dharma | dcf6bfa9392179f23ce11d1fe78325845bf0d1a921b720ef3cd7878020623e42

Resubmissions

21-06-2024 06:37

240621-hdgsjazdrg 3

21-06-2024 06:35

21-06-2024 06:33

21-06-2024 06:30

21-06-2024 06:25

21-06-2024 06:06

21-06-2024 05:55

Analysis

max time kernel
492s
max time network
438s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-06-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

steam_pfp_1.jpg
Size

5KB
MD5

db49c318451e36edef4137e52013da0b
SHA1

672212d918f7a67e9667efa50742d30f86663cf2
SHA256

dcf6bfa9392179f23ce11d1fe78325845bf0d1a921b720ef3cd7878020623e42
SHA512

5688a951972310da828bae076187e111adbd7670a8664a40ab6c26ffd4a85243a7c6a22c5482e889b8d058a0826c0654fd855035393a2ca747c4d5f2700f2e95
SSDEEP

96:VWLxsrCRz/hrzk1aCJCUvY6gkBMmkSM8AkxudbpXSG1i:ETRzJ8DJRf3RxJYxpCyi

Score

10^/10

dharma defense_evasion execution impact persistence ransomware spyware stealer

Malware Config

Signatures

Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
ransomware dharma
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
Deletes itself 1 IoCs

Processes:

CoronaVirus.exe

pid process

592 CoronaVirus.exe

pid	process
592	CoronaVirus.exe

Drops startup file 5 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	CoronaVirus.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta	CoronaVirus.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe	CoronaVirus.exe

Executes dropped EXE 1 IoCs

Processes:

CoronaVirus.exe

pid process

592 CoronaVirus.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
592	CoronaVirus.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

CoronaVirus.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe"	CoronaVirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\""	CoronaVirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\""	CoronaVirus.exe

Drops desktop.ini file(s) 64 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	CoronaVirus.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-4106386276-4127174233-3637007343-1000\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu Places\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-4106386276-4127174233-3637007343-1000\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\Stationery\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	CoronaVirus.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

416 raw.githubusercontent.com
417 raw.githubusercontent.com
418 raw.githubusercontent.com
419 raw.githubusercontent.com
Drops file in System32 directory 2 IoCs

Processes:

CoronaVirus.exe

description ioc process

File created C:\Windows\System32\CoronaVirus.exe CoronaVirus.exe
File created C:\Windows\System32\Info.hta CoronaVirus.exe

flow	ioc
416	raw.githubusercontent.com
417	raw.githubusercontent.com
418	raw.githubusercontent.com
419	raw.githubusercontent.com

description	ioc	process
File created	C:\Windows\System32\CoronaVirus.exe	CoronaVirus.exe
File created	C:\Windows\System32\Info.hta	CoronaVirus.exe

Drops file in Program Files directory 64 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\adobe_spinner_mini.gif.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\ui-strings.js.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\SmallTile.scale-100.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-125.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\en-gb\ui-strings.js	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\it-IT\msadcor.dll.mui	CoronaVirus.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	CoronaVirus.exe
File opened for modification	C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.scale-100.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\editpdf.svg	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugin.js	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_iio.dll.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\15.jpg	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons.png.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\cy_60x42.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-400.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_remove_18.svg.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\PAPYRUS.TTF	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.8883896e.pri	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\WorldClockLargeTile.contrast-black_scale-100.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\warning_2x.png.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\pa_16x11.png	CoronaVirus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-gb\ui-strings.js.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80_contrast-black.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\OutlookMailSmallTile.scale-200.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\custom_poster.png.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_es_135x40.svg	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\plugin.js	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\PlayStore_icon.svg.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\2653_24x24x32.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-white_targetsize-60.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\tr-tr\ui-strings.js	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CORPCHAR.TXT.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ul-oob.xrm-ms.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.11621.0_neutral_resources.scale-200_8wekyb3d8bbwe\Assets\MusicStoreLogo.scale-200.png	CoronaVirus.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sk-sk\ui-strings.js	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\1914_24x24x32.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe	CoronaVirus.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\604_32x32x32.png	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dll	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.id-CE3B98CF.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms	CoronaVirus.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Direct Volume Access
T1006

Processes:

vssadmin.exevssadmin.exe

pid process

19388 vssadmin.exe
21412 vssadmin.exe

pid	process
19388	vssadmin.exe
21412	vssadmin.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634229789507646"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeCoronaVirus.exe

pid	process
396	chrome.exe
396	chrome.exe
3128	chrome.exe
3128	chrome.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe
592	CoronaVirus.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

396 chrome.exe
396 chrome.exe
396 chrome.exe
396 chrome.exe
396 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe
Token: SeShutdownPrivilege	396	chrome.exe
Token: SeCreatePagefilePrivilege	396	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exefirefox.exefirefox.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
3696	firefox.exe
3696	firefox.exe
3696	firefox.exe
3696	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

chrome.exefirefox.exefirefox.exe

pid	process
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
396	chrome.exe
3696	firefox.exe
3696	firefox.exe
3696	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

firefox.exefirefox.exe

pid process

3696 firefox.exe
3272 firefox.exe
3272 firefox.exe
3272 firefox.exe
3272 firefox.exe
3272 firefox.exe
3272 firefox.exe
3272 firefox.exe

pid	process
3696	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe
3272	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 396 wrote to memory of 936	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 936	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 3144	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 1224	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 1224	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe
PID 396 wrote to memory of 4776	396	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\steam_pfp_1.jpg
1⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcbd049758,0x7ffcbd049768,0x7ffcbd049778
2⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:2
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:1224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:4776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:1
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:1
2⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4020 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:1
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5088 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5068 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1112 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:1
2⤵
PID:660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4716 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:8
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3656 --field-trial-handle=1732,i,15650553134057203568,14126084511254952576,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2604

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f0
1⤵
PID:2324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.0.1386985392\1849759715" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e8a1238-4330-41bd-b574-9a6d28a15e0b} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 1764 1b0baa05b58 gpu
3⤵
PID:1076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.1.1397732664\857083271" -parentBuildID 20221007134813 -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1a523c-039f-4227-8b2d-d4ee79ea66c7} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2104 1b0a7372858 socket
3⤵
- Checks processor information in registry
PID:2692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.2.596962962\1896262175" -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20152ef8-3f09-40b1-bafe-490ae22990f6} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2724 1b0bd796d58 tab
3⤵
PID:2304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.3.522491237\485683098" -childID 2 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {512b7a74-2386-4cdb-b2bb-aa1d680b33fc} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 3436 1b0a735f858 tab
3⤵
PID:2376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.4.176378058\935960419" -childID 3 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d53754cf-6b10-415a-b26e-8c1d4856d254} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4140 1b0bef7b958 tab
3⤵
PID:4088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.5.2073744105\142041560" -childID 4 -isForBrowser -prefsHandle 4896 -prefMapHandle 4892 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd6f0c93-a976-47e3-bef7-640ce2ef4333} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4904 1b0bef7ad58 tab
3⤵
PID:1440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.6.504842845\1510602530" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {282d160a-bf20-4f60-acaa-a4144cd85abb} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2556 1b0bfdee058 tab
3⤵
PID:4148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.7.1051847944\1534900344" -childID 6 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a48a038-6c29-4ff8-a704-75a94a00a60a} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 5196 1b0c1395d58 tab
3⤵
PID:1892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
PID:204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
4⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.0.2134294129\760172976" -parentBuildID 20221007134813 -prefsHandle 1632 -prefMapHandle 1620 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d1f49ff-9e79-418b-90a0-ddfcd80ff5e6} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 1708 206225f0d58 gpu
5⤵
PID:168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.1.59238294\1281175273" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1868 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d321cf6-9a32-4a32-b705-4a3394ca237d} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 1896 20622a6ee58 socket
5⤵
- Checks processor information in registry
PID:1312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.2.2089724101\740250690" -childID 1 -isForBrowser -prefsHandle 3524 -prefMapHandle 3520 -prefsLen 23735 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c618354a-c28b-43e2-bde5-4008d07d928f} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 3560 20627866858 tab
5⤵
PID:2464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.3.1587642430\447216739" -childID 2 -isForBrowser -prefsHandle 2984 -prefMapHandle 3028 -prefsLen 23780 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04a61fcc-868a-400b-846d-167a6912c026} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 3284 20627868658 tab
5⤵
PID:2744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.4.1596175244\188876991" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 24924 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {122d4cd8-0694-49f4-be6e-85a00b6c9e33} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 3992 20628404758 tab
5⤵
PID:1408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.5.265225156\132405480" -parentBuildID 20221007134813 -prefsHandle 4232 -prefMapHandle 3560 -prefsLen 30538 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd1cfe57-468f-435a-a5a6-f043c6565a0c} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 3816 2062ac30b58 rdd
5⤵
PID:3100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.6.2115937303\303794079" -childID 4 -isForBrowser -prefsHandle 2768 -prefMapHandle 2904 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1870340e-191a-46ce-b948-7c348a90e618} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 2772 20628b67258 tab
5⤵
PID:3280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.7.421992696\1545950572" -childID 5 -isForBrowser -prefsHandle 2788 -prefMapHandle 4812 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a39e4358-0bf4-44ad-a190-7c626b3551cf} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 2748 2062ac33258 tab
5⤵
PID:2380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.8.109069834\1625972153" -childID 6 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8eb9d6-ee44-4b72-a75f-eb3d8adcc57d} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 4984 2062b0ba958 tab
5⤵
PID:4776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.9.1621725889\600429872" -childID 7 -isForBrowser -prefsHandle 5024 -prefMapHandle 5016 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e5b5ab1-1abc-4730-a897-6d7a5f02d18e} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 5328 2062a2f5258 tab
5⤵
PID:2860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.10.1224667009\1380608065" -childID 8 -isForBrowser -prefsHandle 3004 -prefMapHandle 5772 -prefsLen 32580 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca6e3809-f907-4c3c-b85f-1645d6bd5258} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 5644 2062a5c8258 tab
5⤵
PID:3956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.11.1150021811\318882562" -childID 9 -isForBrowser -prefsHandle 5996 -prefMapHandle 5992 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0d70363-676e-4c78-b7a7-b5807b1ae4e1} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 3700 2062a60fb58 tab
5⤵
PID:3180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.12.513905255\1924311735" -childID 10 -isForBrowser -prefsHandle 5956 -prefMapHandle 10160 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a409350f-ddcd-48a3-97c5-1d805936f8b8} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 5696 2062b0b8258 tab
5⤵
PID:3660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3272.13.2125266606\582202813" -childID 11 -isForBrowser -prefsHandle 4808 -prefMapHandle 4416 -prefsLen 32764 -prefMapSize 230321 -jsInitHandle 1160 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04e2ffb-54ee-4ec7-ad02-b258dee36846} 3272 "\\.\pipe\gecko-crash-server-pipe.3272" 3688 20623b9e758 tab
5⤵
PID:3780

C:\Users\Admin\Downloads\CoronaVirus.exe
"C:\Users\Admin\Downloads\CoronaVirus.exe"
5⤵
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:592

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:3560

C:\Windows\system32\mode.com
mode con cp select=1251
7⤵
PID:8624

C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
7⤵
- Interacts with shadow copies
PID:19388

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
6⤵
PID:19900

C:\Windows\system32\mode.com
mode con cp select=1251
7⤵
PID:19296

C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
7⤵
- Interacts with shadow copies
PID:21412

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
6⤵
PID:19180

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
6⤵
PID:16388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:19496

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:19384

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Direct Volume Access

T1006

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Inhibit System Recovery

T1490

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll.id-CE3B98CF.[[email protected]].ncov
Filesize
2.5MB

MD5
68951e73b52291c2e95eef76ed28786b

SHA1
d2177ca4ce4d1ef3bd8ae20216b8c05a861b1c36

SHA256
2694879c6908c264d147b053c66c13be2025ec27c70d6eadf3cd47ca74922856

SHA512
63961e5371a8796c9a068b3301fd11ea1633d296254d3893236e2576e87ab10cb0bb3d919e2cc28eca6920ff5f7ea920eee94dc9226417fd1064409b222998fb

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
326KB

MD5
9d49c318d858059ef14b999577d0fd9e

SHA1
25693280ecdf7ff92ead0f741d4a0133f9afcf0c

SHA256
1ec31c82dd97bae431d252efaf380a84f58bddab55033051374413d962dea9f1

SHA512
d19e31b33ca6323bba48dda581138308efa52e820f4331af925462681d8dbf777ca4f17ea9246b83b907a00eb8ddf57fb1256b531c08d2a277a030154dd1d20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
133KB

MD5
e7a6fb8978b40ede02f572f7f6cdc541

SHA1
7487dcf685fffc6ed67e6b40d778e4ac3ad7d8e4

SHA256
bb0c344d05018874bafcfa2c1271f7ebe7ca3a449f03937680b41fab020b6af6

SHA512
8d71f31dc337d872682b2074522dcfbc57618a53ea5cd117e83beeda8773ba9157f61c02c1d59b91e8d38b116c37c50c19924d9ec02e0b28618244b0f3167fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
4fd43da61773c7adfe273628730ff29a

SHA1
bcd448724fc00a2b9a4462ee967948859a3a7f50

SHA256
04b807b2317c9826dead43bb7e83a7e2f5632131623ea8b8d2766700cf4cf9d4

SHA512
60a3e8f5a7da9121c2e4358c8d41dc5fb1afd5a57ca0ea8f18031ed42203600e12f3e747660b3c2b1fc870063429fbc2e9162d6d06c97be067af5f64220a773a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
327985ba92234822d4f2f8f2ef742784

SHA1
7d7719cb232bde42a187a1734780514e9f4bde77

SHA256
070dbef441731fdd74756f702d492638d076a00276213087badbdd47f075ed9e

SHA512
2c3c99a5fe4a53dff20ea57287205a5952fcea3a68abcf4931defdf70ac3a54c72afd66d93a00d75708dec236f15c6afef03edde1b266ac1a2ab2427b80471c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
3aced633b25b9f60689b2a6dd11349d1

SHA1
9d68ed03b0dd1390c689adc3ffc79f28eab6077b

SHA256
ffadf2015d6f71df369baabed035f16f5394b1a9c10f90b8f595a764a8020130

SHA512
681c053035971670d3841207a9c217a88da92134f748c559538d12806f3788c0d677c237fb6b515ea1d49c51ca8b72552583477711d694fd2e580fc59d21aa63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
148KB

MD5
a02825482500acde519340f29fa0cf53

SHA1
75b0c5d8b981dcdc20dc123b3f4b43c638f363b0

SHA256
432847f0d664e9b10463f1fbe246f71b5beb00078befb0938b1ff81f6df0a092

SHA512
54e8f897b63dc62a22d9fb00fb57f5e0d0feeeaecc3ccaa24c68ab7a079b2891be7fc691286f491e5a3ff1bd3b332c24be36959f4e906e16371698430dd9456c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
101543d488cf6fe4c6fa5de500f5965e

SHA1
dedff3e1757989763eefdb952aea5b772bf2a5e5

SHA256
26510c4741a3f4b11ac262fd038baf2beac28a2e36e53b00cd564729779cfc3d

SHA512
4f7956af981fbae466c29ffabbaa463e237bb96d3d06b7bbd2c06d1fb85a8c834dcdfb8d6f701bd4b712deca6ab242dd779de0c3ee2aabf2443e2c8674d00871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
001e0cf8f7791a875daa5608de5b31a0

SHA1
c04b61001f1f55d3dda08bd298b67416be2691d3

SHA256
2b6fb9ac237c271c800fa630aa3dcaaf0ee3f3f1f9d1b7792e1f10c4544fc96e

SHA512
e9c40bd55fcb447b6c64022ca82803120cfb85f3cd542df0c5104ead09721f092a6b5d89ceb4bbb53c5b922beed94756c4dc3dc3c4a3eb015c05d1eb99539169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
0d3c17240b72328028b3d0271d1f1cb9

SHA1
ee4da1b41b84cb882f1e4a921f0843126683b3fd

SHA256
fe0993c7eee96a0fa68ce3f1da97f8251f93aea87b730a8581178ae7d05c5a2d

SHA512
659f53c4b0661b5787ff0e2b68491cb75aee14de8fe51fb20b5ed2e49f34755ed2d8e856710b22eff9d6d0919fd1ba627fd15a4281232afc816cda29fcbb5209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
a96e4364e856cacc39fbe2265af9edc3

SHA1
8457cae464078e6a7c91c1081fbd82c2f7e7de0f

SHA256
645399510d52e126c474d7998a25791dfff8a55ca7ddc4188b748eaaa80e70ef

SHA512
1de316c0e97ca9a1d024c426173215403e929a9c8e9c6ab8ec0f6dc4f1ad4ac5b2f04ad72b814d6e1de2957c44f5a62d6550740741c4356e638680efc8ffece8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
2b0a973fbe11fc41d70a200d55dc4612

SHA1
ecb5434c582952c7d028bfd2f86f48518f2ccb12

SHA256
0bf07b88930dbcd45fc21948456e2e0092597950f9eb45e379f955341c16ef8b

SHA512
d98cb8ab982a49cf368fe0de2e19cf92ddea6fa0d3e9b62cc94e7397b87530f75422daf45b08eda7fd1376d678c31655d0aa62c26f2a3a8cec48c529d43c2488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
874B

MD5
5217e987a821b283f76bc81cba66a59d

SHA1
f8da5127af3391464eefdf816ff926fafb55c309

SHA256
cc03b0fec7e5718d11bb75d6279c584040cd65ac121624cdd2cf2f4bd4d97e1a

SHA512
102fcc3ed3ab84955f58e9361055dd7c921dce9cf7b09921f4d14eb9508aabcc5fad530a4725513584cfc3a66bdacbd1955be182fa5b890fcd06cd20832bc6de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
967f3e8cf27a0f811c15dbf187a65979

SHA1
cc7d13b0c11ecee0940daf1c9d705c9e7f40de2b

SHA256
1d9cf037a18187e044de80159fc6905ed6fb4b78b0a68923bfd7e174757fb679

SHA512
6ffcba4484d91304d2fad1f431c6c14a960beea32cb4dd6fe3895b7667df599155f0f32ea1e88fe3fc5bc51d879b9cc3ba62b0911f2ba99bef1e144dafe76b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a6f95d6a-f45e-4b0e-b5f7-0fc567db587f.tmp
Filesize
2KB

MD5
03d2cb9749af597cf68c69b2dc954e60

SHA1
8f6c2c3f79bd282650c8df51c82762ff42c9067c

SHA256
0953c98fc11f240005afefe5fef247339a0de1ee72d8685b34073f6bdca4c6cb

SHA512
92e2a221fbed5f901d9db137f55651db32db6f7a00be08717ad00694d1e592638fe87140e776d679643c80bcfea1d59587e348f4503362f3b0175feb90bbdd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
cb270a43a145fc885ea22b959a72ec53

SHA1
90448c2d4314b12a686d68c153cf5550a8871dd3

SHA256
19d844ab3a9549fa838e46dd54a05af165a483a2bc84ba95e89d1e44cf648a9a

SHA512
10a000cfcdff5d607319995cef4f51424aa924562935deba682e18e315954bc12ec329fc867a4aa4d7859fc9e6b5d3843e8d98d713e73673095bc3e35ddaddff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
408862d20903aacd7d160797eb06be08

SHA1
71950bf882e7f27c4e6e410578db412ac0e718c1

SHA256
61c474c4b32af9fe2235ef54ca6d75877b61fdf683bbe887e6eba392e2a148f4

SHA512
7dfcc92392e27ed95e1b86b256de60c35ed80b8d1596ee95fc2607c95c3aaa85b332a674a95750e9f7154340e74dbbd8d5b0b87ef35df65a09d85f7f089c3a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
58a9b929d361e1c8284b74808e85d11d

SHA1
732c1198fb47bf698d6a7f1faa09d66b2e20a67e

SHA256
d1b80715436aea219c1ee50b2dd871fbf243bffbd11cd581cde3554443f68839

SHA512
d9859d27b0cd14b0d2819d50370bde8d5f270174b5b2569a3551bc483c1cb764ace309614f0e6ff979ae9de2b6747a791f963d78be4eca69907bad341d5c2687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fb545cf506255c7cfc351c1d51e85b5d

SHA1
08bf6cf74953ed3a35ff80e6aad0e727c8988e98

SHA256
6989698f8440399e1cf6a6ffb6bff9840ee006da50c01fd8c9a44f34e7917cf6

SHA512
32a1a75aa35719cb6c3570cdbb39e911b5d3af06cdb6da10524f8687d07f3b03d6a1c71a5c295636a5befdb70a07598bc680676541ba6e90122848d886bf3d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
97900534a1d8dbbccb8bdb8552460546

SHA1
f2f6096932a5b4b8332ddc8658315c8c4c6fdaf3

SHA256
7f1f843303cc787ad11ea94c5a3ea5c0b9ccbffab648df75973a2110f896f9b4

SHA512
0565605226e1c6036ef736e9e8c76e18270d03a6d608976c97a3055fb4f4be17f6b55de3402772ce2ab11eeed853ef787e74d0bd090379b2f90e1bb37a162b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7d3c19c69a820d679c7926fd53858d05

SHA1
259598a0b2f5488511c2dba4a50b56139589cfc1

SHA256
2d89618b4d3bf5084ca42c001fdcc7426c65039b3f63893bcb3fd9e2efbafe58

SHA512
2a52aff2d06d07826f15fbd23b0bc17058cdf01d9fc76c76f3aa143b567451a37355cd5c11e4468f586ecfcd6223aecad6e8871a9b2167957537e54ef39c9808

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
9bece5212c41366f401aff5f9666a5c0

SHA1
fea3e09b09c5e26f328008b88b45ab974319ce2f

SHA256
036ffd7870035dde1134b18acc1c9ec1782db4cce7d9d733b475423b4de05214

SHA512
177fbd59d9229d271259efbbb55ab576ffc25c32298482fdd5f4ffc73a6f8189015c829f5a612f5e72db93d6f4e8b68177435b41e6d928e874945595f4a29326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
784c7baac3ca7fdffb78b2d927d343de

SHA1
1af908bc29988c13eaed1803411f7ac7d747723c

SHA256
6f4e9c5c7227ab2253c642f60fe2b3a1ca07033eee37c10f8a83a63bc7e6af53

SHA512
38961cd34516284941413b49f1f2a4f3a6b7907362fc1773448553e6150a248dd5b8266487e0521dd10f901bc248d5569f291166c2c6fdb2a955c0b52f149349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8e4665be-5739-41d3-afe6-bedc7d4e8d72\index-dir\the-real-index
Filesize
2KB

MD5
9a08fdf4697a85769240ac1aadd69513

SHA1
1588be2fdbc87982e8d85f047526c6483e5a593b

SHA256
904a3d70d9f2da6104729b526032d70f925b187db27fbfc69de729296eb0be29

SHA512
9c70c5d3550b1a8eae1eeccb5dfe5b0deeeb7d3f2e536cf9d78f3a991a7b06f93c634248dfc3d9416d71949d69f5fba9d15e8ac24679e06afb0ca75e60e20e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8e4665be-5739-41d3-afe6-bedc7d4e8d72\index-dir\the-real-index
Filesize
2KB

MD5
b07be503bc1468af1c883212c3deca2e

SHA1
27b7fbb6b22f3e22da95ced6f2b44f6c23a51ea8

SHA256
ae8d63580851ed8db8d16d6daef67a2c2d584948dbbbe73f7a1eda8a15dde3fe

SHA512
4b47248bd1674bf11cc48551b85896dfc3a7a9876871940a0f808a8c391346db57c045e2c5606679a27b3da1b297c522feffc6244df74e1f6ca4af8c0dc37000

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8e4665be-5739-41d3-afe6-bedc7d4e8d72\index-dir\the-real-index~RFe594de7.TMP
Filesize
48B

MD5
326d26c7d1b580c130dc99762452b6a8

SHA1
383020d23f5195489e88c2b453e54d28bc0fbfed

SHA256
7e8841801a06a2ff2d52d56e5d82c8f844039b7969a8be5f72192dfff9d44f7c

SHA512
3ea86f035ab39b768aacd9b3c45587e615733009f186a0d0e89854e03e257e6bc0152bf695dfe6817b76e12a37a897f68f021fc0c2897ea11c6c064bb6be26c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfcd9136-eb71-4a69-81da-125789a8eeea\index-dir\the-real-index
Filesize
624B

MD5
bad19cba2224b85736a6c737d78bd734

SHA1
681e6b0cfbd037cd146b68b8f38a005797b3bb93

SHA256
2f3cd992d7cc4f0e4ab7de197607daf09039c2be2e362e153cdce17b9d30fca3

SHA512
39c4bd30da1436799b48fbf13aa53b3fc161f6efdcb32bf29c3d3158007e8e37b5382bebc50ec30481c16d9e3cce6a9c775ad2a6ed32195313e9ed3fdcc60861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dfcd9136-eb71-4a69-81da-125789a8eeea\index-dir\the-real-index~RFe595058.TMP
Filesize
48B

MD5
a8c3580175863e39cd7822113b3e7577

SHA1
a062980519605d24827f49a6f4c077e489c8657f

SHA256
20b8056666837d7d240eb88150c7099b3a03c99e14747bb83b15e2192831d702

SHA512
c1b40c9a78a1824e8e78b30c0c6cbba1fc74497d885165afc06d2e6f8bb76271b51334d8cadc7fd56f60017f2457c55a562846c9123a226d8789674738858bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
176B

MD5
e0acd7fe280efc6de367ced3a06197f8

SHA1
e4d3985141b4cab2b4c2ca040cfaf137a8bf350f

SHA256
e034469c79154195f33de4a605ac6b60126d0f6bff74df69ad5e44014bee6102

SHA512
ab5173949b1be7c1d9ac4947bda089af44abdba617f4d1fa3e21fe4e10a30c17f911195e558fca0fcff25254b990398d58e06e801628ca1c8e70f554599ac6de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
185B

MD5
31a06da2d59a6567bbdab84dbbdc29ab

SHA1
82f6a448b7b24a9f9211acf4503956a8a371fffa

SHA256
c2922728520b16240c3cdecd0305c35b983ff0b58d181d73e5e78a2b0796f2b3

SHA512
8385594c1c73f693b37681b98d0b80e3580b22cc1d75208465a1df5a83879bd2177919478213c36918a92c3534f00d23852be94f69b8d395bf1eebcb322d347a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
183B

MD5
f803a207d2d2526a9db95c9488b4683a

SHA1
34210e2b9b28a06a5c161c617bfbb08249acef20

SHA256
2ad25d4fd46755196e0168b3e2f3be9e4e5d0a997d182e170d8eec1c27dcd969

SHA512
4c6ed76d5e215b9056bb49aa075b5c112fab2bab3f328500e2db02f3df661d325ec74762c2a915d9b1713891f0b60f2f4b9c2eeea1813ddf4efed9094a05e10f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
112B

MD5
c2bd317356e84b6513ca4f0132daca74

SHA1
76dbb7be624b3c7c8ad4b48287c856fa6cf8ee6a

SHA256
a76838d37774954c3532017315e45b05b6bcdf10a67e625b52a0acb70722d600

SHA512
c39af06db6479b52076acc6efb2c612445bfa48da4feb1907422c3d2789d88413e7b217c88de5facdd1b51bf2464bd6865c165db6b42fed58fb3a6e6aa353796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
183B

MD5
58dce83f73dd1fffe1ade17ea726a6ff

SHA1
e2f6ba0d1add3125c976d3bc8cf1bc495a09ad9d

SHA256
7e23e423572412b42a778ea42881a109ab2b19886329109b818f6fbd90842a54

SHA512
b775ec51aaf4d9100da375d17d3bc0e7a82b2014d981c053d662a03bfc93b14c312afe55651d42825f00ee6af34fda1aa05cabdcd9f5be931ec7a63f2c09ea04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ea9a.TMP
Filesize
119B

MD5
47305904c6f294ac92ef1a336ab96781

SHA1
93c8a84b5a825870c379233f61e076f1b82f4c5e

SHA256
42e0a638fd6d8e876472273a60eb9f00b4c7257fcd15909e993a8438a6d4283f

SHA512
29622c42a4895f539566317bda086e4ec5f1a5447d2aa46c79c8f0d795f271e1081199e481581e3b23fa6cea456d10a168cb8415579e2bc2c353cbf9b37cbb3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
f5c479b8c7000ec4126082a4f527424a

SHA1
da95b687124347bce2f7b786f34b2bf6afac1a7c

SHA256
7b8128ac6cf1e530e02face34bcffac72a9a42497a86a34e10cae2084c7eb715

SHA512
3e5def51e8910e611acf5192edab2098be4c98fb3f43a4ca6ebcfb6205f58682e6ddd2a51e1d12ed407b63d89ab29a7ddc4e0d5f5dbf037988e23b3f5be4c4f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593d3e.TMP
Filesize
48B

MD5
f1ebc8ed79c74ea43e46f53a8e8d2d88

SHA1
5a802943daa42c64109c7864b7405952d4045263

SHA256
4819798c987875d8ae33ecc1d557d934418532bce03062ccd789f1663a1814a0

SHA512
0e8997f07830a43f60317382b723b8393227ea4afc8de732891d84d960ca79fe70d210623aa09305a746468443ac908a993876a3e3c3d8fac5dc6b2dcdcb3986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir396_330861974\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
286KB

MD5
4a6153fb9a7593d44dc12e273c9f8754

SHA1
cd3d924a5409f297523ade9baee0eef5b5d1fc30

SHA256
ab75185285c130490330eec1b9dcbd2bafcc10cb0e28dd6fe64f8b238e09147a

SHA512
eb39b71f2ebf21a150defe4976d67a2c64742da793342b35f4bdf8dbc31a7ce841327b32468a20c2d5ee1e49664ae861d5d6108d1c65a2c63df72a2616c5dc7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
286KB

MD5
641948c7a325bef1c71357496923ab62

SHA1
ff57f60e246ac45a2f73e4c75ccb817f5231d677

SHA256
b9746d91fa70139a73d154145100030feba5a30329f5b405f4e7a57526cf2627

SHA512
1be3c3a40d4c3570c4019893aae81913db0ac727102aa39e1bdfbcf895d4990dac4c1c330778d9b56636a554c75068ab646e71fd2502e9584c08e37d7d69146a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
24957bb87d2602d2045ac4e84e82537c

SHA1
ddc82c9dbd25550d91b5aebba90fa9dc233466f5

SHA256
067a24d338551cb4488232ce8784bb181030f6f45c0ec114c627f00a9d70f06f

SHA512
5b088556807bc70682bd888a39077c1f1ce66c8720e0d24da7ef5d28d43e9f89d6f5a81973aed554f5d8d48a2f5d417f1d6553e5bea358b597609cb6db7ea5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59115b.TMP
Filesize
92KB

MD5
d258fb8a9bcbef6685d7e431f8de3ae7

SHA1
05612037fbdf5f0eef6f80895e80fdfffd367237

SHA256
3a71c9fb8b1a45dbff862895b89e2aa8f3611c2eb068bb79d46fa6da647625ac

SHA512
03bbda2c6648346904f819dcdab73745f71ddba1cc2da11f62380f8f68306bbf03bf79593de225ea24bf0936188873255a54756f86f1362a5596d9fa13616b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\activity-stream.discovery_stream.json.tmp
Filesize
23KB

MD5
955b917bc6fc7ac38a6dae9529302020

SHA1
f3e6eb5788a62533f5d4aae0f83d43f37a2031d0

SHA256
db4e170a5a66e6f217f698ee6b031572c6a952c57ceafc1f7eed74907cd16a7d

SHA512
3cb6fc44223f0339c06935aacefa01a2875b28579d3540ef20a21c1fdb7c04c9d2ae836fe87635142c1fe3cded554a4f6720dfbdde9371bc896bd8ef2bbe5a86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\cache2\doomed\23939
Filesize
12KB

MD5
36ac9c99ff065d6bb9c7e6b5583acc06

SHA1
598c9f3fca7e058c28f81c29dc4b327b231ba879

SHA256
34b02871047b06b8cd1063a781753c16774698e1c3e584a06b4e272a6c6bf176

SHA512
6933f28f3ab82695cce3c4d031bcd9bf5289edd7544daf2909ea1616d37095ca72d6b590a3ec4d18b65811e0085bbfef6fe3236b2b12bfe5a8323e837164ad16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\cache2\doomed\27475
Filesize
12KB

MD5
0d6ab729e6fe9949683059638bdbf660

SHA1
d7360014250ee59c1e662eadf1de5e90bc8ed4e5

SHA256
ba06b5f2ec93d5345d92e8cb2672a00f8a3a81e506f1c664c3b4d69881cf4c45

SHA512
298790037392a984e24c7d81aa674451d03b4660b655f54cef46367c8449e0cddba8893a743ba2d7f9469691efdb1d3664dbff7dc850390ff68a05552e779ff7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\cache2\entries\B88624BB5022AC079C435C3AF09B9AB8EA4B3B85
Filesize
54KB

MD5
3668ef6a2fd3731f9367697688150d30

SHA1
d95da023ab20c1263fc11ec8d7547c9c7cb1e883

SHA256
478df3f991c93850e28d83cc77a8baf35fea4eb82cdcbf9370828e407aebffed

SHA512
6b5a1b46cb97eec857d3e5283299fd7e41255341569731720b0ba85a090be94826e86e54be9ebd84a6d60dd596470b7b15959f5fbdb7617fea025a83ef835f98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\jumpListCache\HNEbOhHW8BTBRo92HRqB7w==.ico
Filesize
965B

MD5
c9da4495de6ef7289e392f902404b4c8

SHA1
aa002e5d746c3ba0366cd90337a038fc01c987c9

SHA256
13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f

SHA512
bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
030f60e1580241b9426002b9e310176a

SHA1
ee5536b84fd6f30b6021c11bebf38da8053cb5c5

SHA256
a97b9b9eb2592509e72cb75ff492e28c6a7e367e8f0a766503de1f66a707e56f

SHA512
2b8caca818ede75c62c1c112485c8167db1e394868297083154193157a07022eb011d8fad233933813dca5cf268f3c81d670d2fa9dc4f12f49f70a91f2a04efa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
11KB

MD5
213f8b4dd213b85665475251cd34b659

SHA1
96227edd7046beb421c279b1ec8d912916dd893c

SHA256
c8b67df1a74eb0cbd6161bd59fb194b2fc0d2b06e134a1be1297a59c7bf47036

SHA512
8c99fd060e44025ed54ff4e0b4d3e779588c7758700def1dc6d85b5a9a341050f9b9e46e5f424435f789e4ebb7b6bf4d8131617737c47e3cf2576e49cd73f535

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
1a7fdc580d788c06ac89c9b1acba6fec

SHA1
206e236be0a2e50e69fd9862aa9b8d0064e530d8

SHA256
1787eec67346c63b1bb97b98eb5ecdbd4d6fcbe700f17c6f44bb0b4378053e6d

SHA512
6ec412fdba6dc880ce87fd8746709ed9be1b20f41261b8e0ba3e3d070698d143daf957f50da0c8633578aebc9c2fee20e2a48d5058995932cba77b932798c5b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache-child.bin
Filesize
464KB

MD5
b1c0b3951a7abee30fb0ab72941beba3

SHA1
3d996cedee1d6eb87d144f8e220d41740978247e

SHA256
41edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f

SHA512
dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache.bin
Filesize
7.7MB

MD5
325f7bdb13ea18d66e970accf700ac6c

SHA1
603c9665f3eaad0dc075bc60ba5ff3f7deed5525

SHA256
809bc5c66cdcab9f9f61ee51f7f7ec8d65559a71cceab124cbefc3cd59ca4646

SHA512
842172615cfef94161721041b3fbea6af32753b55c731a5cb6d3cb8aac7ff6334fe7b5bd634387469b89b43f372c09ad32dc7da3b34819f58ded69c6be9e8148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
fa7717c30226b22964a956170efd4ce4

SHA1
eccdc9c53757cb3b6fec814605250d59aef8174e

SHA256
1770f6f02d6382d8949c68bf6ed7ae2a6d772dc9fe590b65db5b05ba8e3bd5eb

SHA512
76010ce78a31ec0f534af5ab0d0d311517ec46d0cf27a89866813bc46a19d33cd29fcb7474e03882db05490719a63dd0c3602b3d4387a13ee869c7b3c12ebcdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
Filesize
1.0MB

MD5
055d1462f66a350d9886542d4d79bc2b

SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565

SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
11KB

MD5
62ed5bbfe73c8b6330575e7906822a92

SHA1
7f3c63b8887206985fbcd65c841a1ff48ec93dcf

SHA256
09683304316798f82bd51a467589f6370b6fefa89cd6531d86bb40a0ca14fe51

SHA512
7660ac541b20801023a610e304aebc18d99eb489136ccd928708cf30305c23acefaf7430b96ecbf6ddd6a393e170510b5a3cf0127d13e1fc948baa47503331b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\containers.json
Filesize
939B

MD5
94a3843fad8c45c48b0e07342df3dfdc

SHA1
d55b650208bda884d573afebd90830a3f4d7c201

SHA256
854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72

SHA512
4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\cookies.sqlite
Filesize
512KB

MD5
03fa45a2ee34e719762013379603c542

SHA1
78bd56dd8626348aa2dda7dde7e153ed59054cef

SHA256
78012853bfb7b1e4533750f47c04da230b94b0118b293152a5f80401a3031ec3

SHA512
0c1ebbd6376126faf6eaf8701b0529cfa3f1e0c2842682d12030d0658b33b436b2979a71f170871b52963457a47174a3de8d646b6f5d6f8b7366ce6483f93bf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
8fdd99e2a61d0dcedd6b077658b7b008

SHA1
aabaf20f1d12af45a624f460b837689cdfb80d79

SHA256
f59ca27ab3ff82522c1093904dce76e7956f9189a406bda1ea09f9a0ea2804a8

SHA512
ccad7fcebd866271042dc732d36c60e9528eeef4e10ba971096840222382f6c7056e1bf8b6841de173b4dde64cc636135cbe3f50e2a414b7d26c186375b4a14b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\datareporting\glean\db\data.safe.bin
Filesize
11KB

MD5
547dbeb80b3c69bc8b659aa9e543bee2

SHA1
b2155740745cf83bf677caf202468166192351e8

SHA256
5e04a6828d97a1bbec8116ddc4d026b00a309679c6985a10e96fe5f8b0fb96c5

SHA512
39675bc7c49bffce85721c82c62267b65be9897b85d644756fd7cefbfc8d0234c3ae69946449690dfe08fff4402df1722960a1385a806024dce305f91be0a492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\datareporting\glean\pending_pings\564a6d86-1184-46e9-a8ff-44a16aa210c4
Filesize
779B

MD5
dd3f9189cf834534ed404bc3efaeaf6b

SHA1
bfac2cbb331f0590fee65330f8875aadc5ed0ad3

SHA256
8da1956543230713437f10d56157581b70c557444d19a8477fe80248ca403d7b

SHA512
dba79af336b7e58008d93575ee1d671eadfea6d43c569ee3ad7f6d6cc3ff79b1c98f2621e6a78651a2ec77f87618f0c78e0333e7f4c46b230851c0a2aef390d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\datareporting\glean\pending_pings\5c26ea6a-1fb4-47d0-b61a-a7630eb50a36
Filesize
656B

MD5
4bae0c53b38d50280564c4b6d17e6959

SHA1
87fdfbeb8fdc21b68520e5c8fc160d3a35258b95

SHA256
0af6b188653435b4ec4600a84dcaf4d029069a8e4415bf4a66993df87bb7e543

SHA512
88a7741108821fd8d575cc244b5225ba6c608dc490bef81b7d95d71574d17ef5c5f8cae3d335d777a012a72ce3c1c86e59809999da97b5ecb1af6e0f195a35bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\datareporting\glean\pending_pings\641c0709-36b6-4cae-a232-255f9426a7f4
Filesize
587B

MD5
75adfab3b3838e7aca57a3b423c9ae44

SHA1
3b68c22443599b98dbe03c792e2923e0aca8fd3b

SHA256
db2f40181bab2e08f814d2af04ec816410ee2c9f649e0a5aca779ca3dda5adda

SHA512
33601a8e44adfd82d28404b80d88515317974d73734a01ae5d6d566f3ed8a88715621baaacabb585ed8e5b3038b24ca8ad10b80f9193e05346d7c4bcd74c6e12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\datareporting\glean\pending_pings\9d4b2bba-9c64-4fb0-baec-df41053bb750
Filesize
1KB

MD5
fd35168535feeeefd92cc1c4988520d0

SHA1
b63f04039a1c6cd66bf3b40323cdda8fcbef0953

SHA256
52cf1d7e82616351d51f47344a6d047b4899bcf3b5790416d5db61d183cd71a0

SHA512
7c42455d0c2ee60895aeaabb11cc9b9382033377d87bd7eead7c8009f80e95c8526230ebf0d95f261889801ea082bf3c4bd0cba32edc6846cd036b3c0ada37ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\extensions.json.tmp
Filesize
36KB

MD5
aa6431eee7792b78194e514f7629d628

SHA1
8aa64aa40de178fecdb168d3dac8acd20bb28d20

SHA256
4b984246ea75f82e7cebab0f1aa6f71973277c4a5c8a5a624c1c221db27f1f88

SHA512
11af4ae52f5fc4406e1bc8957e54b9b6314d3b1c5668fae21c133ff28fda949134e3103366852aff6241816e7d3929cdbdff59683a9f84ddff0956679a019f23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\favicons.sqlite
Filesize
5.8MB

MD5
a131f5dbc35b3002fcd4c763decf886b

SHA1
69d98741da7fd96032a7fe5caabca6e6f5e36c9f

SHA256
74d96a0d7b09a0203808de3110d6efe1c3d3ca3cd1b202d61df52d6ee2386755

SHA512
ce7df1d1ed490989e6f3dfc8a596d157c8378c766f988979eea37379bd33b22fcd4824029afeaa08727544fc061c83cd16bba951e3695043fcaf718707baac0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\handlers.json
Filesize
410B

MD5
e7a65c5ead519a7b802f991353c26d3d

SHA1
34cc3c1cf9bd4912dba5fa422010934e46419fa3

SHA256
0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

SHA512
2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\key4.db
Filesize
288KB

MD5
fcbc77944be2372e710710faf51cf778

SHA1
09c44179c030f12109b6f0d0da37e89213563b0a

SHA256
2c96352d2676fc8b142dde6d724bcc1530fa59aa232fe79e8e0012c10d2f611e

SHA512
eb0be50ab2585b9d54df6477e5adbebce65c2ce4e3636b16e348544ded974058ce045feb7ec5bc0934825c81441775c9ceafc66bd3950618f04984a6fa8a3018

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\places.sqlite
Filesize
5.8MB

MD5
6783b76c6ab9e6031bf20a4fea85046a

SHA1
c5d3e2ce54caf7b2725c0e306dd55c2dc4a955f4

SHA256
dc9dc8bc50dfcc35e0f810094d5bf96e498c4cc460f5e0154a4b7ceb424d62f5

SHA512
5c66061df96110276592a0e14bcac9df58ca7e529a493a9f2f766d88f46aa753e81a5db74ae2fbbffe9c7e1aa68d0da06e326439978b5f5c4d8668e730421625

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\prefs-1.js
Filesize
6KB

MD5
4d2fa4bc9340a1ea394397ade13bc6ce

SHA1
749df62a79060b33f53a798cb1f76fa45d31d5cf

SHA256
cc8376131f8f9479691e13535f72a59cc10e47e29e3e688be6ba15adad80463e

SHA512
baf9144fb31d2f6aa5e7ff5d3467814dbe8f89409220512d2d34cf761415a2decc5efed3a127af29ed0d88c97c8646f96f13e1fc50393dad44132b1d83c4b299

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\prefs-1.js
Filesize
6KB

MD5
5f7c9a1e5410e8716c1b74887a8bfe7c

SHA1
64c7af91fb02533cc70417d56b7a583ec6caf6cd

SHA256
bc7a711b414801084cf946c40d89cc414806ca99e8d732a68bd478ee804192c5

SHA512
d4964ea52af06d1b0ff364b2cff581c907f6b3284ec1d02672498b6297a6fed34e98a42df62b25822701a60619f27424e4e2faaf9318cb7fdd9bea67ebb8eb21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\prefs-1.js
Filesize
6KB

MD5
3a28d9ee05a45b56f0266cd18180deab

SHA1
cef1f9e34b3e4713212b1c8cbde6cdfa6178c190

SHA256
7704531ec4d141db3fc120e63d15223328253b1b031d000170f33176d9694ece

SHA512
4ec60fcddc020ee89f2387ef1ee0117f97afd17de109a04d57c820da2b128ee8bb73e1c0133995776068aa20022c0edce5bb808c9ccb6c7bf58306503a0bb265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\prefs-1.js
Filesize
6KB

MD5
6afa30e4861bc7b1f9189d427cee3934

SHA1
9c4c43509f1992b8a0b5eac1d0a7147a8c43d747

SHA256
e4672fab281f356acb0c96abce2a1bbe63e4eab421ce491968583b8d9268020c

SHA512
3e0a6f68359558938ba2c9b7f3b9f7bf1cdb508d26a5826e67dc5a3da09aa5fd0f56ccc5e392cabe5c69326e9950c4b1df02b83e73336a1d795ec0392fbf216a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\prefs-1.js
Filesize
6KB

MD5
064e7ac02e6d70b13b146fe45dd46421

SHA1
3057e5cbe7db24b8786c70e21aee4d2c2707f20b

SHA256
883995a5cb7b4f1ac11b57018ed75359875eea79d6c826b55fcc111559537e1b

SHA512
addd82a26aa4dcfabab9496976c7f6e7aecc4001322e441f8f4a711b4075285974ca90c3f7a2a9e51a69075464429b578027f3ae14c1f9e9a71284da88331761

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\prefs.js
Filesize
1KB

MD5
40efc974ecfd639e94241385f8ff06e8

SHA1
bab43d952e18bfd65c0271ed7ed8cd85c05fa076

SHA256
f88a7277d3f81b526aef4fbbbc083e8fc7e660855d0fec0acb1143c8b692764d

SHA512
6f793d7e38d9fae42566dafd5ef0e6c4cf6c03bcca44f983b4bcff002b71d11442885da79b06520ae45f6fe552f84aed3f5b8d0de672a736b0cca603593608a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\search.json.mozlz4
Filesize
280B

MD5
41d220d4783f67d2b57beec20c135229

SHA1
6e97765e77920b6010fac2cb4abf1e3cea106541

SHA256
5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc

SHA512
dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionCheckpoints.json
Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionCheckpoints.json.tmp
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionCheckpoints.json.tmp
Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
904B

MD5
b3fa6b5bba3b1e1064c436037f10b76d

SHA1
c7a0d4955e0a44827d5513e62f3f0226b81687a0

SHA256
b69da522381308eb3db9534ebb2ddc14f58cf862d0dd4e5dcc65327d69e3cb87

SHA512
37e68daf65cf5b583d110ec9e2a8d198a090bc8c1d120b3cb68799e70a03289707af8918b846ab289b644824d2e6b8a43a395f7f39cc8e3800cf9c301aa9ffa6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
c2b16ba29533f598fe1dafd6be5aed16

SHA1
18a8cc10f0db69c0ccc9b1b47fdc9c533dd27fcb

SHA256
f1d83b8ca3f956a345252705d6e4f0d55cacf5da8c011ddbe2ffb2df627971d0

SHA512
6f8727b67fb3d35256ea34e170d9861d69e4f04783c5de8c1a12a9e84950374b144ae6b275ac34b2fdfa8e0d6569c7f92b3fcd9985a70c60b2cd29abe2cd8cb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
c8db7b744db659ae69a2a7bf6c0c06c7

SHA1
b3b817c240cffefba228eb6cf8595b2889d1912a

SHA256
89e535eea87b576acd858b9e615bc838dbbe8157bd4dcd202093751022ca1ddb

SHA512
0b1392c37fa26f010f573131ab724244fff761dfde26ec2d6870fcef982cec4c9377fdf353234e5c707d814cf6716dd2bdeb678901904fbc4dddd10778d8f613

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
ce8aa9c728e43e74b5e62be3cfd4339b

SHA1
9247d69dd1a3f99efe924ed264048c881d0c6dc1

SHA256
65ee663f7e4899abdb8f42c02b95c2dc1ef594f5cad2f57c79c783e528c01b20

SHA512
be6d3587fe91b0ad61069d038b264ebc09555cdaa3d72a32d42ab61d7b859ed43d91d55e76aa3b499ae0b93bd3c423a4a7bf86fc6d687602406546d83138657e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
637B

MD5
cd55c100ed7f2eb1c39332b924620808

SHA1
edb1d9934c7616c8aacec60623fc11c46329bf79

SHA256
da3ec208d830c61d95ca59f831c404bfdcc6f4c965586c20b368f9c3c2d36dcb

SHA512
a2b780b0d578f328a8f3d8fd3c8c34fd97c22c2a32225460da8ea28fb4b02479fc21f5b4ad833660487a6d01b2ebeaec00c87efb32006364fe654385c96158e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
925d02df1e6775e59bb2e7adb8b87295

SHA1
6e03bbc9385f5670f5b4cf80d757e14c8c6432a4

SHA256
1c4133f7061dafba8aedfde4494dc5c26af4b149371504895d7e7b8838dadd9c

SHA512
3c222cf175fcf88256c9377d9f1b82c939320ce21886fa24f7636ae3064a8e7bfeac0a7264805703f4b746dacd7b0fdd3079473114ed8d7397ea8a916020d6c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
b02c8034895ee290601f4c5de216ec31

SHA1
9b4eaa335f3d2721f0f83491d6dcb0ab26390c39

SHA256
2cb8423590b0edffdb459bb0ac0a4b5d813f8828749e55e9760db0760a1551c0

SHA512
c5af0a0bf5b1dd8682ff4dc7c0a7f36eb6ad9079bc53f5322e2fb314cfbf3df3828d8283402216fc810ffb27bc78ec2cd9e8259cf72205f9cdebcfcab7a09818

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
52f6cadbe942847b287862661ee82b0a

SHA1
84d7be1e500f363ffb98b2cbee43c8b87a7ba2f0

SHA256
97b2a6d6832d66083bc756b4f9eb55eb34beea552bc633edd43b674cbfab60d7

SHA512
7cfdc1db2b4b830e4181b88e5c64be6a107689ffe69350481f57f88aca2917d8a56105aea437f6d445001375bb49ed6b78886990407548f8bdfcdad6e23437e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
eb5ea3d74431f1e95249334a447b81d5

SHA1
5b3df6ae9cecb4998df0f83a58e1289dc5ca3428

SHA256
6ec451e2c949402bdda9315de31d373662ea033503dcc652b49785c662373735

SHA512
2828771353715c08967911bdafa024e0f36da1ff5141e7396bc727965d70a1186579ee9034e601f2907665eb016f2bb9cd8374aa96b26aa3127f0c027c43dbf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
d58fa69401d4467e9a127fbe8163c5ec

SHA1
2cd6bc0b2938b7eafd1898d53b5686700bd4858a

SHA256
993079e6eba64dedfeb402af0768f44e596c49e3b1be3ba215557025a404bfe5

SHA512
7158c89087ae97389d6a386842c593c82ed5963ad17afe8732d791e0c57cbc254dec017340179f3ac5d0945c7ff0daf63e19565cde6f5a75b44b542d801aaec7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
63f8e9af84a4f24bde4f5be216e1a82a

SHA1
fc4d7d2936b33ed39e0d366c2075443ea6c82e0f

SHA256
fd74b428f015e797e3ff8880171fad387284244587e095636d30a903027806de

SHA512
66c76263241e2d2b997e3f8979623a977793f887fa4fc6914c19abf4ce55cbd28d6ddd8f54da3795caeaedfa5c8e7056f28f2f9c7cff2f8beb69be152c5453a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
8fac36319c6e074cb3e74c06ca776b89

SHA1
a0c961fff85a38ccd374716faa2202bc6222147f

SHA256
e681380b9de24290ab3faca5692e4866cb5a27383be6f1c3b6d243ad307df5c3

SHA512
bab065677934266e92f358d3574f3180b22b42dc522d74f2f2a16fc6552166b9dd3a40c1be185a594c3b558061544310232eab862a0d83ffb6b32e9ae8e32dee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
7aadb3fdd932b5f033acdf29da4a2ea5

SHA1
daf5c9179f8ed214cfaf097263af4f3d55aec208

SHA256
db71301e8478abe4b008ae14a8d74cd304394fd6e65709ea37841786500ebcdc

SHA512
9a7c3c96711726fdcd9159b4d17a7697d19e51d304a3eb043f6c703754fbb619b8e9bbb5c9bd073e0be8382e6c803de28c649d87e8305b98ae7091ea0f81cbc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
123b7847cc82e92fb3992335fe99dd66

SHA1
a4efe8cb62b254a7a76ae050edad5188d2758b4c

SHA256
dcac936b9bd4591d49305c7b42650d32c2b86e4a6d6d87baabe48d6c23e684af

SHA512
4aca8c47c819209f98b230f6a28fb6fb04d11e6e44f82af5e27fd439d2f8649d453898d0d22d8e8fc03a534280f47a396ee62257ea37b8df3135a6f73881e371

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
71962e2ea92ac5be495eaf9914055264

SHA1
c8c868d23a41600a4b01045411baea44e25256bf

SHA256
a30eaf16f5dc0b6d7bdd5fb4189817b3d32b9c4da4a1b32064388c813db736d1

SHA512
a36f57c4cf5253c4df2e3cbc2db0238bc397cb62cee0b8bb6711d211abf083daf786e06d17d9db76915f50da27dd19e9351bb7ce8401525f92f403b5c6292944

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
0f1e12d63ed39e7c71045060746d7f9a

SHA1
12752be6b9a831348d9bd5da10767b5768cfbdac

SHA256
e6655c75422403eaead7640c8960da85d4fb8ee3b3fe5d9e62a0da60d81cd596

SHA512
e705b2636a7b802549779b8c400c2f1e54885447864425139bb0564305802633df2366573b7601f2a297859b983eb6448f959b67d8fd4b639524ad81ad1634d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore.jsonlz4
Filesize
7KB

MD5
b5a9b92efdb6f3cafed21958ca149a77

SHA1
54da112e9d1985bd43480588417f43ea9e617a78

SHA256
c0519dc91dcfb93fdf25a8a00c8b76e356c7a96c0750fa7e57c594c9b21acdb6

SHA512
dcc8ad8b17fd0d6f0c761cf72c28d47ae0e420e3cf9cc693f7dbf3931c2dc2e19fc2ff1c5167c0b289cc2ffa54d21699a154dcea866fcfc3881222e6d289aa7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\sessionstore.jsonlz4
Filesize
266B

MD5
4fdb7f9a51ba177262d07d38c0238915

SHA1
f12c5a74467bf624164ac77ab7af517ce46ace8d

SHA256
a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7

SHA512
fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u5mvy952.default-release-1718949538194\shield-preference-experiments.json
Filesize
18B

MD5
285cdefb3f582c224291f7a2530f3c4e

SHA1
f816c3e87aa007b6e6d31eb6a4618695a7d83439

SHA256
704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05

SHA512
8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
Filesize
163B

MD5
56ae06316ba0947f9d685180cfe436a2

SHA1
b2b7ea347c54dd3b11c4f3c79363fda1068cd278

SHA256
0874c6a834d18d5fec38eb847ea594df56fb5be1d375aee833a4864f9c31cfab

SHA512
bbde0660abbec9cf356f7a7128068653dc1cdd41b5950782e05e8ff5c87e60dc5503afb3095a5391ca1ff4ac425848f8b75f81775ca26827693587c4272dc88c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
Filesize
324B

MD5
1d510b804a9cc82aa0134e9b604b51b1

SHA1
dedd4316e0ad469b8054f766f1af4342a3438b91

SHA256
1c19189220d7ba7fa33d67856657600372daa95c5c6fe5b6e26c73ae53bca71a

SHA512
630241ed2602961df9d5a9c0507d66e3497eb1c1218b1a443eb09c1eb0b373c1466977ceca45cfadbefff4600ef36a8fcffa0b621a9dcb305ddf26815ef1531a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cert9.db
Filesize
224KB

MD5
2465fd812249007d140959e393829063

SHA1
ffd1ba51f42267e4a4a07bb1462a910ed83dee56

SHA256
debd35b1ded954ded32820288cdda821b4881a78fa759d33107b234b35729e08

SHA512
54a49c32325ca93571ae7eac1098fbd8987933d7d924edf0c51db67c28bbc23390541e7160ce8d5b44e3d4a30aa9ff5d9c311d5b70289ac616f2cdc293424ecf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
4KB

MD5
a79a7c042b6a1839272b6c31c2ad2607

SHA1
579b20c85be7c8067ce6d4e73ee424835645a9d0

SHA256
18755937270309dbdf8f6760062c128bdadda14b94a105e4e3b6ccac50974402

SHA512
c0d9144af7771e9bc7699b0e3ed4404834e9d004dac9fd6f89f3d87be37c0822f1dda3a6d0db7264abca72cf5cbbd7c76f86ba5b13aeac730947a22caf735064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
d8e74789154df5d62add57a6c0d3bccc

SHA1
493ccc6e9ce1e8cacc36f73235cf7cfe400de218

SHA256
ad7b00b89d07af4480a69d32cf81b528745842597a3bd4a86df11e02ed76a260

SHA512
31466442b25c27da937e5b6fc4837fdc6741e9381dcacbb09cc74b2b15055d12daeabb39c866f7e63751a3468d091e030a4c7edf2a0be6e5d92a73cc5de905d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b1b6dc04-ea01-461c-8746-66851253449f
Filesize
10KB

MD5
efe7bbb160b907ce730a056ec574d7a6

SHA1
2c4090886fb0550a211c211b71d230218d2c888d

SHA256
a7bd8acc7b605a40af190932d384c62e6bc0defd82e3ac2014bad58b3d808800

SHA512
2d0ebb7ba7027eaa9507eba2b5f141ab8b33aae1f1317cc5d0d8639880f5b78b37fa92d1e8e9f5295128c69c3e89c9d10111334dfc1a733f0e8bb370dad5d205

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\f0b997c1-8e33-4abd-81ed-29933b4c3d24
Filesize
746B

MD5
2ec38000ca6d44e3e252d623d61fb00d

SHA1
ad62dd0f6c439fa662d2f3b026369ce18ab9087c

SHA256
d726fa4f494d419f6c3f0d371ba0c4bd0901283c8faa239445995c8b174cd3fc

SHA512
9ede4ed164f4aeaaa5c61ce693476326a574b2567a2db6476ed57bce37d878aed5725112e7d866e379a0d6879e299eea422357e4c062aa61e20d0ed2274825d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
97173180acae0898a083a404aa5ce6ef

SHA1
b1a32447e1f5aa29e2b1d653fb7879f1fa8c6040

SHA256
c6925cc5e90230e6c50572e88a98105950d0671ef3a0375b84efe5e51526d879

SHA512
a6da88099688ebbf26df4fb9ae51ee2203858f460626cd00493237f7f2a1d1aac4d5fa1f51acf84bc1e68749307f3e83ef5e9486f68eaf04c61660d291b9749e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
cffc0d17f50b9c639e5bb9e0b721af3d

SHA1
aae23d23e5fe653f58c1bd5db3b0d64b241461a5

SHA256
fe8dbeb5a7adcb732791d8c723a1bd55622b7867a73c243cb772c5cf306339a1

SHA512
03814864f7c4b3f1ac6043514c3272580e0e6cd6edeaa3ca22fe9cb9db1ed81836d823baa247bea02d722ef039a7d1d85c9494fdc99ea73fb72268f78780aadb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite
Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
Filesize
1KB

MD5
16103a839391359df1ebf855de5ab64d

SHA1
74960fc9fae05edde778f6fdf1ee10227f264b37

SHA256
f8b54b98dc62b6f45ebd50df06250d055c64fefa37fdcdde92e521c9fac33057

SHA512
d65aefcdd2a53a0b9d08068fc4ab92a228b5a2b5a578b3c934b7a7543d848ac30a6867ebe75522db237f2b5ab825f0a31176330b07a3b77c64d4bb8322281e4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
2d518435c50021f2aacc523c7c90613f

SHA1
54c6fa8b6b378362726c451a2fffb66362ec0a95

SHA256
f6c3c905c8b03e60c7d03dca0bab623b31993d6f0383a9eb4454ffa2f68d3065

SHA512
07871fd20402f0469a490511346cb90e4e6a51acc8949d3500c28f9c4b839f05547fe76355acf3614bad0b60fc3ac64bcc287c13721332ceb9e73aedbd2a530b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json
Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\wjyk7j4u.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite
Filesize
48KB

MD5
1d16412c89d4077054c2b933c6e9d5bd

SHA1
367dac58bc7007c4170b03781c2e382dde0ffff6

SHA256
0f9d4b2bf4fb68e8eaa1b7ac3fab9e8bc0e20c8677b79315fb97222dac901e13

SHA512
c87f5673d4287cc5cf9c5f2c8ad673c889d78de7950504c1587beae26f3fe90b72b469556dd8f9017dadca9292e583e297df70d96f9425aa25a8c0e0688a4b75

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\wjyk7j4u.default-release\targeting.snapshot.json
Filesize
3KB

MD5
955c7b56a95eb40b1fc4ddd341f8a4c7

SHA1
ff962211cfc2ba04e444350643afbaae031aac8a

SHA256
98ebd210324bcffa4043f7d2a9f3823ecccde0ed54cc565046dd1498182dfd7a

SHA512
ffd9d922e0b4bd85b77a4d87789e20e2c4269c413953195d9ebfcb45fcc94ef2dcc1190226eafe352fe3ab22dbcc4ddb284dfb29fb1f2468884b9a22dd5b355a

Download Submit
\??\pipe\crashpad_396_GDFDBVXTXZCHHRJI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/592-2427-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/592-2412-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/592-20139-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download