fda6d1a9eb43cc82610ce81d42979b6ca2731e4fc8

SHA512
ab7a96c8723609723b94b27b00bae9f3f9e45359a4d8538c87a68776ae0c89646a6ab4bff93e045c3b520fd41a4be1e0dfb1bd025f23e038efa94d7cdbea8f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
7e3c69fc3eae94cd7295cbe1cc25f641

SHA1
44b3170fe50297ff43b0e41c12baf55906b2b522

SHA256
f96ea1227d8dd6a02044cab13f5b310ebc52072663ec9498200cd9f11c07182a

SHA512
459ef9c144a568cfe3093c7a4a36ad3d988276dc6765c3782b41d68392c36430d0847edcfc76545d22f9d0964c70f22f0778b89cb6cca73749e9e2c6e5602db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
15d4d4a5c2d9cd8249427c9d4e890366

SHA1
26ae57d69b53bb1dd5d84698b744696d368cf651

SHA256
a02b9748d820725cc22f3970222d65e59b4e250b6ebad35b9f3dbee5a3f05fba

SHA512
d14b2e2a829fb748f278b047d1b361c80ea4f3338b3cc3f48172fe69e28c4324a5b37470a2e402957335f7b29b09856a7f9be18a271fee5fb5b4bd0c31889b0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\doomed\18541

Filesize
9KB

MD5
ee0904a839c29f970b3c0857c62d9fe3

SHA1
bb4d0eb15c34e90267564d92cffff1fbb51539a2

SHA256
d391e68539245bf338f071a58201fb47544d28662e2c5612b8f450d491ae7a2d

SHA512
373d82a844a82c11c84672e7335c06f34c26feb28a83c16e0da4415afe42e987d26209ac585518414b6973504e54be383e69cdd4d8ce4cb43868c8ac4cddce77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\13E324A275102A0B13F9B2429A248EDE447DE2D8

Filesize
2.0MB

MD5
df6d0800500cf21dd66e1c4fcea67b39

SHA1
ab947c67114a3bb59582eae916967b10b0305648

SHA256
47c333327ed40490b9a8b5fed4616f28dfb92c0116414b2b18a60b0e6f95047d

SHA512
026d4288944d7d1c3e61b949cfc67b850577e0074eb7c428cba883307b72833e96e550e8636f0a366e5fbd3185099e674e8be447a96fb61eaccb5e6bd140315f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\18EEE865F05AFA199C632B576DC072E53C1AF3C6

Filesize
915KB

MD5
0b681d9f2de194bb8fb9884f34397f4d

SHA1
55ddcdcdd7fe7cd1a5593e6bff75962be04e290d

SHA256
3cb1d6b68cf7b8b1b6edc5e0b0304eb47025376c2df8e1894643a4cb30a64ef0

SHA512
c07ff0e4d74c6341674997ee1271161676df609d9884bcae7169eb34e22943ccf3ed611834199399e6eba9085739ab7bee475d4560b1a4603d098314a6b74018

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\32C0A2F9612404F6586B4E5E4D5B77392A90E25F

Filesize
113KB

MD5
f321d30d54688d18b8f1ae162e6d3560

SHA1
7038ae1d918157ba48e011c6c1b26405b19b2a35

SHA256
a46c875be0b92c7543c59c6d652ffda396d7e65032884d70eb82e89546a634a6

SHA512
ac455c620219a57f7d945b755cd0192289c3a14d177eed50442dc68219fee18e2bb97d56a3ef99252a5f24c3e8622eabdf2720149466d925c84850f07f67f3b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\3A9D1B9A06D8D04FD597243183F655841E353099

Filesize
55KB

MD5
bb0b9cbd286cf4a073c2cc40b9339f74

SHA1
c4e99306f2ab06aa1b9aebce71212398753b3845

SHA256
005a079339d90b45d366f95fd16c5784283f529ffb7cd227beefe21d5ad001a0

SHA512
24d1a3fef4c663b0b54f5d16125a25ed94745ccc9f67781c82343d6f99a943e9f85ce2be1ff152eadd3a1c065e1f9bebf9d96aa2695ddbe5c2e97b175158bfce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\3CFE3E88ADDC2008D715028484484A8958BC5A50

Filesize
121KB

MD5
5b7eac7aecd62c481710c3540718e948

SHA1
a95e9caeffa8847fbf395426ad1a3fd041b40559

SHA256
8ba4eab9adb041644c002dad7b0c0a5c492703cedb0730995d81049eb51813bb

SHA512
ebdfa844c16f77436a952c6e0cee9650e179bc05428e9e72a2db90129851c2d63b676530a425ef3ccc037236e0486c83926c3b8fbff0cc4cbfeab234e49df71f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\4B6F78966BF5BF42410BB571716B6E46886D1FA8

Filesize
2.5MB

MD5
19fd228e742f9529c82866cb541cca3c

SHA1
4dadd4db2f35943fb17e8d185d1d21f809671868

SHA256
c497bcc7b71057eb99f97ed471d58671895a35a3bad3c22e27af08a137faf7e3

SHA512
7101ebf6e96b258cafa858f6dedc129798c71163a3b8d0d9969fe37e5a80aa91ddc3fc0627ed757f211002f41723696de257a467010fe9a8b8728b42ceb28791

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

Filesize
13KB

MD5
9b1c6f3230120a02437697c13aadabb7

SHA1
f75a3da047c839909c3a4d0d57ae3539ff2faef4

SHA256
f6c59ab6704ac8e3c535f9f9c1cbbf9ed54aebd1aded8ea80122e4f5781e9b74

SHA512
39c7f1eff9cd49e2c92abc63f42932be80d491927edc5f03c59415e676ce895213f4e337b79d0a3ff48cdda238591af9d6f7e861e504c67fc83427e2b425323c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\63F0277CA02439C7732B5A0C46D8A057B1F70F65

Filesize
1003KB

MD5
9c450416b48a955c8442da6f8117e16e

SHA1
cbdf00f0bdadbb7b472dce3b8c3cb2f92ecb7133

SHA256
20827b11180a2989849be9b0e29e059fb0a1e3da4be1dbf528c38acc79f8827e

SHA512
9054d2122d2783dc8dbf8c67bdd97ecabede4a1a7b238525f379c37447523227ed769863c4e00bda64f18400a028020c50b06715bcbf2f988caacf225dbb9d44

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\7D32DC9B716F840478815AE141F631287969E616

Filesize
567KB

MD5
7be99206edbaab6f3bbd67354a120646

SHA1
11bec52011b117b881f3645e379fb57a48b5d5c4

SHA256
5601c069874859daabad5c2cac9851ef00465392e712b66a13d9236e21dda11e

SHA512
1bdb6084edc8cb8c29ef6c473cc2ddb38637d296b4fa517beab5e951911e1c21ce156b926c7d7cc50b16a5ad2a059bb3ee701c7d1264e9c846a7f288e61c2dc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\8A9C29D5D3441D4845A92FBEFE6B13FA2A8835A1

Filesize
125KB

MD5
77147eb682361d33fd381b467a5335bc

SHA1
807b4f75733cd723c680c77d13491d650083a642

SHA256
5cc7178140dac92dbeee17528e23c36b34e790f4cd70d3759b8abd5a1d9319f0

SHA512
8e04672dce1f3499eaadf5c55e6200669eeb3ac70c04e8cffa0f63d1f383f43f209517ecfcdda946e5735e3751e1813a01aeabbc0d90d4665746e628a7e1c84e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\AFD8E3C1981C2D25D855796BAEB037BDC2567B4F

Filesize
56KB

MD5
0865a0220dde245b2ff4cdcfe0a9cef6

SHA1
7aa872a51cd29829c05005bb3c8d84d47b5b0f83

SHA256
68c6bbb612e1606e1fd4886a506d377339eecf06420f7d002e4d984053becabe

SHA512
0346eafbc0af71d3f17f5f0f1414ff45c0f02474f7a187e3abaf5e68329b9de68283dd72ce84c56b94525e7b554b8d48b7c6cc95683a20d5ddfc4d3dd5598849

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\C24FC508BC20180861645BD3649F1168E28B1728

Filesize
61KB

MD5
b8d5f08ca84ec9e0c0c18bb76f1eb6c4

SHA1
97b923c531df1e5698bd2129949125889c63dd29

SHA256
184be2f990f246a4844d5049c2adaea333848172ad4ea2c6fdbb9ec0f930de5a

SHA512
45caef641903c077445dff5013b4e5ec94235ece2b07cba667529ee267387dfd07ed4a48ba9827403289cdb176689da0a45a4043d040a2533a8a765c7b222c69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\CCDB7DD5299EA832A36944D3F2E636F8BAFC611D

Filesize
101KB

MD5
1d6e095fac6da52ee905c70a5f7a5120

SHA1
bbfd7c50953f5ae37a885965965772d0a7f26879

SHA256
f63edd01201ca9e6c2f06370aa9eebe4e2add77394147c23eb557ca388488bcf

SHA512
eb74cbc24bf5baa6c4078797633b90d1d5fc0af9037d1c5c4065711515edad08c5619eb87ed8d5c9050af8cf4a7ea9c315dd754f4692d2d5dc995634b912dd7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\F0315FBE0DA1A4F7484CAA1818AB5E2AA34E0269

Filesize
1.2MB

MD5
341630db019b21c318d5af448f61dd3f

SHA1
a066edcce5280b46f4946952a18857fea466014b

SHA256
471cd82c8ee3174e7bd7b94185be0056a0d4479a958e2a8d3055203a0a1ef2f6

SHA512
6f4c13d01de26271015a9d93239ddb3f9823a459cfabc4a0e759461956b720747cdce25c1983b607d05c7947b0534f2dc98cfebfe897e613e7c11ffe6d5c0ef6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\cache2\entries\FCB522D51D3BC36B26A8B6D5450F06D08EB3F2E3

Filesize
4.5MB

MD5
f5b89aea7a7e7a7bb2d833db598fb7b4

SHA1
df8e72d0e254707b95b7027278a3b478eb9698b6

SHA256
cb34ae8798642058ccfc8a359ce38461b937b12c29857d4c632e8547c41f5e4e

SHA512
721c0272403b389afa9f7218c47e1ff3de5e0c5d379ca838e2ce624d7b60078dc708b49640aab7729f221561436a7e3c959fe6657f0037dc02dcf6e255bac4b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\jumpListCache\u6Om9q2PYzpA6Csw0+hyiA==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.5MB

MD5
438c3af1332297479ee9ed271bb7bf39

SHA1
b3571e5e31d02b02e7d68806a254a4d290339af3

SHA256
b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194

SHA512
984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
ad3e7912368186eef711d12b4e2aafd4

SHA1
da0f8525d18cad74811ab1e225b3e8d9824eaa7a

SHA256
6f2b07cda70a90211637f708991ae49ef140ce8f0bcce114aa3a798657a14da8

SHA512
6021df65c78ebc27c0db826439859084f33fb530e3d05820f130390505ef978e8301d9e2660486538612d3984e6ea1ff82b86688fb234f31da14fbe258ee5b8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\addonStartup.json.lz4

Filesize
6KB

MD5
61c034979891d53484715ca4c6abe7bf

SHA1
2a6730228fb116f5884d40b05cb727e95a1c587c

SHA256
cc0ec31daf64b787622dfc157007c7ac327f066ef39da24c9020dd7fdaeee6fd

SHA512
bcb1fcff6d32538b6a063e16a0bfaf8b2d0b7f174f62d8a2b4932480da0473c898d9a1ec93350783dfdf1c9d9d0a7346713f516057bc3ba0611afcad3d8fd3a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\bookmarkbackups\bookmarks-2023-09-21_11_AYPxoE9JmChqQNv6OZ+xlw==.jsonlz4

Filesize
940B

MD5
9b817aa2fe5a742a4bb92d360e24c157

SHA1
774ac5213f19d1714d35127ca3c20204d7171b6d

SHA256
7e0940684a1ef6fc726dbf72695a77c0e44a44d39d3b448fe0e1f3ec1c428977

SHA512
804517ef68b9754da72b689ab8de9add6a50885bfb565c85fb35beb520eed88f75ea5994ef7d1df5c66b3c808a3a5a02a374c8f463b7c3ccc6aeb3a9fdcb95db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

Filesize
372B

MD5
6981f969f95b2a983547050ab1cb2a20

SHA1
e81c6606465b5aefcbef6637e205e9af51312ef5

SHA256
13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665

SHA512
9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

Filesize
10.2MB

MD5
54dc5ae0659fabc263d83487ae1c03e4

SHA1
c572526830da6a5a6478f54bc6edb178a4d641f4

SHA256
43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e

SHA512
8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

Filesize
1KB

MD5
dea1586a0ebca332d265dc5eda3c1c19

SHA1
29e8a8962a3e934fd6a804f9f386173f1b2f9be4

SHA256
98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60

SHA512
0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
9KB

MD5
a3eb7a3746a4077af4f63fe0cfc175e2

SHA1
4742213b440a82bf2574da1fbdf47a6b32909150

SHA256
a377567dbda0fa7f48ea1ac7c7c080210861ea0efb3cdcfebd591891f1c1a62c

SHA512
ef905a61a980341a3afe7497ada8ecc0a9acc89779447dc18dccd8f0d23471e8beda44c338cc73dd44b03dad355579b5e14e9030b64c173aca64d0364174ef96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
8KB

MD5
3e5466960e1e7e67fcebf1aa4c4a70fb

SHA1
41af9f5cfe34756b0dc97e704745ab32635e10fd

SHA256
10a4671a3ab4eb89795b73876f0c6d15ecadf9bb0f089c9080b2bb6523ad5b40

SHA512
ea29a697b60fa818d8aa104f496375c46f78227ad4ec5d959f4c2ff95cfd589abe5e636fb7cd9255a3b1f7e11704897fa58d9a8e23393a1ebcf3bc1ab5f77229

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
7KB

MD5
234d4c0c5a9d8aa7af918f1742e753b7

SHA1
986d3eb9cfbf5f3fd5351de6ad086b21a20b5c78

SHA256
2a9509e2627e1a5b1044c4425fe6449ff4d653279dbc3b8983e1722f42e98091

SHA512
289a71e198a83ade71929acf7ade7f15014b01c01ff81befb6f4bfdd3061d7d50ac9405c6f341ccbc8dc3017700316ee8ffaab11191b23f0362fdd298ce432d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
6KB

MD5
aa2c62cef1759b36521637459199766c

SHA1
c8c45178e6b15fafb99ed3ee6b38e4b96dbfa371

SHA256
cb44880b44fb7116834096c4144654a284acf0c952a86e3cc54388be70a900cb

SHA512
fc141702a626d05cacbab4e8aa2c3dd67ed36a108517a117280365ba11d5161057254c057b5151bf43a54f2ae930499ecc264cec6e175d209bb410647d80e1ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs.js

Filesize
6KB

MD5
b432d5c43b08ef8f003a7afed8d4fe2d

SHA1
4b3c43f303e10321057f18c8122aac0f30c6f427

SHA256
30872de6e8ca4d5f91244d475109164e724d50f92f4a6c90c0e22139abdb6467

SHA512
047de6d8a45d916bc0bd69bdbbb050138d5c83523481dd5212e0dc4f5d01b16dbb45d011146240f59f7e13de94627587564a1c19c9480dbbf89cbf7b048e3323

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs.js

Filesize
6KB

MD5
ca81827a6a9011e1ae2dedee5629e4de

SHA1
d03c720ae4efd25b18b207bcc72b12029eb22347

SHA256
de1518af43a61d30af2e8ded7d854024acfb9c1f7f25c9d864884368fa1f32ef

SHA512
6ebf625494ec02358f130e40ac370a2ab26c1f89becc6770c381705eb88a865f1f6af14336a0bebd5a063b98465d67b0b662c963817e56facdfa4b8079c2fbbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
0a00d0515cb762769d8e4454e800502d

SHA1
9549a72e354c7a6f86086f0b5ec9ad2885ec8c17

SHA256
84935179bc7143b18b7d1e23838f861396a2d888f61d9d49029ab58d102ec70e

SHA512
ea8003a8891e4430563fe40022e2668b3230893b64750068a21ce4bc7337beebf49f11f024609b276a58fdfc096b09cead30bc5303e6aff2f292cfe9d8e386dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
d5b6e871b56dcb015f369edbff094b82

SHA1
ea1abaeb1e11c3bafddfa8603f6887fc4a17a6d2

SHA256
2081fa1adbc4cb871319b53a8be71523e45ec6c10442705ff33e024051b59b62

SHA512
38033aa87265c52d2c08ce17b2e79e2fa4c5e069396ad9998e3b7ecb7927e764288cdf4e86d4936cd89c2359cd2cebf6900e4730a26d3efb6ef0fd0dc8f06dce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a5ac5e73a10c79551d0288ff20833e9f

SHA1
1ab401f310847182f3ead05f74518bead6128216

SHA256
b31935c84227a1644b8e0838060f17ff7f10d91281ade3778c01fa3bcb028306

SHA512
2303a21817095f6563476d91458a99522d7cb7b864a213cb111ca130f81f750a817f238508044cb2c2c436acec9f740f0a20009540d1ee6b4e3cfe5bd065b11d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
336779d510629ed3fdccf84ca77ae0c2

SHA1
3dfbd32f6f7370b0cce46f2eb8f41791e8a833cb

SHA256
374f897401623ac74b388db7a9efb74220a3731c83c6a14ac32efbff2a15bed0

SHA512
dbae6bd934d05103b5713a21bbf2138e03a805ea42f5169ee6f82a112b5be65272752017e9b06cb3cc9935f49b57f737fad51c56459f73e2c11936a2c52c3629

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
bae151abd5d0c688b23fba7f4fb60080

SHA1
bd51f61219098528653f776af42cac94be609baa

SHA256
6907cdf8193181840b633f763b244e5f528fb3c1cf10f8bf055cd4fd5b4ae77a

SHA512
468f97b7530670b9678b436fca59fc950e3d454c93d55aed695ad0c5be372eaa9c37f96211e79d316befd3c303a32ed8aaf4d4094d8924c30137a153787a3faf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\targeting.snapshot.json

Filesize
4KB

MD5
dfe194440b6cdfcba1f8dd7517bbae18

SHA1
e69c8164425b40f18ca8be63be78f9eb701e1661

SHA256
ca1e53484328fb41a1e695ece2798047d1685c2f00324cff4f4668a300fef0a7

SHA512
2c6495ec19276c6adae3c8cd587470a78ea7419663bde696495fee37abf61467a7c0f9ded03168c390d3775ae16bebe94feabe25aef11bb25974d0f338bbfcb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
memory/5040-44-0x0000027698800000-0x0000027698801000-memory.dmp

Filesize
4KB

Download
memory/5040-39-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-64-0x0000027698940000-0x0000027698941000-memory.dmp

Filesize
4KB

Download
memory/5040-52-0x0000027698740000-0x0000027698741000-memory.dmp

Filesize
4KB

Download
memory/5040-49-0x0000027698800000-0x0000027698801000-memory.dmp

Filesize
4KB

Download
memory/5040-46-0x0000027698810000-0x0000027698811000-memory.dmp

Filesize
4KB

Download
memory/5040-0-0x0000027690540000-0x0000027690550000-memory.dmp

Filesize
64KB

Download
memory/5040-43-0x0000027698810000-0x0000027698811000-memory.dmp

Filesize
4KB

Download
memory/5040-42-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-41-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-40-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-66-0x0000027698950000-0x0000027698951000-memory.dmp

Filesize
4KB

Download
memory/5040-38-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-37-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-36-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-35-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-34-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-67-0x0000027698950000-0x0000027698951000-memory.dmp

Filesize
4KB

Download
memory/5040-68-0x0000027698A60000-0x0000027698A61000-memory.dmp

Filesize
4KB

Download
memory/5040-33-0x0000027698BF0000-0x0000027698BF1000-memory.dmp

Filesize
4KB

Download
memory/5040-32-0x0000027698BC0000-0x0000027698BC1000-memory.dmp

Filesize
4KB

Download
memory/5040-16-0x0000027690640000-0x0000027690650000-memory.dmp

Filesize
64KB

Download