Analysis

  • max time kernel
    128s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/05/2024, 19:06

General

  • Target

    Screenshot_669.png

  • Size

    673KB

  • MD5

    faf5a49e81f44a0ad2a62d05ed4a7a19

  • SHA1

    0778c8e500f653892c6a4991ebf874a7f7cfa998

  • SHA256

    37cd90d1f0591d1b80ac337fda767da566a41e86de8f1ebf9cf12419865563e2

  • SHA512

    869641f75ecc1351af0fd62a07316ce01d4dd77f8d487effd1b962fb6e85f369443e12337a2264ffd76a3b0af4bb64db1fb504379f8f79534d63876b80ccc63b

  • SSDEEP

    12288:LI8knVB9dtWtGIJZ1qLCTQvwlH7pJgtP2rVbKog8sw+6YbB8NrVH7f5ISQfPK:2B9dtAGIL1qLCMviH7pJggjIwxiB8NrN

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 16 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Screenshot_669.png
    1⤵
      PID:2512
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4960
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1520
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.0.2142032419\681885644" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1da0d01b-c6e4-423f-89c2-54fb1a2ffea2} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 1796 1ba46dd8a58 gpu
          3⤵
            PID:672
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.1.805141899\298033704" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc45cbc9-2165-4c8b-ba85-976678260f33} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2152 1ba3bb72558 socket
            3⤵
            • Checks processor information in registry
            PID:520
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.2.2147028412\1079500831" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3024 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f225f387-3a60-479c-a146-e8fdaa5c784d} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 2996 1ba46d5cb58 tab
            3⤵
              PID:2000
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.3.1539832661\2038680017" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45052f5d-027f-4893-8b6e-7770c8c64151} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3536 1ba3bb62b58 tab
              3⤵
                PID:1572
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.4.1118984791\376083299" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3300 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e85c8732-8a29-4102-ae7a-ae16c8aa0dbf} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3896 1ba4b3c4758 tab
                3⤵
                  PID:4732
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.5.1129974136\14621525" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 4768 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a29e3da-3c6d-4482-9788-8825d00adcee} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4596 1ba4df9de58 tab
                  3⤵
                    PID:4244
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.6.1246488677\663933885" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94b52b54-e648-46e8-866a-64aabee90801} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 3532 1ba4df9e158 tab
                    3⤵
                      PID:604
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.7.1246496987\599212798" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22dbae7a-9f89-485c-a280-cd9cb8e064ce} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5180 1ba4df9db58 tab
                      3⤵
                        PID:4048
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.8.130921710\121774774" -childID 7 -isForBrowser -prefsHandle 5384 -prefMapHandle 5392 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bbe088e-0b20-4465-982e-66e50376dccc} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5376 1ba3bb66b58 tab
                        3⤵
                          PID:2452
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.9.1308446641\2123261126" -childID 8 -isForBrowser -prefsHandle 4452 -prefMapHandle 4496 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3649397c-026e-407b-acfe-69317634391a} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4540 1ba46d0c958 tab
                          3⤵
                            PID:4152
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.10.924717105\1049638565" -parentBuildID 20221007134813 -prefsHandle 5828 -prefMapHandle 5028 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6f7ab4b-7d98-4b1b-a1c2-3e118c439bff} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 4620 1ba4bed2858 rdd
                            3⤵
                              PID:752
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.11.462798372\920789521" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5840 -prefMapHandle 5852 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cebf709c-1c4c-4dd4-8fa3-6d62bf13bb7b} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 5944 1ba4c110458 utility
                              3⤵
                                PID:5108
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1520.12.118873210\400280486" -childID 9 -isForBrowser -prefsHandle 6104 -prefMapHandle 6100 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cacfb3f7-fc71-4f43-b5f4-967bb32662b0} 1520 "\\.\pipe\gecko-crash-server-pipe.1520" 6112 1ba4bb10458 tab
                                3⤵
                                  PID:3720
                            • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
                              "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                              1⤵
                                PID:5912
                                • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
                                  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
                                  2⤵
                                    PID:5944
                                  • C:\Windows\SysWOW64\unregmp2.exe
                                    "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
                                    2⤵
                                      PID:5960
                                      • C:\Windows\System32\unregmp2.exe
                                        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                                        3⤵
                                        • Enumerates connected drives
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:6004
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                                    1⤵
                                      PID:3692
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe"
                                        2⤵
                                        • Checks processor information in registry
                                        • Suspicious use of AdjustPrivilegeToken
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        • Suspicious use of SetWindowsHookEx
                                        PID:5584
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.0.711185369\1095834317" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20871 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3237ea38-1f81-4b6c-90c0-332f623910ec} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 1796 29dd57b9758 gpu
                                          3⤵
                                            PID:4292
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.1.1445675566\2080464002" -parentBuildID 20221007134813 -prefsHandle 2116 -prefMapHandle 2112 -prefsLen 20952 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2142d5e7-f7e9-4661-88fd-30e290767872} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 2136 29dc2c72e58 socket
                                            3⤵
                                            • Checks processor information in registry
                                            PID:5704
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.2.1585238565\1184136273" -childID 1 -isForBrowser -prefsHandle 3220 -prefMapHandle 3228 -prefsLen 21055 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca5d78d-0d93-42c2-9dcd-61eb8c195abe} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 3240 29dd8f9e558 tab
                                            3⤵
                                              PID:5736
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.3.1748716395\1742114691" -childID 2 -isForBrowser -prefsHandle 3192 -prefMapHandle 3188 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a85e327-7b36-4462-86a4-983022f9536b} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 3168 29dd9ff6358 tab
                                              3⤵
                                                PID:1712
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.4.2014976336\567643322" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0eb0ba9-0c3b-4d10-a73f-b4d59764c7e1} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4132 29ddb3cf558 tab
                                                3⤵
                                                  PID:4304
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.5.1601636317\1392774316" -childID 4 -isForBrowser -prefsHandle 4500 -prefMapHandle 4496 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fabe7dff-ee1f-42d2-a8b3-d4de5e7702cd} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4456 29ddb3d2558 tab
                                                  3⤵
                                                    PID:5980
                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.6.1302763117\384229563" -childID 5 -isForBrowser -prefsHandle 4608 -prefMapHandle 4612 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b384c7a9-96d1-4309-970b-d6e4e995abc4} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4596 29ddb3d0a58 tab
                                                    3⤵
                                                      PID:5964
                                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5584.7.264903907\494217015" -childID 6 -isForBrowser -prefsHandle 4812 -prefMapHandle 4816 -prefsLen 26233 -prefMapSize 233543 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6ac049-6cb0-487b-91b2-de1c6adbddca} 5584 "\\.\pipe\gecko-crash-server-pipe.5584" 4800 29ddb3d1658 tab
                                                      3⤵
                                                        PID:5996
                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                                                    1⤵
                                                    • Drops file in Windows directory
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:6052
                                                  • C:\Windows\system32\browser_broker.exe
                                                    C:\Windows\system32\browser_broker.exe -Embedding
                                                    1⤵
                                                    • Modifies Internet Explorer settings
                                                    PID:5476
                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: MapViewOfSection
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2032
                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                    1⤵
                                                    • Drops file in Windows directory
                                                    • Modifies Internet Explorer settings
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4356
                                                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                    1⤵
                                                    • Drops file in Windows directory
                                                    • Modifies Internet Explorer settings
                                                    • Modifies registry class
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:4740
                                                  • C:\Windows\System32\rundll32.exe
                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                    1⤵
                                                      PID:752

                                                    Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                            Filesize

                                                            64KB

                                                            MD5

                                                            98df921f667bf303621c789390ed9f2e

                                                            SHA1

                                                            d9c82e51534cf1c2eb5a255286de6a09ca364d1a

                                                            SHA256

                                                            8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3

                                                            SHA512

                                                            58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

                                                            Filesize

                                                            9KB

                                                            MD5

                                                            7050d5ae8acfbe560fa11073fef8185d

                                                            SHA1

                                                            5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                            SHA256

                                                            cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                            SHA512

                                                            a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                                            Filesize

                                                            11KB

                                                            MD5

                                                            9a9033b42a7fcb91cb22143950a3ffd6

                                                            SHA1

                                                            db9d9e46d83a134c39c7ff7d6b07e89d09c763fa

                                                            SHA256

                                                            12575381a56277f506577ae73d3c4dd9f2615265bc2fc93a237d9ea5df2dfc59

                                                            SHA512

                                                            1cdf900a2aa072ca849e85cf2308fb38e459e81768d6abddafb7648f471f282cf66f40c819b04e5a882d93b1f492486a915e1ec893a0d24eb43a303bf8afa717

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                                            Filesize

                                                            7KB

                                                            MD5

                                                            c460716b62456449360b23cf5663f275

                                                            SHA1

                                                            06573a83d88286153066bae7062cc9300e567d92

                                                            SHA256

                                                            0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                                                            SHA512

                                                            476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\startupCache\scriptCache.bin

                                                            Filesize

                                                            7.7MB

                                                            MD5

                                                            83f257c1400d958be29329f7da8c3ebe

                                                            SHA1

                                                            b22050c7cf522d5232c29e30715b76c08e4be168

                                                            SHA256

                                                            e8ac78cd24c344d73b6d77138c583efc721a9a2dc791f337d593c6123ef0bde3

                                                            SHA512

                                                            42b2906e8d06d88b7647ab4c89bcfe701bae5ae21a135ee308eaea6c0306be6a019f715cd06f613f969d3723c1c10647a0ee9500257bb03b446fd1c33171b3db

                                                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\startupCache\urlCache.bin

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            7d0a6c9c1bf7c542de9c50793c00ac0a

                                                            SHA1

                                                            ae53836b8f2451c63b1438a5811b4f0f6b497813

                                                            SHA256

                                                            ec8a26b5da6ff640f90dbccfe2daeb2f984f8caf4710df2d64bf7ac989a1441c

                                                            SHA512

                                                            05706e5b1234d657438d466962d69c96c5f39ca18ae591c0a0d682e571cd1cb26cf1fd85cab52ff28df59bf727ec1545be2871e1361bff30157558d324e96c83

                                                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF0D1D22F016C415B2.TMP

                                                            Filesize

                                                            16KB

                                                            MD5

                                                            d147dc1e7531b845694a0366ace1f4e7

                                                            SHA1

                                                            0c3120ce43d7f950f4589aedf7ccc810e468c892

                                                            SHA256

                                                            99d264af5289dd3ea2d9ac547b6e19636d4711a07f0c53ba284cde06a71a8aab

                                                            SHA512

                                                            feb7904e6f5e528bc323fc5797da923fadf77593dc6c8730cbf72bf1616b02cf960fab683fb5e5e91ffacc57a00383ecf6a1ba0432cc1127fac353f6103e6f0c

                                                          • C:\Users\Admin\AppData\Local\Temp\tmp68671.WMC\allservices.xml

                                                            Filesize

                                                            546B

                                                            MD5

                                                            df03e65b8e082f24dab09c57bc9c6241

                                                            SHA1

                                                            6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

                                                            SHA256

                                                            155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

                                                            SHA512

                                                            ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

                                                          • C:\Users\Admin\AppData\Local\Temp\wmsetup.log

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            308a73e186f10bb0fb97d842cccfb12d

                                                            SHA1

                                                            56589e38922f32ca1599e1807e76343edf5f44cc

                                                            SHA256

                                                            9de8dc3c6d2330ef1feeedbff656698ce2ae80b924633fe784c8582d9e343cc7

                                                            SHA512

                                                            2abd28310750ea6bd9859852355ee6b364c3c4096d6edd8a466f5d26bb839beb2e5bcab81a1e4fc9eb06859279fe811475d3d53083ce977c28e58847e01339ab

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\AlternateServices.txt

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            ed4dea7d6ee28685aa96620612af1c3a

                                                            SHA1

                                                            5942a53ddc4748ce6e7c883a8cd267a4e433f243

                                                            SHA256

                                                            bcdfb03680242c6a3632e70bd5448166d278a281eaed05d3e33429c13e9c8ae7

                                                            SHA512

                                                            f6adb226b5218bb09fdaeeafbc2f18bb75361973cd68163bfd9ae9767d760afe8c4e5af587c9caac5b420d7a4bd873d4953db40b324b2bccf325c9599c1433fa

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\SiteSecurityServiceState.txt

                                                            Filesize

                                                            409B

                                                            MD5

                                                            c4c6d8ee5c78e0a6a368ca349e01a3b0

                                                            SHA1

                                                            efc5965e17a6dcd1954c2149b1dc5dddc0f1f637

                                                            SHA256

                                                            6bebea058a08803e275b7e3435d41b8df7dcaae213690c4eef24b8f57c52adfd

                                                            SHA512

                                                            2c0f41fd9f8efa28f63f38a729ac9d6929b22eba3d38e7dadd4415531ec1e09a85f0f9f222625f1e1e19d95e793d4b44da97c18200731f5302eab47367928cd2

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cert9.db

                                                            Filesize

                                                            224KB

                                                            MD5

                                                            37610b8ae7d46b26250b4c5faafe3603

                                                            SHA1

                                                            1b07d30b33b2025dc7f202c5423b841796a47fa4

                                                            SHA256

                                                            c40bdd555673eab6cd861bcd7cc3b0f47a1796e338ad0ceabe49dfdbb6978742

                                                            SHA512

                                                            d7dd264b3174f4f66d17ba43839a41f43f4cf10b1484b1e1cf350a8482f9dfd6c0a9345a320a735d3b33607e4bf9bcd132691b17f2ebca488d35278cce942cc3

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cookies.sqlite

                                                            Filesize

                                                            512KB

                                                            MD5

                                                            302115dabeca30b1db4cd9aa0914209d

                                                            SHA1

                                                            c0551568e1a0eaf47648ed8a082944272f839713

                                                            SHA256

                                                            e629af49e28385f932d28f2c1b7c98977f4dc7c949e567aa168ea1da92af574b

                                                            SHA512

                                                            e0abc35ca6979d3e6208693309636a0d03720a7b24e5416c2a91269a6327eb7a96e22e99240eb2f9466b535098c2531262b2db77aec1192d2059d134599d928a

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            9fcff1cd11de776f8071930e062a4f7f

                                                            SHA1

                                                            23ae5a83f330676392560da2681f98acd43bdba4

                                                            SHA256

                                                            4c65f7ec9e0d653192a1ea56315db68cf2b5b432b5c599715bc2e330c9043d60

                                                            SHA512

                                                            87fed97200e01a30c8e63a0dddb4edc95ecdf9472df18c55de2cdd16bca1ac20eba7e826939b9e98a4d07a79a3a7ffff68a6fbfc3d8a33da4ad2a8ef1494203d

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

                                                            Filesize

                                                            12KB

                                                            MD5

                                                            156bfc99633d64f3dc967623fd824b04

                                                            SHA1

                                                            b3b348dcadfb68539ea65a1791045b973b36154d

                                                            SHA256

                                                            7c64fc4997de50c18337e79e7eba1b6588ca449a06bb8312dc5211bf4d52e078

                                                            SHA512

                                                            a992e4d7e5c08823555ade70bad2516307a7e0400c1a5da248f59273d966fc5608f245fe4b30b31667ba06f9b5df5d4ac70ff238580977bccf45939e1a8134f7

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\events\events

                                                            Filesize

                                                            166B

                                                            MD5

                                                            43fd170218cc927a3474d69fd69e45d5

                                                            SHA1

                                                            867c5f23568101298fa173ccd586226ecaf70bec

                                                            SHA256

                                                            94b5429cba41fe6de17b87ccc59e76120aeaa1a644c0553879e6583736e04c97

                                                            SHA512

                                                            039c7eb4cfca2175f4b159304a476b772c5ec933e91ecdccc90ae81635a90d844fcf6e38eb11a778ecc9e528a9b9ab00b11f69079e75e7f20789522011f16129

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\3a50357d-ffdc-4d8a-830c-2f0dcf998b46

                                                            Filesize

                                                            746B

                                                            MD5

                                                            631264f3b45d70ba4d5039a25cf5523f

                                                            SHA1

                                                            02dae4add63f8e823aa99e8aace34170c1bde041

                                                            SHA256

                                                            9805758a44828cfa7364ce00d523fc0340d79217630500c7051889ad6a8c854a

                                                            SHA512

                                                            dd7eabe1bab3d5cfba27e6745e3900a0e24b36b75a47e2690575a9a76e3f0beeaf52956fe38da485c3370cb88a2f4fa7cda222462ccf9098cb7f97483fc0e3fd

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\9883389b-bce2-4321-a3c9-3ddc5565b319

                                                            Filesize

                                                            9KB

                                                            MD5

                                                            59f86240e182d6cb8251bd75d707d0bf

                                                            SHA1

                                                            95df80ada930ac638042c88d0593cf96d35f165d

                                                            SHA256

                                                            d80c16b515e2f930a7285665887234c79e156a2eb7e0b5fdf7b7003b3abc33bc

                                                            SHA512

                                                            7ce074343d434413891ab041588d7cb84efb710f991cd1a7f1861ec55c9ac7414dae97f99ac0d91de6a6c4aa82bcb5c067bae0d9ecd5195f96cd3cc806b3712d

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\e7ac4fae-1c2e-4756-8c49-b1a06af3aa9d

                                                            Filesize

                                                            790B

                                                            MD5

                                                            5883e2c9de03e9724ac4c14055c179a0

                                                            SHA1

                                                            6d70b4b6c40b6394f07206e228d41a066f4c7896

                                                            SHA256

                                                            372d1920a05ec99f6e5813e216f5b153231ef1ac947112ea288b91d61d257610

                                                            SHA512

                                                            e541fd4cc3db9ed809a118bc5715ff121724f9bce8423bf387afb15b10f00a0f03b87e6e09fd091702a01a8e06214cec4edf3a364414bd6a6e475249911110f5

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\ec0e80a5-b613-4297-9f6b-fb365433fb2a

                                                            Filesize

                                                            771B

                                                            MD5

                                                            b85688d8c5f9f1873f08b70c8eb2b7c3

                                                            SHA1

                                                            20849a3d50e36e5a8f4d1c2ba85f929172316a8e

                                                            SHA256

                                                            0676d574c2abd0a5dc10b0fdc1b05e855c51a58f60d89611bb087ee9bb127d05

                                                            SHA512

                                                            a8b62d7362027ee4062bc6bf18b68ddb9e0fade252bd7594890ecb5347812cf75bde7bfbfd8b0074d5d0259def6e7a5c49087a9f8ebfb4bfc0e7763bff47a400

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\favicons.sqlite

                                                            Filesize

                                                            5.0MB

                                                            MD5

                                                            2ab772b122b85998b6b33d6571a204ed

                                                            SHA1

                                                            7f90f82112d15ed4ddc7b31c18758e4a507afff2

                                                            SHA256

                                                            e088627b81f14b2ef39f8d156091fd47f51abb338a2fa4c0a64db03a53472929

                                                            SHA512

                                                            fa4dd83ee4bf7b81797cb40df100f1397c38d7846c60789075ee1a34c00909d3e27bd0b96f35a519f80d023673e5ef71e882b0eac763cd7701696a5b8dea330b

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\permissions.sqlite

                                                            Filesize

                                                            96KB

                                                            MD5

                                                            00e28365345074ccb475ee6b920ce17f

                                                            SHA1

                                                            04617057809d38820ca89ecc7f6d1052f095e280

                                                            SHA256

                                                            4a435c8eff48fed75e9ad2a483df3d7c5cd3f7a22bd9a4d82570024a0a1124c6

                                                            SHA512

                                                            f0f58b99331a3580f6570342a82d851e7e14f2594dfac8227769383bb1fde22e9b85e35c6791ee473659ae0a958d5ae435b6af17a7970263ff0f31e794058b1a

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\places.sqlite

                                                            Filesize

                                                            5.0MB

                                                            MD5

                                                            cb45818750ff0b6e49c29b6d85a2f98d

                                                            SHA1

                                                            9a705e54281466ceb8b1767efcf72a355ac02643

                                                            SHA256

                                                            4ed4446577f044eb9fd6ebadf59f1bbeb57c51757f497fc63fc76cf1a4ccfa70

                                                            SHA512

                                                            1b217b1c66cadc7c8debf690e2b980dd38abc06b5f18b1609b529319204f08e591bc9ea30de8a6cbebe3b72e96bbe10fa609021ecf91c4b4c59fa6967d53df0e

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            c44e440cc0a6c6e3d0180d143e544b78

                                                            SHA1

                                                            fa3e245256b750c1916ac0ab4dde550dba44952f

                                                            SHA256

                                                            d05643ac29dd48f77bee2d66efb2ccc99d2266f6356f7b1bbc72de55ef01bb38

                                                            SHA512

                                                            23bab00c3ec99c7749da70da3f456b7653305a5a40872971fd2e8c0805ea4e9f172f6f89dc5782c67e4f630a5dba5af2ea2c84d988437bd51bf8e430d2f61c4d

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            ef7710d2d51bef422f4a1aa7426218c3

                                                            SHA1

                                                            2a9cd72980b5fcd7dd76ba30d6f966b3725ccd6a

                                                            SHA256

                                                            41ebb5e7d9e46602420ed9d9e0206842b565e0f9bffaffedb11fe7a9b34c5c11

                                                            SHA512

                                                            62bc8ef3ea11f142d82020f0eda04408a80324170ded5a46f0d9ff360b06ee0bbcef0e7e96676fdbe93113ca8b3f993f3e42301120b287cdbdaf9c4bcf6e3743

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            857c213810c165965e6376b414286559

                                                            SHA1

                                                            c0b96d99f585f620b3d071258f80d73d15b82f76

                                                            SHA256

                                                            e46ff7abcbc5a5ef3fa29aee6077fc78d09884154206a49f3c6d8f0a7d48f166

                                                            SHA512

                                                            95297ce24c035ff4287c63ebb7367ce18e9d3a38fe3a82e1ce374b00d13aaa9a77e9b51cfac1f79375be8bfa4b741edafd738a724e91d1dba62bc755a08d77f6

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            f0140613bb83309e55ecc5bc69b6df0e

                                                            SHA1

                                                            42514dcacda926be0b9a5ea5ee2a58569702384c

                                                            SHA256

                                                            ca418d968fd51fe17787ae7d38ec11d83601a19abc94c589e2ffd7040ae4a751

                                                            SHA512

                                                            84a96e66bc39ca0e01f35ddca0f96ce17b5d0e454a942a091f5632b3efb042963c4fd908d30189091f6614d30a3e4755cd479a47ed1db71c3bf93360249b3731

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            8e9d0368b34aa5d4b726fafb2b5dd314

                                                            SHA1

                                                            da2808cc67f999a62b1f1adcdc7e34e1b4074028

                                                            SHA256

                                                            cdfb708756a2cafc5aa8d79c089e3f8a5c75dd9daefe509be6824bbbf7a86f0b

                                                            SHA512

                                                            f4b9c5b317bb654cbfcdb70c9faf036601f0324b09cfb2c5dfecae8e4bb4eda7d26212148944625a26a2b1244b80c3eb16ad57f5fdac04f7d115897f589c4c6b

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

                                                            Filesize

                                                            6KB

                                                            MD5

                                                            a817af6d1f2010b2125ac7ad10f17d1d

                                                            SHA1

                                                            9d7648f8fd42d727be53810f99e326bc51ea4546

                                                            SHA256

                                                            0e4d138643de853c0745bc3d23c5bebb8d644d0ef0523aaf9255af2ea820615a

                                                            SHA512

                                                            ae8894761f8c0bd6f430935868be0e70749491c1bf72341366398865c01e498bfc48a6e5d61adb0b5d78de06ba0637b978573020b93c60edc14b6e210ffff0f7

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\protections.sqlite

                                                            Filesize

                                                            64KB

                                                            MD5

                                                            deeced8825e857ead7ba3784966be7be

                                                            SHA1

                                                            e72a09807d97d0aeb8baedd537f2489306e25490

                                                            SHA256

                                                            b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

                                                            SHA512

                                                            01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json

                                                            Filesize

                                                            288B

                                                            MD5

                                                            6b77a9f779399e95d1cee931a2c8f8ff

                                                            SHA1

                                                            826efd4feb0d50fcce5696111af7c811b81adcd9

                                                            SHA256

                                                            3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

                                                            SHA512

                                                            ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp

                                                            Filesize

                                                            90B

                                                            MD5

                                                            c4ab2ee59ca41b6d6a6ea911f35bdc00

                                                            SHA1

                                                            5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                                            SHA256

                                                            00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                                            SHA512

                                                            71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp

                                                            Filesize

                                                            146B

                                                            MD5

                                                            65690c43c42921410ec8043e34f09079

                                                            SHA1

                                                            362add4dbd0c978ae222a354a4e8d35563da14b4

                                                            SHA256

                                                            7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

                                                            SHA512

                                                            c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp

                                                            Filesize

                                                            53B

                                                            MD5

                                                            ea8b62857dfdbd3d0be7d7e4a954ec9a

                                                            SHA1

                                                            b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                                            SHA256

                                                            792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                                            SHA512

                                                            076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp

                                                            Filesize

                                                            259B

                                                            MD5

                                                            700fe59d2eb10b8cd28525fcc46bc0cc

                                                            SHA1

                                                            339badf0e1eba5332bff317d7cf8a41d5860390d

                                                            SHA256

                                                            4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

                                                            SHA512

                                                            3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp

                                                            Filesize

                                                            288B

                                                            MD5

                                                            948a7403e323297c6bb8a5c791b42866

                                                            SHA1

                                                            88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

                                                            SHA256

                                                            2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

                                                            SHA512

                                                            17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json.tmp

                                                            Filesize

                                                            122B

                                                            MD5

                                                            99601438ae1349b653fcd00278943f90

                                                            SHA1

                                                            8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

                                                            SHA256

                                                            72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

                                                            SHA512

                                                            ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            1edfb9a182c23c867632563c13be6b0b

                                                            SHA1

                                                            4e9305d2d8b0c9420bab3ec238ed246804933a46

                                                            SHA256

                                                            22ebe0b3c7bddb34389dcbba048cf93739e5cb6f190b640eb57d638d43dd2bab

                                                            SHA512

                                                            f02030a9200c0c96f5b0eb53c7c5976e4f0950e2f5dbb56cc57f026a56f71e7e857ab8e10941436b1d26994920f5563f438015cd458b3e1b8fcb089ce4dcb0a2

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                            Filesize

                                                            1KB

                                                            MD5

                                                            08e0ecd7697ffefdfe4a90cdf45eb3af

                                                            SHA1

                                                            ef9eba1483b74f7972f6bb222c771c9bd5130a34

                                                            SHA256

                                                            e88238ad174aede1cd7dde423927860341501fe567bd801b067c4c6143be103b

                                                            SHA512

                                                            acce093493a29fe14318a38ed74c00510c3804e6b9ee1ed434eeda5e452689ebd65c49748d1ac7a84ceb7a502b173f35f8e6769868b966a8f74b4d5d98de0c65

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            d0fde98af85e77f7f2f63b37174e2a54

                                                            SHA1

                                                            eda5d4f3474c3a7496c3d6d50dbf6ec35caae7b2

                                                            SHA256

                                                            621a7f71287fb1c13caf48b8cfcb8dd12aa5b0420ef20a217b2022c4261807fc

                                                            SHA512

                                                            5dd120c327e80104e1f5419003dabae7ebb04b1aa536f3f001b6e39db2f865846a489fb5e95ee75348ce25e033f05c5579c74c25f30bb8392a27d943555b5f7a

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4

                                                            Filesize

                                                            2KB

                                                            MD5

                                                            634c4b38460a8ffa3ea48360cdc1ec01

                                                            SHA1

                                                            07fe78fbef8f615c744285c52962a2647252b66e

                                                            SHA256

                                                            824ea6e199b14d140493929ce5dbe82092f6721ef3a9f1c4c3df5fbdd5142041

                                                            SHA512

                                                            d116ce7f56469cd6c91a5a11198ef0f2bf461095f77ccb7f20a1f992a41d9335701bb4465b14142771a01873909ab6ae82b3846f65c2c95b5612992091e33a5b

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore.jsonlz4

                                                            Filesize

                                                            897B

                                                            MD5

                                                            1aef34c490c564b2a5859ea059de9d04

                                                            SHA1

                                                            262cd41d3b97cee3bf44ec83c2ba1995afb18069

                                                            SHA256

                                                            6157da92aa50a386bf00c779b8e8379d34572d87b2138f4d9e280692d1a88dda

                                                            SHA512

                                                            cf310a7f26a4cd9407a1937cfd538820d86c8c7ba13ec2f29c9bea60621f2a56cc93afd46009650ffdc52954d3f7e66efb0ca4d4daa9438e92f2750a0866cfdf

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage.sqlite

                                                            Filesize

                                                            4KB

                                                            MD5

                                                            f3ef789d1431b684774ecbb5f4d9c0c9

                                                            SHA1

                                                            9b7bbe31b5b25ca799fbb43e5aaf7da59a5a74b8

                                                            SHA256

                                                            0ddbabf403e90454eb41b1aedcc2a0ff91d6190a8301949e510739de96f9093c

                                                            SHA512

                                                            1b699e89749a1b36df517b9e985e519f9f3c0815adf70d542dd2ac979305d4d65d4989a8ab4400a90e5f2f904312f23ab4ddfe9950d2e3bd7f848207e22e565e

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\cache\morgue\11\{bd17c7a9-6bea-4906-9103-9893583e210b}.final

                                                            Filesize

                                                            192B

                                                            MD5

                                                            2a252393b98be6348c4ba18003cc3471

                                                            SHA1

                                                            40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

                                                            SHA256

                                                            04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

                                                            SHA512

                                                            07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\idb\3265427339yCt7-%iCt7-%r8e9sfp2o.sqlite

                                                            Filesize

                                                            48KB

                                                            MD5

                                                            2a286d4b6d43df6aa5b27ba753a27083

                                                            SHA1

                                                            2b3453f760c96a9b64a09083483576d3c37c7b08

                                                            SHA256

                                                            5c21fed5eba985da547e6775ab4a3fcf540bbd36d01e53ef3792a893a8636a97

                                                            SHA512

                                                            a670973b4cdc57e40bd7011dacce9cc1547e2e4f79b34ca97d4e0d29cd88e3cdf6b3818b3b6be335bd250f13dbd2e0a58162e5e6ded16b1d26eed17ae1123fa7

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                                            Filesize

                                                            48KB

                                                            MD5

                                                            1d6ec695ec51166f0f2be27dc58d271f

                                                            SHA1

                                                            a0c551a10bf58fe4fb851d42df9bd02e5ae6e380

                                                            SHA256

                                                            5480bd50f39b04454f2d02bd2717d004d798655e5f10585d2441f6c18c2a6d3e

                                                            SHA512

                                                            4a621d0f6bade8429e2b48bbb059e2e3885a9427b8e5b5621fe08bb0813c1b93f2ee2520976896929f720ebe412599463c25460469b27c607d282e14dd1f24d3

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                            Filesize

                                                            184KB

                                                            MD5

                                                            637e42544bf4e4e5c858d87fceb302a2

                                                            SHA1

                                                            1d747ea0d89437cd39d02c76ed70df3b7c505ee1

                                                            SHA256

                                                            5a519846989ec4eed303d9fe8b5554410b502177bb6b4199c6cf25290a4913c2

                                                            SHA512

                                                            bde691d8015773707c4445155ba1ad419033c335bb11ca325b9c249e8aed83fefd096bab28806213ad368508e2a5be362c4a5a8038dae40246a8bf0a246cb8cb

                                                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\xulstore.json

                                                            Filesize

                                                            120B

                                                            MD5

                                                            05e1ddb4298be4c948c3ae839859c3e9

                                                            SHA1

                                                            ea9195602eeed8d06644026809e07b3ad29335e5

                                                            SHA256

                                                            1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

                                                            SHA512

                                                            3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

                                                          • C:\Users\Admin\Desktop\StartRepair.ico

                                                            Filesize

                                                            551KB

                                                            MD5

                                                            32f6d302dd0a4b736f592ab69738aebc

                                                            SHA1

                                                            7f2f7f50a45cab253fef265701c560896f014d4e

                                                            SHA256

                                                            cf9726b559d375ddf1c8dc3fbe6f97cd6fd352c7050b2975a8571773e8d8d705

                                                            SHA512

                                                            9c585bb0041cd9d56c4d358b3922117fbe25423b888fb3a6b54bb141f0b11aba90df33bab81aafabefe81a374e8804eada5e1ad99484c4ade284c7e9ef8c6e18

                                                          • C:\Users\Admin\Desktop\SwitchDisconnect.pptm

                                                            Filesize

                                                            657KB

                                                            MD5

                                                            41c922e524bf33f91426616c4e898ee0

                                                            SHA1

                                                            81bdea82f7ab62fd3bb039c7e001764048052795

                                                            SHA256

                                                            ff81c47a7401446a043907a10099f554851adb7306c2cabea1ab89f88791e4f1

                                                            SHA512

                                                            a051576de3be2a208c79812e64240c29ea8ce7a2a8d56d5b6e3159ef0bed2e83fb5c0edb180b93c4e2b92d5f221e8381090a47f0b3646e6b47020b05c99b250c

                                                          • memory/4356-654-0x000001D2A6080000-0x000001D2A6180000-memory.dmp

                                                            Filesize

                                                            1024KB

                                                          • memory/4356-652-0x000001D2A6080000-0x000001D2A6180000-memory.dmp

                                                            Filesize

                                                            1024KB

                                                          • memory/4356-653-0x000001D2A6080000-0x000001D2A6180000-memory.dmp

                                                            Filesize

                                                            1024KB

                                                          • memory/4740-659-0x0000026B31130000-0x0000026B31230000-memory.dmp

                                                            Filesize

                                                            1024KB

                                                          • memory/4740-664-0x0000026B419C0000-0x0000026B419C2000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/4740-668-0x0000026B41B00000-0x0000026B41B02000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/4740-670-0x0000026B41B20000-0x0000026B41B22000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/4740-672-0x0000026B41BE0000-0x0000026B41BE2000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/4740-674-0x0000026B41C00000-0x0000026B41C02000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/4740-666-0x0000026B419E0000-0x0000026B419E2000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/6052-699-0x0000022E06B20000-0x0000022E06B22000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/6052-702-0x0000022E04D10000-0x0000022E04D11000-memory.dmp

                                                            Filesize

                                                            4KB

                                                          • memory/6052-706-0x0000022E04AD0000-0x0000022E04AD1000-memory.dmp

                                                            Filesize

                                                            4KB

                                                          • memory/6052-623-0x0000022E07920000-0x0000022E07930000-memory.dmp

                                                            Filesize

                                                            64KB

                                                          • memory/6052-642-0x0000022E04AE0000-0x0000022E04AE2000-memory.dmp

                                                            Filesize

                                                            8KB

                                                          • memory/6052-607-0x0000022E07820000-0x0000022E07830000-memory.dmp

                                                            Filesize

                                                            64KB