9e9019d19e6612ef1f0c2bbe6f1182e376714b3622bbf2504e388bd3205fef5d

Resubmissions

26/04/2024, 09:06

240426-k2565sdc3w 6

26/04/2024, 08:59

240426-kxtbsadb3y 4

Analysis

max time kernel
730s
max time network
1033s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 08:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8.html
Size

535B
MD5

0cc85520908b3f2c05b684bde110e5f1
SHA1

06e74704ecff0e1afc9d8c2f7122db8a26f84508
SHA256

9e9019d19e6612ef1f0c2bbe6f1182e376714b3622bbf2504e388bd3205fef5d
SHA512

45e708c4d95aa7f22221aafded80518e2c5164060f6ca0039a185f47b1b0338defa75b9f9b72c81dfe43dc1f7c46839c624e98c801b7217cf1c4a17b35eec833

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE
File opened for modification	C:\Windows\twunk_16.exe	rundll32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Office loads VBA resources, possible macro or embedded object present

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	Groove.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	Groove.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt	Groove.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	Groove.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	Groove.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	Groove.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	Groove.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	Groove.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	Groove.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	WINWORD.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	rundll32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1\NodeSlot = "9"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2 = 52003100000000004f58b039100057696e646f7773003c0008000400efbeee3a851a4f58b0392a0000008a020000000001000000000000000000000000000000570069006e0064006f0077007300000016000000	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Word\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2	rundll32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ThreadingModel = "Apartment"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	rundll32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	WINWORD.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\DefaultIcon	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\2\MRUListEx = ffffffff	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\ = "&Print"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic	WINWORD.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "10"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ = "&Open"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\ = "&Open"	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	WINWORD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 020000000100000000000000ffffffff	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\EXCEL.EXE\" /dde"	WINWORD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	rundll32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit	WINWORD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell	WINWORD.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	WINWORD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\command	WINWORD.EXE

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2216	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
964	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
3652	Groove.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4080	rundll32.exe
2032	rundll32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	firefox.exe
Token: SeDebugPrivilege	2336	firefox.exe
Token: SeDebugPrivilege	3156	firefox.exe
Token: SeDebugPrivilege	3156	firefox.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe
Token: SeShutdownPrivilege	2192	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
3156	firefox.exe
3156	firefox.exe
3156	firefox.exe
3156	firefox.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
3156	firefox.exe
3156	firefox.exe
3156	firefox.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
2336	firefox.exe
964	WINWORD.EXE
964	WINWORD.EXE
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
4080	rundll32.exe
3120	WORDPAD.EXE
3120	WORDPAD.EXE
3120	WORDPAD.EXE
3120	WORDPAD.EXE
3120	WORDPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 1512 wrote to memory of 2336	1512	firefox.exe	28
PID 2336 wrote to memory of 2644	2336	firefox.exe	29
PID 2336 wrote to memory of 2644	2336	firefox.exe	29
PID 2336 wrote to memory of 2644	2336	firefox.exe	29
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 1960	2336	firefox.exe	30
PID 2336 wrote to memory of 2484	2336	firefox.exe	31
PID 2336 wrote to memory of 2484	2336	firefox.exe	31
PID 2336 wrote to memory of 2484	2336	firefox.exe	31
PID 2336 wrote to memory of 2484	2336	firefox.exe	31
PID 2336 wrote to memory of 2484	2336	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\8.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:1512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\8.html
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.0.2133281752\9875654" -parentBuildID 20221007134813 -prefsHandle 1284 -prefMapHandle 1276 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f063d7d-27a7-49ae-abde-03b940113053} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1360 10cf8458 gpu
    3⤵
    PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.1.2033616285\210742575" -parentBuildID 20221007134813 -prefsHandle 1552 -prefMapHandle 1548 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03700650-08de-403d-b957-eb47441086b2} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 1564 f9eb258 socket
    3⤵
    - Checks processor information in registry
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.2.1570224898\789205244" -childID 1 -isForBrowser -prefsHandle 2068 -prefMapHandle 2064 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27ceb6b2-64c2-4188-b909-51c650011160} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2080 10c5d858 tab
    3⤵
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.3.298740122\1586514481" -childID 2 -isForBrowser -prefsHandle 2728 -prefMapHandle 2724 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f12ac06-0b98-4b15-9d0f-91dee021f885} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 2740 1d3c1658 tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.4.547865288\781055921" -childID 3 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd9ebaac-d4fa-488e-9eea-75ed66cba293} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3664 1f0ba258 tab
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.5.318715762\481447199" -childID 4 -isForBrowser -prefsHandle 3772 -prefMapHandle 3776 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b725f5a-f08d-4ce4-b644-c62e7ba9558a} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3760 201cd158 tab
    3⤵
    PID:1624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.6.1697175216\1126639063" -childID 5 -isForBrowser -prefsHandle 3936 -prefMapHandle 3940 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1b81cf-e808-44d9-8547-bac2fa31a280} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3924 e60158 tab
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.7.36465251\1048755431" -childID 6 -isForBrowser -prefsHandle 3976 -prefMapHandle 3836 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d65a829-b2bb-4866-b5de-ca58e402c853} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 3972 21fec058 tab
    3⤵
    PID:1784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.8.1714077519\720196544" -childID 7 -isForBrowser -prefsHandle 4368 -prefMapHandle 4364 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b35dac6-6023-45e6-95e8-c235c5bc2800} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4372 2009eb58 tab
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.9.340550646\392530498" -childID 8 -isForBrowser -prefsHandle 4384 -prefMapHandle 4380 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffdf3891-d35d-4825-9007-177d90b70e76} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4428 23359b58 tab
    3⤵
    PID:1924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2336.10.243687743\1989774725" -childID 9 -isForBrowser -prefsHandle 4404 -prefMapHandle 4400 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 588 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49c07fbb-94f8-47d9-8b4b-c65fb5f74b7c} 2336 "\\.\pipe\gecko-crash-server-pipe.2336" 4512 23357d58 tab
    3⤵
    PID:2904

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3296

C:\Program Files (x86)\Microsoft Office\Office14\Groove.exe
"C:\Program Files (x86)\Microsoft Office\Office14\Groove.exe" /TrayOnly /NoLogon
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:3652
- C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE
  "C:\PROGRA~2\COMMON~1\MICROS~1\DW\DW20.EXE" -x -s 1320
  2⤵
  PID:2500
- - C:\Windows\SysWOW64\dwwin.exe
    C:\Windows\system32\dwwin.exe -x -s 1320
    3⤵
    PID:3848

C:\Users\Admin\AppData\Local\Temp\ose00000.exe
"C:\Users\Admin\AppData\Local\Temp\ose00000.exe"
1⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\ose00000.exe
"C:\Users\Admin\AppData\Local\Temp\ose00000.exe"
1⤵
PID:3516

C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe
"C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" C:\Users\Admin\AppData\Local\Temp\8.html
1⤵
PID:3540
- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
  "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\8.html"
  2⤵
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:964

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\8.html
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4080
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\8.html
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2216

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\8.html
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2032
- C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
  "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Admin\AppData\Local\Temp\8.html"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\8.html"
1⤵
PID:2384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\8.html
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.0.650178561\290145422" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1232 -prefsLen 21195 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9cbd329-2aea-46f1-b452-5d1fb7ce4825} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 1304 106dbe58 gpu
    3⤵
    PID:2804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.1.1740647806\999265562" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 22056 -prefMapSize 233496 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d082e14a-91a6-42ec-a7f6-8302c46bd70e} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 1520 3e3c558 socket
    3⤵
    - Checks processor information in registry
    PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.2.1069662616\1941748913" -childID 1 -isForBrowser -prefsHandle 1872 -prefMapHandle 1124 -prefsLen 22159 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40751995-dd2b-4686-a8a4-e05f28365ab2} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 936 1b142a58 tab
    3⤵
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.3.919945278\1037649040" -childID 2 -isForBrowser -prefsHandle 652 -prefMapHandle 648 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35da17eb-b58a-4fd0-a34d-e43730b814be} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 2396 d62b58 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.4.92450819\195903104" -childID 3 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5143f7f6-e4f5-4b9c-8c7a-9b1c7bd8e5e6} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 3280 106da058 tab
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.5.974093372\1944132428" -childID 4 -isForBrowser -prefsHandle 3384 -prefMapHandle 3388 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a72f692-7c17-4681-884a-fcf20230047b} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 3372 1d495c58 tab
    3⤵
    PID:3940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.6.216412567\1772876422" -childID 5 -isForBrowser -prefsHandle 3548 -prefMapHandle 3552 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f24c598-a9cb-40cb-8628-e4cce29ec856} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 3536 1eb14458 tab
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.7.1775869150\1229186254" -childID 6 -isForBrowser -prefsHandle 3880 -prefMapHandle 3876 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b22b5ead-0820-40ef-98cf-155b0a561908} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 3892 21755958 tab
    3⤵
    PID:2888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.8.1773303049\1827210556" -childID 7 -isForBrowser -prefsHandle 3916 -prefMapHandle 4104 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f219e65-6025-40b3-92a3-7daacfe6e0bd} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 4112 22173558 tab
    3⤵
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.9.1629122499\667533943" -childID 8 -isForBrowser -prefsHandle 4216 -prefMapHandle 4220 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01d6860-4918-40f5-a63c-7b60a7278037} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 4204 22172958 tab
    3⤵
    PID:2632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3156.10.638718932\988634594" -childID 9 -isForBrowser -prefsHandle 4300 -prefMapHandle 4296 -prefsLen 26500 -prefMapSize 233496 -jsInitHandle 728 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {865e99fa-d662-418a-8444-50cbb43b0366} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" 4324 22172358 tab
    3⤵
    PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6539758,0x7fef6539768,0x7fef6539778
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:2
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1136 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3864 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3848 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4000 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1624 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=692 --field-trial-handle=1188,i,16445541065180137141,9920649520534549521,131072 /prefetch:8
  2⤵
  PID:3704

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccbd8f1ac65fae17037da6b5ab0b8318

SHA1
3ee315c35a164ba8b860d1e9a8720f042d41e678

SHA256
c599b02c1b73af4b46aa54d242507980f62f9dc843597486d5f38d62794d101b

SHA512
30731a298b1ba874a44de125f7262c56c81f19f15df3788c9379a25241d61842cf21e2ec641931ca421408c1a5867a0c03c47bafec7ee8d48054c53c7c8cf840

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5f3f009e758bec819bf58498d0f49eb1

SHA1
4d2dadb441b8bc6f1ecbd8a7e72fc55dd7793ad8

SHA256
82faf8436536628a266782b3de4b4cf3b673b78c447a3050aaef36206d1ec522

SHA512
467e6ff927bf02a78488e8da4d16d9335edf5216deea3e4613a166ec735bdad251fa6492f4e635b52c29299315c76ad8a19390cc4c03c885ec814d89d7054963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ee05d7eec9e231b6024d31e610d6020

SHA1
08879b4f0ee22bf9702a42644a7174d5c7195016

SHA256
e00e136553bcf1c45056d988739b8e965b0a91689d26aa92e98c97080c2dbc3c

SHA512
d6a0fa68b4af9df63d5fdf6824c0d6d4a919cb2b72d65a2f5090e03a2b0ac41af2c6e0d444915c3704266861cbbbc1c2d4bb6a5269f173752518cc3ad8d44860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
078b842912293f6b10fa45169e8eb6e8

SHA1
0f071e79fe2362569a45902b3919eecd8e858235

SHA256
8aace48aa9e8803057a9ee9eddc4e91812013068f38fe3a8c978a1d643f62cef

SHA512
63c2462d92d0e17d464632e856f4b948769403154809578607e9f7e49fa3beaf43d512270e9a409a6c950cadde74100be6c09160ff0b2fbe2ea21296072eb48c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8464c165-913f-4f45-ae05-f17febf40a12.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4bd9c48e-e0ad-4d09-90e6-5622661dc26f.tmp

Filesize
6KB

MD5
cc0f4c570832a8c0291700927103a87b

SHA1
5573ddb96814343d3218ea7512a6cd508238db7a

SHA256
ebda73f605bb83cfb6b1c393403736f8cf31e700dd9c63bd4a885186506e408f

SHA512
b6aeb61facef91760b3d0bfa2d169f2d6c575c5c4d7b953091d002993976ea62df48323938ec17e9ff92d729ad5e0f148afcdce52ef2f82586cebd7b47f1fce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
967a773ffa7ab17ca447ddd6c71e2f96

SHA1
0ef397e47d3e9a8221b6b2b41473290d30f1117b

SHA256
f8da5e3f24520ffb57480d3ee1616c85108ba1fa4ede844eb8169cb0fcd90a95

SHA512
6e7f47f3fc652c73322738e95673e718075c1356183d74b11eca10a90663ce4aa6014e887700ac6ce5c57e5a80ad95c36cf2c08412ef820869a3fc317cace699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3ea17235a4e397b1cc6b1c5c7c28c30e

SHA1
2a4db2429c77c1862bc2ec51270e7968f471b856

SHA256
6cc05826a3037dd15b9a5156552c3e9470c0ab52a013e035e844e675f22274f5

SHA512
1f2459aa9e767ef8b540a26d586f6cbd06e0164f180e5068d316b9251ca9ccf589c604ca130707f13fdbe9fd05a39a1071d38e9fae50d53fc2f3cc31035b9188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
121d25292f9d9ce4694965c70a800116

SHA1
8baa276a502f10c043e176c70d6c9fca129c7fcf

SHA256
8a4e7de1be5df6884ebb1e7ba292d50beb1c2f196a7c784ecd48a9934c2148c6

SHA512
54957d2da6c4ca80d63028fdfe87ea331481e5853c5ebdbd13e4aa53421bd39f9bb39e9a3e7340d00f973c1c74ad0bb56538a392baaf379571a1bed1dac677d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
c545bc0952d5bbfb88adaa25fb9b187f

SHA1
18f95bc2fc5ad2c8cac817d29530b3244a6017b7

SHA256
7fa71a34e06da6f171692c2ec75ded84a69172aaf52abfcacbbabf829813673c

SHA512
d01e72cb3b4b6ba3a113108b5a89e085d4a57295d90a64eb0214111db509d3206dd825de8b1bb7a966db72a2d6e6d0a2ab15bad395d1cf344e909b2cb5aafa8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
6bb86b01253e637ce5aae0c50fa025ba

SHA1
be24a3a289934c0aa5ec4829075fd59afb7695b3

SHA256
a20b0e667aff6f938b390655be72d6b728658451cd9bdf92d2b820c9e325f5a0

SHA512
65f1bb6c91ed53aa37fa7ae9f295af986670ffb32a85adc3ccd83459cdb7422701e499ddca26bd9aa5665e1d88e812602e486d9cf22e64cb2f4da504b0d465c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
fcf81ab96d423fa2efce4c80247086cc

SHA1
75fefccf154b92cc1edfee3e94d546472e5a89db

SHA256
592593dab0053f514778b29f70059aa2b834ed2808ba4ec1b5e7bc144f2b7e43

SHA512
d8001242b15f125b05ee2ff34098ceec518970e5188f65951694b5a9e55faaa56beb7d6cd79ecc083286066f24f8be4559eb22a6f36c359672f52f74a2b8d38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cf2d8655edfc7b1b849b0eb3ec9a15e1

SHA1
821718abcb75b699527a620c968108e1e90619b0

SHA256
36b072a074185bd4767c4cb05e2e9ef6e7745a306820aa03f81b5d8fe3b58830

SHA512
4cafb84ae32525aa7fc65d2bb39a32d6882cafadce63b21ecc95bf5a5eb50aabe8677e91962ade8b29b826a7c20fcc850e591f1c8143b5c5d682901453164531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7152cc23d53c99be7ee9f05e7de17cf0

SHA1
1709ce556cf586ffed681639039c28ab6353dd9c

SHA256
2cd9a6e089cff778aa25f0da165515730f4a627739818d6a4a1cfe3d3a0e498d

SHA512
8d9fb5109ac313cf5ff835478db668b2ec1b3c347ce1fc7b6ffb065f2b914e02ecdc7aefe85c46eed6c705edb381644055a0e054bb83f15d550f252e212c1b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
95ff7918f1ef54c41d0b21b633f4e1da

SHA1
a1034eb789aa7b3d4d9b210e479eb5b34fb3f5f2

SHA256
f62f79d9aaa5a737629edf3c9cc12de265ee83292d9e79af5fb1f386ec0d14d5

SHA512
c034309dfaccc60304be1bb8ff7c7a0ed546ffb938a1e280907d5d466596b1d6e38d0c60c04daa876c88890b359c4cc124d8b33105742dbb69968c1900304ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{5260BAEA-C173-4360-B615-60E32CA203C6}.FSD

Filesize
128KB

MD5
cebc63ceb969520d76d9ef3161914a91

SHA1
dbcad8f9f48e2d256e3b97d2345d708db0ab7f75

SHA256
c91c7b2436d6f3f612f30aba7688b55bbf7b7a186509b30d3f4dd503e665a8c8

SHA512
f6941514ee1fe59dfc2a827f2eb67a77b0fdf4e1b67a8385814fd5fa0c122118759eff2eb3276849dbb7557b4078b4af3dbf36bfc0b2ba75a61d97310f4c3c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

Filesize
128KB

MD5
14d64294eb789a961cc39b8a46d08c8a

SHA1
5a1acb0891a6a881b5833d2d4a527c8f2ed9ce49

SHA256
49b0905e31645051559f5280e243b44f6c3f8001b414b6f083bcaf1c0830431e

SHA512
2e8ae6aa6ee675027aed290e21e6f7d52c4dd91bc0bec20908749819e6e0a292121d8673cccfd109454d14195b78d6f2169d3cef417cec35d88fb3b71fbb06cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{B236F812-3DA5-41D8-B70B-D2F67DB9C2A0}.FSD

Filesize
128KB

MD5
461a06dc5f9d616fed0b66112a73f998

SHA1
83fa815513fc8efd29ff5db3e7a64b14759a640d

SHA256
75c1fe7eb316958b6eda1644de42c6986413e1744babe41dc247bb834d98034b

SHA512
1c693c2c3e0a88b2b043bf55c578b4190ad83b9d04f398a76b70adff56b57ee1c7cd31e6592e00ff37f34291fc1161da4a94c03432d8ca9bb872c4edb08d0763

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\10241

Filesize
86KB

MD5
ced2deebdab5fc0acafe373343011bf0

SHA1
5f01d28a3a6464dd6e216dc0ba9b6c863792bdec

SHA256
be92e8a511f62669e4a34a435f3b2a20712d153a402da0bd84ef82a233c83f77

SHA512
1a3cbd1e740ab652514741788091d8e145ea8315e485679cf01412fb7f5d07c7572013ad63043e96efe62b3decd0eb7810e258a85ce93471b73095f0d8512030

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\10624

Filesize
86KB

MD5
708fed1dd898c0a0d6709fdcdaefa32f

SHA1
0b0c046469e65c30bf8f5e69b54f7d945f7aa5d5

SHA256
80743e08cdc80409536d0e4fb0ebd6307fb8f5555ffd89b6704af9ce3a9803ec

SHA512
2a45f2d5d7f3125003654ccf97ec750dfd638644ff05c90dc38bf99e0e7c997fc6ed5116f193b48a260ee2e9c7400fc487633069f4a2a90095cecd459b6689d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\12134

Filesize
86KB

MD5
910435604ae7ffd49987efe71a8dfc7e

SHA1
28340786c3096742959ad2755a90e77e6a2a3e4c

SHA256
0f6362cade419fca7dba776a1d74fc694f622c66189370a608bce1b23d14a23b

SHA512
c553df3ebe613572076a8a120b331f867daef82bc16d5d68bbeba51141d1e62bb86d4c3a185d5c940686c9705b4de86d05ad6529e42a418ce6272b135ab2e29b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\12890

Filesize
84KB

MD5
3355e26347413b8366a34267780699d7

SHA1
eb87aefa0425e4f8b6a058ab44300d808d9860c2

SHA256
41cb7ed4d80d761ca52eeef73e68fcfe4a8fd5e5caece54e7c4af4c57c33d2b4

SHA512
2ad659f763e0ea86edbedaba29014cdcd40c6c58aecaf0c6ac7c34df14c117d46fe177424ce1a2d08ec2cb27a1c44232a75dcc803a33c490b6d8ee172725cbc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\22218

Filesize
49KB

MD5
6e5a72e3a8b48be522869575ad3171c6

SHA1
938c5bbe450394b082b72e42aad032225a4f6862

SHA256
24d783efc70bea0c21518221c5f140e90dcb5f6e175da7fe09a3195ed9f97349

SHA512
ea806ab7625907bca9c140ce78ee82e4c4a4803b642f6d81c8757cb598a9ce697c123d95cc2458608f50b1d048ca0893642ab17b2d84b0ad0b4308fd462efd0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\24139

Filesize
86KB

MD5
1b927b146f3bf9342950942603c19288

SHA1
112c09aac92525f649664df8bf283b3518d05b5e

SHA256
93c0de800afb2a1915f1ba71b1616729f59ca2e1e5e92051348b29fd951842dc

SHA512
f9b8b71c046205d52bd3b0ee6d2e96fb9ba304eead01869d3ce10237ce5e18a1f46a71ca629e8eece5ea90ec10b35d393f48f90176f370bbc9818a884d581381

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\24309

Filesize
86KB

MD5
66d452002af4a8864beb9785d350ac48

SHA1
6fad723498128b9d8a15198b29eb7f552e925220

SHA256
dd7f6c9472c2f58b1d57d2377614c6a80fde34af2f208911a8c82aae803cbff9

SHA512
101f8fbd6c679c7de33659f8e2f2767872029c0ac53377d4d39955111d8f5525b438d37f6bf6e14d6f024c671b014d1cba66dc888e2e8084a3a1c964fb71ec00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\25338

Filesize
86KB

MD5
0f262f6f3e33fcb7bfa0a23a2f97fc40

SHA1
f9fa0f2f491cd0c38c872ae66df20af766dbd217

SHA256
d8b4e6032953ce99350da8375828cdb0877fdb5833998d2c7d21a995aa1e0900

SHA512
5906fcff58c67c3d0b10cbab60d3cc8cfc3f7b4a5379444deea461d02bcca578d093103d538f5539a1099123d760db2c24fe4363db9a8090af56a4e750037f96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\26957

Filesize
86KB

MD5
c7cc318a2552b6c408ba7fce8bbd57ea

SHA1
8ff6672d85192e1919eb0d4f89379825a4e2f427

SHA256
5ff2a4c4bac38aa7cf0b25bc80eeb7c88aa259bb41988663fc3ec75de627d8f1

SHA512
effc3f5d983571f1d612811a4bcdc52141af5e8421a99f9c15e6431ed14ce42b3b8f2665469bd8ab039e9f29992480f5da5b274969405a59bb9d71542601f9b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\27993

Filesize
86KB

MD5
12420a477cfdde5a626b52c7b5ae74f5

SHA1
df66e99226a9f40c8dc0112b4bb890ced5629aab

SHA256
0a95c2ec815bbe6f007484f1b84a2263a9d4b3b2dac5ea8506b7ac5dda845962

SHA512
049a095e2d7e540098880c54088159bf2891f6aebab883ac0bd6a76d20d692ac5a0f3d632626cc311ce3c936714754fad91bda67e20255de736fead00ea6c30d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\29180

Filesize
86KB

MD5
11c3c0d2005005634f15142250bd26a0

SHA1
50e3b0853ef0adcf58f4bd533024bc6ec533848c

SHA256
130cc3e8e9a3002efbe0e39cf4068f35c599502dda40f5a7bbc1be205ada5b91

SHA512
759b532c26127da0f12eaebf65b9cac204cf89bb680fde2cb102ec8228e28687e4be2a9b9ffb38516144b50622d595d18dcf6572a2cdc7a761cad140ea765cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\3194

Filesize
9KB

MD5
19da480e8ed22425ee35364391c6e303

SHA1
a4b65486f7d13b2840282f031330f6fcf45ff110

SHA256
0411850f0704b526001279ac040dc9b5c8aa757037510a4888fce86eab2b3c89

SHA512
7805f33af47f9d389ea4bc5ce07424ffc0985f8e71c5c8e68de6e47f08cc5b38f0dac054e5035e072582b15e7f85d23837ce9d627fa3d849877ba7061d3796ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\638

Filesize
86KB

MD5
ff83a93433343c47692b4d5f91708ed2

SHA1
2dabd9eea8a45166ebac7d638486809018734400

SHA256
632bf992a6a4ef684ec285fa1d52f042a99155523cb317e1b32ffe382cef0ed7

SHA512
4732e150ad8516f3f19a8bd1fb6ea9cebfbe9f1a1c2769c4a2d4b074ba034aac0ce04cd06df7a9040c55723adb4f4902ecb1c53e239c9c530e877630539b895f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\7265

Filesize
86KB

MD5
473afd9f708c5f135d641564c54008f0

SHA1
0d8e8423f85cf8b354a3e7cac05feaa84245dfe2

SHA256
fd275de4f83e7ee2ef73c7f60c8577ba0a84f9802e1dc5ac8d52cc51ee336595

SHA512
f778cb985a39f374ca75afff2dec5309ad629f04f81566c12fa954749699c843e3368fadfb6290024302db6cd2c1428ab4736f8d0a31a11abf726ea9e108ad68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\8803

Filesize
86KB

MD5
f856e0d934e9708835ef7f1f7fc145b3

SHA1
c9c68002d1929eeeba588578f3cff06b5af8fc2b

SHA256
bb8409045318e63937b7049449fa3b2b41174902133752f10aeaf493c3635282

SHA512
630287464e8bb2ea53a31eea292448ca387a820fada328dedaa6ee3812f4c2de8f73b715adc731a595bc4cf361e482fb6a6e74e9d47efe2a3dc11ab58db2fde0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\doomed\9555

Filesize
86KB

MD5
0169cc9fc0170aadf5b28e04dbeca975

SHA1
cc1df7635b41138b21151be004f60f7e273be858

SHA256
5264e54c8336179169211f1bdbd5e9d40d816685869b3aaec96d453dc8a009c1

SHA512
ff4c18870e6e98c5093d5968f57edcf1a2d102626914af4f7fa6d6ef51799e6de3a6ab5d16bd1199c5da957ff3ad2190b633950405f86592758a401c1335b281

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\075B8FCF1E4761117058C2EFF149858F93A6A354

Filesize
9KB

MD5
2f02a3fb7d61d3e58839ad31ff280e4f

SHA1
9c5ca0d5e9e05cffa6856edbd8cff4e812953dbd

SHA256
1b78c4ac1909fc72c0f1cc1802126e570b2e0e6aaf9c49cb7899c779818eeffa

SHA512
a5bb985cab33c7a38ee0ea4952b2d4bc372fbd1aeda394655e2765a633dd9dd391a39bf2ce2a722b7ead0c6e33088e154a10cd45ba2cc19c82ceb0cb208bceb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\0948D58DDFD4CF66FEE916F9CE99EE22420BBB04

Filesize
9KB

MD5
fb14397ad75d8cf277c3c46f8ca4c9ba

SHA1
babc55e9eaef1f8977f8cf30584fbde8a05f1bca

SHA256
c703e93a2cd5633364bb6dfb143bf6ffa8fff4605468734f93e16f8c2b79f269

SHA512
1b68fb492a512e3e3431cc049cda7658855762a39ea746db82a8972a738ff9f700d5e7b8bc7d41524c9243d27a5334fce7f54f13f6f0eff9821d1540921ffcd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\0BABF52A64DC7B1FCCDD563D131A086B80FE77E0

Filesize
15KB

MD5
d40fba738725e13636f0d5fdd3b0e52f

SHA1
99a80e0516091c051885963bd852266a2cc9e97d

SHA256
775bc7880d2583a78c02e8a361bb68bb08ae634f52a6548d360d8fe4dd1e4faf

SHA512
a7a8fee87ca998022ab7a6481df976ee85d0064b8b9f8245b51c3ad1c322a0ef30954f3f4d817c164921cfbd072aecf657a9577b218bf15ef97b48183c55d69d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\28B972BD7FB20A3E261BCD11FAE0E2B435BD86F9

Filesize
84KB

MD5
a74818dac4cbe53b7e2f65d01fdc32f6

SHA1
47d5f16d7bf6a9316dfd401526622087545b1832

SHA256
b80e4e309511ab7b6cf65c9d3a14df19e0e5051275313d76ddd1913502b839a3

SHA512
f7191a1cb4616bd751a2f928d059957aeb0f355b3a8e35004e783c39a6d8ce00e5cea669d9631c4cfc956b31cbb81dcf05be4b0622d65467cfc798124f5fbe98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\28B972BD7FB20A3E261BCD11FAE0E2B435BD86F9

Filesize
84KB

MD5
8fa74f2339842d58dd332a0aca535875

SHA1
84a2ae0e482d8f014920be47ef6579808f5eb18f

SHA256
08602fd8d770bc34987f5beef05895aadc6d637e67b57cd11d6d6fee1b7f0a94

SHA512
5e1c984591bdb08cdb5ac8d085606d8ad128f52ae6436d7c3b9f1907cb5c1faad697afe0da478d42e7260d7c13846e377e64494fdc04079ba11d3a3116213e3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\2E75BE0A6B54D65973D91030FB3452089AADE12B

Filesize
26KB

MD5
9145754ecdc16ddca6ced051f0e2d6cb

SHA1
ca110e4885ef7b7507a18a4a87c867be35177012

SHA256
dce5e5c73ac3a819385a83fa13b3c4ab858c954ba514d6939f591c94d64fde47

SHA512
72e762f06530f668c3a96c4941e718223ca95b9a48ed328a011e8849a6f501fc20e542189ff8d6234a6a35564a592425a28ce16d64edc1db8b2a8ff81477f34f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\2E75BE0A6B54D65973D91030FB3452089AADE12B

Filesize
26KB

MD5
8c966f6fd59d092d22c8d7ffdd835e3e

SHA1
4c55a6fe8ebda1e769372d2292398ebc1ba5c320

SHA256
d1fc479c33035433e4e395cbf54d1c12564d311ffa88c5ef4f224b69c93c04a1

SHA512
bfb28f4febed090899bd39d28301973e31c0ad45b7b1015a2eb985a25ddd149c1f75d563c5110d9789e981744216d4ef0d582c20b2ae8ffc8783f340748e36d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\30D0F186B04D0B3CDFB165E0EDE160D5B111394E

Filesize
21KB

MD5
9d9f35716dcd4db323b4c4132bcb77de

SHA1
3a0ed3fc93e32ac42fbe96ab596b0cf4c1723d7a

SHA256
47129a1d03bffc56fd2cec126594d6f61698a5d6b78abfbf6583264b55410075

SHA512
a69e848d980faa4287b9e14ea75b91ad57807ab3ef6540db255b5e51c50617280f96fb2d9f525a5c1b8e61508b505174f1d1b83a8b474e9d79813ae41c9089f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\30D0F186B04D0B3CDFB165E0EDE160D5B111394E

Filesize
21KB

MD5
f6e333427aab27e1b0f4075fd5fe7cad

SHA1
d71390c28a14b2a888450af97793b7b1dc12eacd

SHA256
4762f1743c1311a748e8ee0d028cb3b3f94b694e5b4ecde785378060f8d37a74

SHA512
75a57fb92de6e8a22dc24f04156318f1e1f397b490c1371a3935d62c2aec02fa9444fd9fe7577afaf2c45aa2e4793c2e607edef1c050e378457bf170e91105dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\364583549B0419606F6E9E71FAB57390C4EE8230

Filesize
358KB

MD5
ef29872074f8d42502e218826b9f5f54

SHA1
23a6cffb5e7f1e456c6058d802bfd7137f2c3c99

SHA256
40a004ab462f9118b5788896ed4c0934698a95196c817956e6eaa45e5f09dfac

SHA512
4b73330a69026da741df48341eca1fb1c12e2693d37a727ca850c04a98b4bd2d80595e801ca12bc35a3bf0cad2e3aae2b012b9372c3aa6dec46e17aab69c9e30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\4A447FBF5DF2F6C8CC54A3381AB18AA234C119F7

Filesize
1.3MB

MD5
160dde9a69463d5393721ab30e000320

SHA1
54949a5ffd8831f36632705c0779233b581bbb0e

SHA256
9c99f6cbdb96ecce399d30f51144ffda7eb07418f21d9de4eca7473dcf7ab78a

SHA512
03bfbd1125efe73733d9bfc234c9d79da86204e750dc2ae7de521a7b3106c21d0d229f0ddc4178f183fb2646409fa8fae84c8170c56b88b4b68124c349563442

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\4A447FBF5DF2F6C8CC54A3381AB18AA234C119F7

Filesize
146KB

MD5
9cda5c173121f96bec6c01b02f317136

SHA1
d8a6157fdb40ef4163b8af2a398380f58522b4f0

SHA256
561e67b66baedb64cc6479041964297731723eda0e10f02063e1bddbbacd094b

SHA512
e0177534b00409f4d034a30be59377ac01aa368f51ebca6a50d52716650a54ee6da7e4d866deaabcbd84ed8c4a221f0450e98ac86be562ee3d6f9b150db0738a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\586B48D8968BCDD13916710BBC9075DE4B50D5B9

Filesize
111KB

MD5
ee9397eb36d86ad18859571b2391739c

SHA1
c4f012cf35a17523c92b5e7f8c002d8cbfb5cdf9

SHA256
e95b58bc86950d2220d64f86596247985829fe9ed063bdb4a01ca05bb2f8e559

SHA512
e09713b23b0c3b21425f89608fbca1a5eeddc1b01e9f0f0d01aac9981dcc136cca33c821904e1f87a0ec07e884bfdd0de0fe76ee198afcd22561fa9079d3f720

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\586B48D8968BCDD13916710BBC9075DE4B50D5B9

Filesize
111KB

MD5
e65c45a7a96102024cf620442bdb1376

SHA1
e631223c22aa3c3aea71cf6bbb9874e965eb02b6

SHA256
5f4cda656e7dcada2a0ba11054e71a8a42598c41cc5a964f346910a033e8a550

SHA512
7f1834f9d736e3ba0bb0b25e37f6e4ed8e8f5c96547a75fb59b58cd24e7ee48819d247d001fc088c6046f4cd7c47a90b2078548521740283c287e6a7a882db9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\65C4532A9FF04637585204DBB929959E3C24265D

Filesize
77KB

MD5
ff863ffc2f5556a5cb78fd97c3acdab9

SHA1
0d7914ac1c7d2e72df3c69d263c0fc0f0c140024

SHA256
3994ce2d6c0f9677b0646f0ffb10a81da477f35ae201940d6aa2a9fff43479e5

SHA512
1428c39585e743fcd102d094abd604ac748a0b2d1bcd3c617b4ccbf2a0d4abe9084b741696942c707dbd07d688928257b5f20a1a3f00f4fde61b8ad2cb82f43b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\65C4532A9FF04637585204DBB929959E3C24265D

Filesize
23KB

MD5
a1d02512e3c81d461cc9044fe0b747bb

SHA1
000aeae1b7baed593ed6b84c13dbcc892060ba6a

SHA256
98f95624e5774128bcda6c5ff38b6903c71b9a0d7c1080ea042ab8e7159051c5

SHA512
6eb5e924f1e2df24eb155e600944b15c893a61a086df6f59504edbba213b3392f2a6655295275c2285accf25a6b33265756d37a155bf76e2dfb5d69b3a7a9183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
1aa5e781960f535b5bf02866c461684e

SHA1
dc489f354d4c425f662dfabe1edafae6f25d8a34

SHA256
c1c8c79321a344c9d61b5e6a631e25a5faf7fa61b97bc78aee6d11c416c1864d

SHA512
a9ed91c054cb072894973eb8fd8c5dce1d32dd3197fdecad615dff0d0949bf6e40522cac0ff481023ed15f9747aa1b6edcb3d38639b4ea061a841b002aa19bdb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
16KB

MD5
3b9d3b5d90a46398ae4d55196634c1b6

SHA1
aa5bc76b6c18781ad7ce37a4306f26cf620c3d36

SHA256
c665edda5be52bccacb3bc20e3d82ec0c5069e6046a5e384f80275d2f1d24096

SHA512
2fc069eb0fab2833239c73a5f6ef3e405fe7a372db4f78cf45c47d9fd83812cd583db77917be5b7f4ea88073c68d7734c097d5d0e58219e0cd710d324ea0cd08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\92B7C9ADC1C800ECBED544904E7E98094EE6D02F

Filesize
17KB

MD5
a818a1dd29c007e3a3fed1fbddfd7a00

SHA1
a683675cc86b78a432e93402215543fe8eb6b607

SHA256
c905cbef2127543626183f62847b20488c2b051967cecc4bbd6bcd1587ae104e

SHA512
f01aa452f89a8c4d2bb0a60101b86aa042f6e5bb62f2cbc213592cf0432273dc810f2a7b8e3bfa92a6f82532dad8098276d4e2859ee305a24c2a4f31f83d6d3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\C94459D89AEA07CF5BD75743D183684E82350816

Filesize
582KB

MD5
7281b80a3c74b2dd048e462cd613c239

SHA1
4e31349f211bc6b6b0cb8240b4ea60a12e8e275c

SHA256
864a50253d718b2e45a99bcdd9630b222b43c4d7352dc3b3ad59c37e84a0186d

SHA512
7c260b397a0e90b39b85110528d02dd10543f84e0427e232490bc2894229f57bbdc403f419d55b70a0cca52c48187adef7ded72add4dea86aa64c48877bc423e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\CF78F16354E44E4F5B1E3CC02F705A01193C2584

Filesize
16KB

MD5
97de444edb0af5f571f9c5ad27b26bd6

SHA1
9869ae5ec79c6649bd3a0a13daa9aa4d48f32b23

SHA256
be998f58f8dea78abdd4646732579efa34cf469f3f32734be5b15aa383143d83

SHA512
88b1d5ce66eb87280d03bf67abb976ed6d0e243730585924a99ceaeba0746d094285d9b85e6f518d86cf53f599b0f48d593d3cdc1f3d4bedb39230d9cb85e614

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\D72AC0A44F7F7AFA22723C22600BEB3198041333

Filesize
315KB

MD5
ee94cee22c4d8fcf9958fcf420a68110

SHA1
49d36344a5011753704d9c132eb1c4ed00a7c983

SHA256
07fc3065edf6482bccf9687ed5e176fd3c3a76c190178d45d3641a6862a16f6e

SHA512
11502fe5868ca9d5dba701192ece0ced76afc8e69f7f490d6289c13923cdb470e4d37dd36c981e41e3fff71dea678fbfb476d1a10478ecca336034edd44b9b25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\EF5DFCBF522BFFEF54E000EF2B5073F4943337CB

Filesize
2.8MB

MD5
90e7e55b73a051438fca62853b2dc304

SHA1
33c69d6237814b62bdc99d9dbec3ec3ebe7031bf

SHA256
b3a4e342c43af0ee50d9ecb607de7309ef35317f2edc01292eae87d1f0d00e5a

SHA512
f41b4865f36c0685d7488201b12300b5aed7f89f9f594f407671e0857d225643ebea80edd9f6a55ba09f915a685843a074a108c28ccdd22a09ea92f63761c831

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
357B

MD5
abed083938c542a9d05cf649a926f778

SHA1
550aeadcf3689c2b4bf7d910aae8fb8496137583

SHA256
3378665ec9b4df1675ed1f8ba4fbcb64936137766619a048053cb36bbff975c6

SHA512
9cd70013f75b1c6ed1a37b10a84b336095aa50c3f8cac390f186002aecca9a42944ce1576656d76758cf7a17c27ff7b91eac5e2d42f5c1ce5ee58d17a6e2a7ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
b300241bb918653df3849bbea0d7c880

SHA1
e41e0f49deed0a259176fd517c9e454e3b988004

SHA256
639480a2509eb4fdf7ff9e1d02c13e093ab23bb90dfc1f905e2c03269113c39a

SHA512
7229a969c72d4a7f9e0cac384cbf06fc5ac533290dcc8394734f9469fba2f56df5d00c4e059125025517126df2cdd17a35518777786cbb453862b5e2904dbd7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
80be6bccea26e164cc1fc2d94e0c5582

SHA1
467ed701e72bab4a13e168d5d3b051bbf7775013

SHA256
242367969c3ef2ab9cc774eebfc3bbfac8f01031c2f2d009722d88cdb7f30325

SHA512
ba0b79a7902996e27e112181ba4453cb447276861ef680128c70e7a9750fa774708e6cd96972ebf4f1e52ae44b3b4b563f9363ce5f4ab198cb7f20247ca1d344

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
3268024131fdf487fa4ea463a2b35da7

SHA1
5114c2386e3ed0a7a9599562ad0c8f8dcdc4828b

SHA256
a67cfd03d9935c533dfb6571f31e47f067b61c6f1579e354c82499776931c1d7

SHA512
73dd96910fb3a9ca7501fe5d3eddd730e99baff5b15fde27eaf97052b72a8d8a5bc781a1263ddf61dd7eff842c21864221b83508ab51fb9c7f696cd264e5ed4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\259459536.cvr

Filesize
560B

MD5
7ac25e4d807829d9f474ac2561eadd17

SHA1
631dec32417b789240751760759cf1bdc03cbec9

SHA256
bdd76d6cd67a297f3692382deb99f40ac04bb46afd5707d2eef890306f6fb693

SHA512
886837da3d6a7bd03e04ef79cb3ea13a481a68c83c28954c3acb0e2c3e09ac77561ba91e4bc9af9ba85c635b72bba288b61ea363c5271e7ffe7d0dd4ebc95f14

Download Submit
C:\Users\Admin\AppData\Local\Temp\8.html

Filesize
555B

MD5
e866db531412ff00602d1ec9ae158695

SHA1
72da0e43076677c891970825cdba90def57e70fc

SHA256
16251083e583243b471692b4d8d0e888eaf54dc0ac1fa0cf4bb927b04608beb9

SHA512
80f814c273b0147fe7e32acafe73e6ea92663749ab68acc3cb52a83c1f7a899bfb66acef28cccc713a82768bd0711ad2718d69c61bdf3e8d56135c3bf25bb4cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAB54.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FDAF4AD3-CFCC-45AC-A2AD-0AE512BB50A5}

Filesize
128KB

MD5
20ab6d1b05e754ade8bb3066c0beda9a

SHA1
384dec36bd20ca79a531829dbfd153b29625f584

SHA256
1fd041f9d9d3d3affe9f4830363a158a95f1577d088b0cd4ef97287e9adb4319

SHA512
a2725b40ec2838c54e26ef171c20700e33ff0fb466b60ca0a25f57a4f457e020d4fd7abc140c7e4756d5aa8fc2894d01caeeb0c0640776123e4d2300c6a6d011

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
20KB

MD5
bca14bfab85634fda8301bc60ccc2010

SHA1
db41798c2317db277aa75d1b07c18a4896178f40

SHA256
c4c89d376c44f0b679a97e2d0c7063096a18d7752c48dcb472b7a911389f3814

SHA512
9ee1035732b495941ed46b994cc288f91b937068f57cfc8f4d83d412e80ef4649ade8b07e838689cc90871fee33c5f15fcb895ef66c14728fc471c8019a2f9a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\AlternateServices.txt

Filesize
1KB

MD5
0c24fffab32d89495454dbba1df2e478

SHA1
a1b50cf89bf4516acc8741f86b5927434c4a531d

SHA256
667be263bc771ab150740a1a9e51f624e61bd776838449f69904d3520c400848

SHA512
7515a4f07a8bbe33c1169c8b9830722e2c803164db184ee78432a3d687ba9d70e2dc2e578398f57b02446cad036153d556f240f4901d589bd06c9b37e42da681

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
aa210b3979bd89d10219be816fa89245

SHA1
527af402e8a5dde39adba6c7912eaba26e675393

SHA256
de44fbbbf74044818688f673bbf760c4e9da6156d4fc144885d157d748259e37

SHA512
5ba81b9512f1b64b9b0f26b1636c2be788cb4d8fba53b2ff2c55a0d36d25b49e7ce82d888567b5be86fe721d7363f24442a929266c0effa864f6903d7c6509a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cert9.db

Filesize
224KB

MD5
a72e6bee7961685d23db38ad08263a40

SHA1
20ea749bcd9e5ab59cc46dfcab95317acefdb11d

SHA256
ce412b6e0c656bc613e31cf1e494a867d0c1e53e63341f288c493fa1b226e5fc

SHA512
039909945c40191d2df8b24ce383e7f46aed8d3b4e199e7429ed11e9d353e3bdfbb13d3bbee4e8a583fe19800d9123cc367414f18a47e7cf51001d78d7fbc0ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cookies.sqlite

Filesize
512KB

MD5
6d650574136417f0fa7608466eb549c5

SHA1
2f5a12b996798c4747a84a90549b9c38098fc976

SHA256
ec847e45293a50ce5a503c08c120338424634837d3debdec96edaee51fefc544

SHA512
850d74c9658fd0ad5d602f420e39e4c5c559420dc5acebb0c0610261af62e8bece8667c50dcd89d7aa3370a145b7e9cf98b47c21d6260a3e4dee078e3a87bc8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin

Filesize
11KB

MD5
11387c1316ca838c95ba4f53175b910b

SHA1
86fd15eca569bc85a86fc64109be22c9bf972a82

SHA256
e61fea1481cf05a9207e0a04c4635009ac45d273987fd86a1665d03c9cb57451

SHA512
f12cee641f96052c1706aaaf050c88326d1caaa80fc6e3b8c5e514dc17be343175adc8bdfa55fdb28974d42f68dda9b7ddb3e9ee07f54be370136a584259f337

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
39aafaf5ff7780457c6893e506550e86

SHA1
485f84be5e8fc69eefc5a01ab7a0d0ca0bb61c90

SHA256
b8d4159edd92e07508594f472bf4ced7109242dd5f6791ad48d7e3f3e8cf1790

SHA512
cdaf0e771195bd1c5e44e08060fc9a6db88d7bc07e6a41544b4d7c1c34d184d83cbb02262bc493437c36b4f7e8e63bff195417c01eccd5695a5a46336718aba9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
a1211778953249c8cb0b2893fe549973

SHA1
df1830e9204a2cd546d79bf5a5cc14bf5c9aa669

SHA256
d704e3a890713f255a0fe218d89c5e084222de2cb2999e110d74d4dd3b515a04

SHA512
be9146033e5964f622d8a5fb0d69ab49210c1c8a8c16d0bdfad56ab0810d5568986e2d100af6105d2d5a630369983fe82113dbbffdb4f186d341c6b6b7d13850

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\events\events

Filesize
2KB

MD5
483f183c3f55eaf168fdd0b99923592a

SHA1
6a346e465be35bbc96107d1c20e8ac982566e2fb

SHA256
c71d22db7dc1f42393c10c67709d1ff6b6a23016520b546e1dba18cd7adb62f6

SHA512
74b6576f2c4ab008cdedcbfeefc36a9ddf0a97112bcd9f17da2aa7a3ae9e77e97785e5dbf12b6d94f21c8bef5dedbd43b32e0f8413520566a96e6c51afbfbbf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\events\events

Filesize
3KB

MD5
fa57abc29f8c2056e51520df06bf7376

SHA1
b630976dfd50cc5bc571e24c213bf29a16ea7856

SHA256
e717914804b5641c9cc1dc6d4c16ea9f8d8c1ff396a74b9a6d7d2e190d13f285

SHA512
9c0f59be692e67f7dd7f045611368aae1a581eec1e460f5cbe9702721b059e565fa4cef34935ad57a90c5da238c0de1a13c4205716752684a6909638430625d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
5b3a8038dac25b7a26f935782c054db1

SHA1
eeb93bfd27637fe72d5be76d9c0d510dd67daa7b

SHA256
4916033da53b3838b7cddffa1d547e67aa73313e312aeb7581bf9cfa6d205f40

SHA512
edff5385ef79a6a7c60bc6f0f1ea71ad0dd27143e7f880e80b3db59e5c48fc3c6c7a87b9c6a38e902b2873808eaca3087f5afc10aae781b9aa5643b7de509b3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\14874d28-0346-483d-95a8-30c38bb606e2

Filesize
745B

MD5
d27cda90925050c4e6243ab9eb39068d

SHA1
9383e83383f409168579ce1161f874602d23277f

SHA256
b7392030074732d42c76e7b7c260545bcd0fc6a975b790611fb7a7dc53aed47e

SHA512
b910725c790f43c1d0c5538b898fcf74184f9b21b6e970a9f1d649539b245888436fa2b548f60adff267c7cfacf8661ba618c413d749e769a881d691df6c9ddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\2a7e9774-f490-4f76-8c44-bada5efebf9a

Filesize
12KB

MD5
e0ef9b63e0a2a9743ccfcb01ea3c6edd

SHA1
38c092efadea4268d521b40bad0142712f618594

SHA256
59a480473fc58a81f60eb89ac6c246e6d7c7f98e7df2f2257fbdb8c1474576e7

SHA512
0ec09a0ae6586458d83ce04ad85098da2a8bcabf4a9e40f5a3731dc601ac6fd46985036ad9508346fa743a11ed9d098aa5e9281cf3f2c0b8275a277b83681df5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\34245eaa-8609-4bdb-9a42-9399fa8edc73

Filesize
790B

MD5
0851f6de5da672a62f401801ad2cfbc8

SHA1
44f9739796826aaa13a9826bb6971728e3eb33bf

SHA256
d99c2308e56a358066f2d386b61ea949257b4487114a7f1f9c967dba9ad941b6

SHA512
2d0326defb5a8ab962e05c1e608b3118d44801c45f24ff65b8856ffcc9484e71592a9eddcc2cd7c01b1f0c7cf1d4e08548213fa4d2a8f4eba0123390d1b377a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\fda0e5b8-cb28-4a08-8656-9cda7851cb0a

Filesize
4KB

MD5
46c682ee95f5c42f538d85bf799b2f83

SHA1
03fc865f970d67d598babf54cc7cb5b841e2667f

SHA256
c9f54b40f5b5acbacc0fdc738a9c8be2ec222656bcd26d8e1b03bf6b516bd8e7

SHA512
360da8fffea4e280956e37551176b1f7c19a5ba0d7b45fffde8ee694aea79a34850bb2fa4ea058f6ad5cf72e7788e4d88080b2663c99431837531fdcbf2c1b45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\favicons.sqlite

Filesize
5.0MB

MD5
bddbc13764b9987efa36857d79a2526a

SHA1
16e34c1f609ea0761f13cb5f5362618afccc1263

SHA256
625e3caddc6ec7f538d07a46c663ea07795e2d668d1d82373a14c979ac491472

SHA512
359ddebb03009b222d8689488f51db8f16a98c0820200356f5cf5620b1bdc9cc8c9ae8f12803bbe0fdae3688c1ca20c4bc17b540f47513ca9955cf4c1ec10b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\permissions.sqlite

Filesize
96KB

MD5
4620b312cc63c91d4b31e2c113d555fd

SHA1
70c17cb2b348c6e3ee66fea0fa1eb11a4435e366

SHA256
0717af98b991de6bb7a3abfe16cb38cc5ac9a685e7538cdf37a706617aa2b384

SHA512
c4a542b284f9dcb3fb56b83ea2e12361c04cb1d5d084825fc1e273f7a2fe30664bb370666bef9eb98823426a5df95ed8fa3017276bcbb85cf75cf187be21dbf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\places.sqlite

Filesize
5.0MB

MD5
e542f7fe64a0cee55a82951a96504e9d

SHA1
4ff1c5a67fe5828ca2c7d3b12d565baa8a2898c7

SHA256
0cc06f48d8d59c96ee2a2d82a7d9a12a462b385563c1301b24e7711187dd7b55

SHA512
fce29cd91ec4f177a4874a61c73002accabaa3a625e7a122e12e1bf83a48ad187b9e96d9bc58b8623f19a380d65546a163be86b8279e4ceb67794e97289815ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\places.sqlite

Filesize
5.0MB

MD5
6f1e064773013f9c639d395783c54a81

SHA1
ab9cfd0ee0a74d2ac94c6f99647c2f30a227340e

SHA256
7f5e40672f213b917c555ed1146e91fcb011e2aae4a555d5605d27c5145f06b3

SHA512
3911b32ada18db36659515938cc19933fa1cc0db12d414cca9265ee76ec35651e53ba9b8bc77c5a97c7fc2381a8e778885f8257712df2e076d668fda465b6dea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
dcb21e89103e19b1e1494d8bd52e79f7

SHA1
a95f8f59170bd9ba0bf89cebb385520188d290a9

SHA256
e9838ea151d2c9d5a4249e020da6d44661afde8a534329ee6f70f3366408fd33

SHA512
68b5136c05f5963b5bacb3f7dad221417421c8893c83e4d2f3e7dba3a4ec24007578658f04810990cc8da579378d0f0ef46ef72ba288cbdae772ec5ff9f53249

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js

Filesize
6KB

MD5
a5ccc53b5787b02be2cddeffdf9cb949

SHA1
1ed5984fd97e9b382615b4c90df4dbc00e27daef

SHA256
c80334fe8af498c5f165960703f24a563c408485f8f6c101c5d8c2b7a3655ccd

SHA512
77b71a10c5b69190009a48079a59744f1550664bd293ee44107cf33ecd9764493a91a20db107260b31adaf86963b8c7209f00e2cf6293139e99218e37109e6d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs.js

Filesize
6KB

MD5
a1ac29c8ceca8905896f9e60acef3b15

SHA1
dde63b7b6d42ef230ff6de4f2aed666d19d32211

SHA256
973c02522a3a7bd3c635efe21a53785a18bd3ef438c3ba4612cc66f5d70cb765

SHA512
9fd69de99488c8cf45bf82356e8d6a8391e298ec68b744a0ed275ccbaac7d910b5091be922accd189f8c7933fcd4d5edceceefc550cd9f7f41a5a83f66048e29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5e01999569385f953153ed526528332a

SHA1
2611f1d63355b32f3f47c127d26fa154ebe91cd0

SHA256
ef06be235ea8c93d4a67a7317125af6ab0e1d26a43c2d50450badd8097d92e4c

SHA512
7b6ad901b2f6b517e5faf37087cc0fa296f05a8df584c6459f4c2e252a8d018c01d5bea2ed8f4a860787ef05323f6e2ac92cac0fb161a6f4f11c7c366bf1e876

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
98861a5f7d08c333f33dabbd3837ec37

SHA1
a700fb3177c229542c3a3457f104e19fb3b12c4b

SHA256
2876c6ea8792c549e22303764b784856fc1e9f552b691a5f4b119bc06739ef87

SHA512
c021b54fe2bcd7fff905ab75356a9cc27b30d0f7a86c67adc9c995cd34c8bdd9f0f7024b0dd54808000dbdec5fc955d5e541f8c7069417fe53258e483bcb8481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
2a00676e8270652d027ee961e940c603

SHA1
e4cfc84d01164cc600602a81718cc411cfbd1746

SHA256
a15b0f0eadfe63920083a96d70eeaadaf7efcd4dd5d599583d6a5c2f64f0bbbb

SHA512
b081d4fbcfd89528fa33ee8b2bdc8dde2e821650fddebe4d74e3e570d78d82b8f782e6698e16906f9c7bc0b8c2bcb8e8f52376a9c157e41c441f9d2cbda8c933

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore.jsonlz4

Filesize
25KB

MD5
e094bb72493cfe67d723b2a03d503f45

SHA1
1a6b4aaaabaecbc961dab946e8ce77bdac6629e9

SHA256
4688886fbe44eab278960c9a588d4364a4f9b4ca6e440a724b75800bb719aec4

SHA512
b3e7551812c927d539b667b19d03bc1073001ab63e72825faed66c19f2a01b7f3fbc4df7918e82c27818dec26566c8c573cededcba404be63ca7a30bf734bb42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore.jsonlz4

Filesize
7KB

MD5
9cd288824ca9115b5edbac76ab2fb2d4

SHA1
cba46886b82821a4cb25ade37ff8c2b04de35489

SHA256
8083b664d5797acd8f924c503ef62e4075dbbc46492c0fa2aeca315de850b35e

SHA512
5578ab5f6994de809811308729328a14990a06e828f13014072e89d3b137abb8baf21b96fce056c2251b9ef13ef8158a07965735c01477cf55f2c10b1a094af4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage.sqlite

Filesize
4KB

MD5
1f3a10e72d1cc8a8c57a8eebbedf7d68

SHA1
51ad4c878608dc388579734aa785c46489c1acb7

SHA256
f8f26711d4182a2eb69367666216da94fa4f025a46ce05bff6c8b28825f293c8

SHA512
389d2630466f57d7ea7881865a29aede23d00c156b674eb730146019cbbba933b982ea29793832f744883551b71db6cb4503e3510cd2406d4803b8ae021bcdd1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
8KB

MD5
1978e522237a9ba7049a69234de5c3e0

SHA1
bdf3bdb2dd1247cc6f6f3210448970a06b581d3b

SHA256
5c1636ad1eb88e3e4a58e988d4a4c82865525d2955c4f19b40eb5d6781e4df38

SHA512
cf24aa7bc440525788bae1f272b31818e842590d3778d1a400bcc5867a62dc1e17e15815816b638994891b391a812f132fef019d333dc1335aefd641b59a879e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
cb1e8ce42d8f6fc69627a69b6e12fa7a

SHA1
01ad1e16c8b1eef0e3f6f44e1b36ed33820f50c2

SHA256
bdfc97e647a7c9b5aedab357e976d24723ac833a93614ff991bc385e7a12efa2

SHA512
421a8eba26f99b8a85e25a57b5b4377598c817c62d028fa102a282c69edee08247cda9926a7220e50d1a92e030c50923c40a17f77534a561a46448433bddf962

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
8e1f8b1a647ba97934b49fbe15c5d072

SHA1
22bd8c73d1ecdf3b1d7842297b0441e5fe1c8f2d

SHA256
fd8068858a8d53b53d38a1316e0f63948cdfed1d0235cec06514e7fcf79225d9

SHA512
078578b9cbb3122d38ed3a3454b42424e22dbb28ca3634811ca68a0d68df2f30a6edbceb75c2873c738de8ce2b78ca1637554947fb5bda5429f10b0d7995524b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
24ef81d1d44aa87a83cf61c79193617a

SHA1
e6b8418868619ac3ff97c62a96e47e15aa069af9

SHA256
b9028ac5b4d8e6226dae0eb9592fe45c58c930342ce4c5dadd743c188ef9b465

SHA512
9e0de5268f5fcd0b8faad23dc0525c908c77f1f47c625d5a7029129805b4e34b5e28fecb2925b0eefd09ae7f809f3d97ff7926645a0e359945360e1a71529a0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
memory/964-1681-0x00000000715AD000-0x00000000715B8000-memory.dmp

Filesize
44KB

Download
memory/964-1653-0x000000002FFF1000-0x000000002FFF2000-memory.dmp

Filesize
4KB

Download
memory/964-1654-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/964-1655-0x00000000715AD000-0x00000000715B8000-memory.dmp

Filesize
44KB

Download
memory/964-1680-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3120-1685-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/3120-1686-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/3652-1590-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/3652-1591-0x0000000073BCD000-0x0000000073BD8000-memory.dmp

Filesize
44KB

Download
memory/3652-1589-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/3652-1652-0x0000000073BCD000-0x0000000073BD8000-memory.dmp

Filesize
44KB

Download
memory/3848-1651-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/4080-1683-0x0000000003F20000-0x0000000003F21000-memory.dmp

Filesize
4KB

Download
memory/4080-1682-0x0000000003F30000-0x0000000003F40000-memory.dmp

Filesize
64KB

Download