2d1aa9668b7f34a6dfde465a7a460e52be0d85878eb0891c50dacc242e472834

Analysis

max time kernel
600s
max time network
601s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27-06-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PapuGrabber.exe
Size

7KB
MD5

9eca5ad739803ecff2c4cc041ad16871
SHA1

d45335518390c11363f669c462a0d7a7dc8c091b
SHA256

2d1aa9668b7f34a6dfde465a7a460e52be0d85878eb0891c50dacc242e472834
SHA512

6b16cdddf1a2e387704664e8dedbc103ffc3de2d0e59a0295ff7de0f5a339012b1b22815604bd520281382e3cecd38f80d5fae5851d4c02c1d19b044497d4119
SSDEEP

192:0ey1N4IFycEDDaOOdQm0OBrYvE2YzJ3HA:0eI4IUDaOOdtrY9A

Score

8^/10

persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation	Discord.exe

Executes dropped EXE 39 IoCs

pid	Process
1556	AnyDesk.exe
2616	AnyDesk.exe
592	AnyDesk.exe
5804	AnyDesk.exe
5276	DiscordSetup.exe
4684	Update.exe
5176	Discord.exe
5168	Discord.exe
6120	Update.exe
2428	Discord.exe
5520	Discord.exe
3068	Update.exe
5292	Discord.exe
5748	Discord.exe
5572	Discord.exe
6504	Discord.exe
6672	Discord.exe
6756	Discord.exe
7024	Discord.exe
6712	Update.exe
6824	Discord.exe
7020	Discord.exe
6300	Discord.exe
6368	Discord.exe
6560	Discord.exe
6528	Discord.exe
6212	Discord.exe
6552	DiscordSetup.exe
6840	Update.exe
6104	DiscordSetup.exe
6332	Update.exe
6464	Update.exe
2884	Discord.exe
6564	Discord.exe
6368	Discord.exe
7160	Discord.exe
5088	Discord.exe
6640	Discord.exe
6356	Discord.exe

Loads dropped DLL 52 IoCs

pid	Process
592	AnyDesk.exe
2616	AnyDesk.exe
5176	Discord.exe
5168	Discord.exe
2428	Discord.exe
2428	Discord.exe
2428	Discord.exe
2428	Discord.exe
2428	Discord.exe
5520	Discord.exe
5292	Discord.exe
5748	Discord.exe
5572	Discord.exe
5572	Discord.exe
5572	Discord.exe
5572	Discord.exe
5572	Discord.exe
5292	Discord.exe
6504	Discord.exe
6672	Discord.exe
6672	Discord.exe
6672	Discord.exe
6756	Discord.exe
7024	Discord.exe
6824	Discord.exe
7020	Discord.exe
6300	Discord.exe
6300	Discord.exe
6300	Discord.exe
6300	Discord.exe
6300	Discord.exe
6824	Discord.exe
6368	Discord.exe
6560	Discord.exe
6560	Discord.exe
6560	Discord.exe
6528	Discord.exe
6212	Discord.exe
2884	Discord.exe
6564	Discord.exe
6368	Discord.exe
6368	Discord.exe
6368	Discord.exe
6368	Discord.exe
6368	Discord.exe
2884	Discord.exe
7160	Discord.exe
5088	Discord.exe
5088	Discord.exe
5088	Discord.exe
6640	Discord.exe
6356	Discord.exe

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
473	discord.com
509	discord.com
343	discord.com
344	discord.com
345	discord.com
346	discord.com
402	discord.com
411	discord.com
495	discord.com

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\_platform_specific\win_x64\widevinecdm.dll.sig	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\manifest.json	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\manifest.fingerprint	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2884_166500000\manifest.fingerprint	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\LICENSE	Discord.exe
File created	C:\Program Files\chrome_url_fetcher_6824_1521448772\oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2884_166500000\manifest.json	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\_platform_specific\win_x64\widevinecdm.dll.sig	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\LICENSE	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2884_166500000\_platform_specific\win_x64\widevinecdm.dll.sig	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2884_166500000\_platform_specific\win_x64\widevinecdm.dll	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2884_166500000\LICENSE	Discord.exe
File created	C:\Program Files\chrome_url_fetcher_5292_287320317\oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\_platform_specific\win_x64\widevinecdm.dll	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\manifest.fingerprint	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\_platform_specific\win_x64\widevinecdm.dll	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\_metadata\verified_contents.json	Discord.exe
File created	C:\Program Files\chrome_url_fetcher_2884_1005938165\oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2884_166500000\_metadata\verified_contents.json	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\manifest.json	Discord.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\_metadata\verified_contents.json	Discord.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5052	512	WerFault.exe	72

Checks processor information in registry 2 TTPs 43 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Discord.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Discord.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Discord.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\",-1"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\shell\open	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\shell	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\shell\open\command	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\URL Protocol	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\DefaultIcon	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\",-1"	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\shell\open\command	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9152\\Discord.exe\" --url -- \"%1\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Discord\ = "URL:Discord Protocol"	reg.exe

Modifies registry key 1 TTPs 9 IoCs

Modify Registry

T1112

pid	Process
6264	reg.exe
2456	reg.exe
5396	reg.exe
5608	reg.exe
6412	reg.exe
6460	reg.exe
6528	reg.exe
5296	reg.exe
4068	reg.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\PapuGrabber.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
592	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2616	AnyDesk.exe
2616	AnyDesk.exe
6672	Discord.exe
6672	Discord.exe
6560	Discord.exe
6560	Discord.exe
5088	Discord.exe
5088	Discord.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

description	pid	Process
Token: SeDebugPrivilege	1456	firefox.exe
Token: SeDebugPrivilege	1456	firefox.exe
Token: SeDebugPrivilege	3892	firefox.exe
Token: SeDebugPrivilege	3892	firefox.exe
Token: SeDebugPrivilege	1556	AnyDesk.exe
Token: SeDebugPrivilege	1556	AnyDesk.exe
Token: SeDebugPrivilege	3892	firefox.exe
Token: SeDebugPrivilege	3892	firefox.exe
Token: SeDebugPrivilege	3892	firefox.exe
Token: SeDebugPrivilege	2616	AnyDesk.exe
Token: 33	5892	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5892	AUDIODG.EXE
Token: SeDebugPrivilege	4684	Update.exe
Token: SeDebugPrivilege	4684	Update.exe
Token: SeDebugPrivilege	4684	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	6120	Update.exe
Token: SeDebugPrivilege	3892	firefox.exe
Token: SeShutdownPrivilege	5292	Discord.exe
Token: SeCreatePagefilePrivilege	5292	Discord.exe
Token: SeShutdownPrivilege	5292	Discord.exe
Token: SeCreatePagefilePrivilege	5292	Discord.exe
Token: SeShutdownPrivilege	5292	Discord.exe
Token: SeCreatePagefilePrivilege	5292	Discord.exe
Token: SeShutdownPrivilege	5292	Discord.exe
Token: SeCreatePagefilePrivilege	5292	Discord.exe
Token: SeShutdownPrivilege	6824	Discord.exe
Token: SeCreatePagefilePrivilege	6824	Discord.exe
Token: SeShutdownPrivilege	6824	Discord.exe
Token: SeCreatePagefilePrivilege	6824	Discord.exe
Token: SeShutdownPrivilege	6824	Discord.exe
Token: SeCreatePagefilePrivilege	6824	Discord.exe
Token: SeShutdownPrivilege	6824	Discord.exe
Token: SeCreatePagefilePrivilege	6824	Discord.exe
Token: SeDebugPrivilege	6840	Update.exe
Token: SeDebugPrivilege	6840	Update.exe
Token: SeDebugPrivilege	6840	Update.exe
Token: SeDebugPrivilege	6332	Update.exe
Token: SeDebugPrivilege	6332	Update.exe
Token: SeDebugPrivilege	6332	Update.exe
Token: SeShutdownPrivilege	2884	Discord.exe
Token: SeCreatePagefilePrivilege	2884	Discord.exe
Token: SeShutdownPrivilege	2884	Discord.exe
Token: SeCreatePagefilePrivilege	2884	Discord.exe
Token: SeShutdownPrivilege	2884	Discord.exe
Token: SeCreatePagefilePrivilege	2884	Discord.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
4684	Update.exe
3892	firefox.exe
3892	firefox.exe
6840	Update.exe
6332	Update.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
592	AnyDesk.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
1456	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
5804	AnyDesk.exe
5804	AnyDesk.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 2812 wrote to memory of 1456	2812	firefox.exe	81
PID 1456 wrote to memory of 5064	1456	firefox.exe	82
PID 1456 wrote to memory of 5064	1456	firefox.exe	82
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 2840	1456	firefox.exe	83
PID 1456 wrote to memory of 3148	1456	firefox.exe	84
PID 1456 wrote to memory of 3148	1456	firefox.exe	84
PID 1456 wrote to memory of 3148	1456	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\PapuGrabber.exe
"C:\Users\Admin\AppData\Local\Temp\PapuGrabber.exe"
1⤵
PID:512
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 512 -s 968
  2⤵
  - Program crash
  PID:5052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.0.504689506\755777441" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {209ce9e6-d111-4f89-bd34-dd5c7067325c} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 1812 14f7e5d3758 gpu
    3⤵
    PID:5064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.1.2018687962\1442574536" -parentBuildID 20221007134813 -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f726f99-caa1-4fa9-8aad-b4ae6980b45a} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 2168 14f75e6fb58 socket
    3⤵
    - Checks processor information in registry
    PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.2.1059197877\1991633009" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {316262fc-24b9-4636-bf48-fdfecf7daef0} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 2944 14f054b2b58 tab
    3⤵
    PID:3148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.3.252304764\372499094" -childID 2 -isForBrowser -prefsHandle 3524 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a956302-943c-4314-97ff-8226bf3ad441} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 3556 14f06312558 tab
    3⤵
    PID:2892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.4.1702044836\1859922514" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e9d06d2-f5e0-48a3-b7e2-930ca7325ff1} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 4032 14f7e4fb658 tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.5.1803728227\1889689381" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4940 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed51feaa-9bd2-46c7-80cb-9598e45a8892} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 4864 14f037be658 tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.6.1231726315\1916193314" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5088 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0828b94-e4c9-426c-a063-da75379ef496} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 5076 14f079c9858 tab
    3⤵
    PID:5000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.7.2025364480\196015652" -childID 6 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b37b127-e4b9-4c51-8e02-0631c734bcb2} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 5140 14f079cc258 tab
    3⤵
    PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1456.8.310302996\1391111409" -childID 7 -isForBrowser -prefsHandle 5564 -prefMapHandle 5528 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8b5a332-7381-4f1f-8c7f-122d4ef7a041} 1456 "\\.\pipe\gecko-crash-server-pipe.1456" 5576 14f07b34958 tab
    3⤵
    PID:4116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4412
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.0.1642193123\764575938" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 21136 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c14996a-e1b2-425a-8687-ec363bc1aba4} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1764 29c5ec08358 gpu
    3⤵
    PID:4196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.1.404171756\1779546662" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21217 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1e67390-1a14-43d7-a655-1fc3855f6a15} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 2120 29c5d53c558 socket
    3⤵
    PID:1652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.2.284577292\128142098" -childID 1 -isForBrowser -prefsHandle 2656 -prefMapHandle 2764 -prefsLen 21320 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16c25f49-2dae-4de9-b62e-a93031045c86} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 2932 29c61b2d058 tab
    3⤵
    PID:4040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.3.105190850\1950981864" -childID 2 -isForBrowser -prefsHandle 3096 -prefMapHandle 3128 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95053bfe-8805-4c5d-9e61-2356c6b6597f} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 996 29c5ffd4b58 tab
    3⤵
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.4.358007647\496576371" -childID 3 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c65aa66-9250-43ef-8b2a-80ee441d393a} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3552 29c62cd7458 tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.5.1241806084\926741086" -childID 4 -isForBrowser -prefsHandle 4416 -prefMapHandle 4384 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7e2cddb-8567-41d2-a0a5-eb3a00d447b0} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4436 29c5d8fc558 tab
    3⤵
    PID:3500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.6.522431185\1959377677" -childID 5 -isForBrowser -prefsHandle 4572 -prefMapHandle 4576 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73befb42-63df-4e23-85ac-24747e4ecdc1} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4656 29c63b40058 tab
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.7.530293739\350496762" -childID 6 -isForBrowser -prefsHandle 4764 -prefMapHandle 4768 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {217fecdb-2bfc-469f-8ba1-317da4e7501c} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4848 29c63bb1258 tab
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.8.190227290\891414755" -childID 7 -isForBrowser -prefsHandle 3584 -prefMapHandle 5284 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec401b9-cd7f-47dd-9deb-4f195c372b59} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4040 29c62df9b58 tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.9.1228206952\571889958" -childID 8 -isForBrowser -prefsHandle 4528 -prefMapHandle 5336 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bf8f5dd-3ab6-4c3c-9821-51e96dcc26d1} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4472 29c63ce6658 tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.10.1318932054\1217518252" -childID 9 -isForBrowser -prefsHandle 4868 -prefMapHandle 5680 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8957db9b-ceed-43ec-8a43-2d8985316031} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 5580 29c65a94358 tab
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.11.468433529\1819748317" -parentBuildID 20221007134813 -prefsHandle 9692 -prefMapHandle 9752 -prefsLen 26498 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb4c747b-661e-4bd2-adfd-6c25890bf7de} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 9608 29c65fb8958 rdd
    3⤵
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.12.892226326\217158238" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9476 -prefMapHandle 9480 -prefsLen 26498 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d4535a-87b6-43f1-87aa-65c4b7c32ad0} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 9592 29c66095f58 utility
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.13.986472586\1163745866" -childID 10 -isForBrowser -prefsHandle 9308 -prefMapHandle 9312 -prefsLen 26498 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2eb24e02-d1b8-4116-809d-8e7aa68ef415} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 9300 29c65fb9558 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.14.1153887103\601292694" -childID 11 -isForBrowser -prefsHandle 9676 -prefMapHandle 3736 -prefsLen 27198 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {474e7cc2-b510-4994-a7a9-efc8252ea4b2} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 5004 29c62dfa158 tab
    3⤵
    PID:3512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.15.1743528728\1382467630" -childID 12 -isForBrowser -prefsHandle 3632 -prefMapHandle 4192 -prefsLen 27238 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01611427-1e58-4e4c-aa1a-5e2435bb5af6} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3740 29c66ddc558 tab
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.16.2144758780\1674066942" -childID 13 -isForBrowser -prefsHandle 8684 -prefMapHandle 8680 -prefsLen 27238 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08fbcd47-c851-47b0-9a32-dde0d5f74b91} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 8692 29c66ddd458 tab
    3⤵
    PID:3108
- - C:\Users\Admin\Downloads\AnyDesk.exe
    "C:\Users\Admin\Downloads\AnyDesk.exe"
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:1556
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2616
    - - C:\Users\Admin\Downloads\AnyDesk.exe
        
        "C:\Users\Admin\Downloads\AnyDesk.exe" --backend
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5804
  - - C:\Users\Admin\Downloads\AnyDesk.exe
      "C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: AddClipboardFormatListener
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.17.2126399234\528431208" -childID 14 -isForBrowser -prefsHandle 9064 -prefMapHandle 1268 -prefsLen 27238 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a227e19a-8501-4813-8702-e14f40bee755} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 9708 29c64da1b58 tab
    3⤵
    PID:5308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.18.1278975268\60072892" -childID 15 -isForBrowser -prefsHandle 7704 -prefMapHandle 7736 -prefsLen 27238 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0700e5de-754e-422b-b64a-c3ed628a9486} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 7712 29c65dade58 tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.19.24069730\2139113378" -childID 16 -isForBrowser -prefsHandle 2560 -prefMapHandle 7676 -prefsLen 27247 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc9f855-c43e-4341-85a4-feeae88bcf77} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3604 29c66ed6b58 tab
    3⤵
    PID:3356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.20.369183208\1487996987" -childID 17 -isForBrowser -prefsHandle 7516 -prefMapHandle 7512 -prefsLen 27247 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd98a185-3902-48fd-88ea-1db65f2a70e6} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 7524 29c66ed6e58 tab
    3⤵
    PID:2088
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    PID:5276
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:4684
    - - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --squirrel-install 1.0.9152
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x4e8,0x4ec,0x4f0,0x4e4,0x4f4,0x7ff74ad59218,0x7ff74ad59224,0x7ff74ad59230
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Discord\Update.exe
        
        C:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1976,i,4132987207067178883,408144561411361808,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2428
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f
        6⤵
        Adds Run key to start application
        Modifies registry key
        
        PID:2456
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
        6⤵
        Modifies registry class
        Modifies registry key
        
        PID:5296
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
        6⤵
        Modifies registry class
        Modifies registry key
        
        PID:4068
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\",-1" /f
        6⤵
        Modifies registry class
        Modifies registry key
        
        PID:5608
      - C:\Windows\System32\reg.exe
        
        C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\" --url -- \"%1\"" /f
        6⤵
        Modifies registry class
        Modifies registry key
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
        
        "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --field-trial-handle=2644,i,4132987207067178883,408144561411361808,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:3
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.21.334908722\1191583607" -childID 18 -isForBrowser -prefsHandle 2720 -prefMapHandle 5544 -prefsLen 27303 -prefMapSize 233543 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec5de510-9093-4d69-97ec-1522071c317c} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4024 29c6523cb58 tab
    3⤵
    PID:5780
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    PID:6552
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:6840
- - C:\Users\Admin\Downloads\DiscordSetup.exe
    "C:\Users\Admin\Downloads\DiscordSetup.exe"
    3⤵
    - Executes dropped EXE
    PID:6104
  - - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
      "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:6332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5892

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:3068
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:5292
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x4b8,0x4bc,0x4c0,0x4b4,0x4c4,0x7ff74ad59218,0x7ff74ad59224,0x7ff74ad59230
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5748
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,7315933947967902479,12129160000264009764,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5572
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:6264
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:6412
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\",-1" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:6460
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=2512,i,7315933947967902479,12129160000264009764,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6504
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe\" --url -- \"%1\"" /f
    3⤵
    - Modifies registry class
    - Modifies registry key
    PID:6528
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3316,i,7315933947967902479,12129160000264009764,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3020 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:6672
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,7315933947967902479,12129160000264009764,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6756
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=3908,i,7315933947967902479,12129160000264009764,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3904 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7024

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:6712
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:6824
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x4b4,0x4b8,0x4bc,0x4b0,0x4c0,0x7ff74ad59218,0x7ff74ad59224,0x7ff74ad59230
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7020
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2172,i,17782871353529966192,14356466425057657570,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6300
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=2584,i,17782871353529966192,14356466425057657570,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2484 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6368
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3164,i,17782871353529966192,14356466425057657570,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:6560
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,17782871353529966192,14356466425057657570,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3176 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6528
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=3780,i,17782871353529966192,14356466425057657570,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6212

C:\Users\Admin\AppData\Local\Discord\Update.exe
"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
1⤵
- Executes dropped EXE
PID:6464
- C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
  "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:2884
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9152 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=30.1.0 --initial-client-data=0x4b8,0x4b4,0x4bc,0x41c,0x4c0,0x7ff74ad59218,0x7ff74ad59224,0x7ff74ad59230
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6564
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2280,i,17567566997849979508,9944622249808951723,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6368
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=2560,i,17567566997849979508,9944622249808951723,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:7160
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=0 --gpu-device-id=0 --gpu-sub-system-id=0 --gpu-revision=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3144,i,17567566997849979508,9944622249808951723,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3140 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5088
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\resources\app.asar" --no-sandbox --no-zygote --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,17567566997849979508,9944622249808951723,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6640
- - C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe
    "C:\Users\Admin\AppData\Local\Discord\app-1.0.9152\Discord.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=disclip --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip --field-trial-handle=3732,i,17567566997849979508,9944622249808951723,262144 --enable-features=kWebSQLAccess --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5292_2139140930\manifest.json

Filesize
1001B

MD5
2648d437c53db54b3ebd00e64852687e

SHA1
66cfe157f4c8e17bfda15325abfef40ec6d49608

SHA256
68a3d7cb10f3001f40bc583b7fff0183895a61d3bd1b7a1c34e602df6f0f8806

SHA512
86d5c3129bec156b17b8ebd5dec5a6258e10cb426b84dd3e4af85c9c2cd7ebf4faea01fd10dd906a18ea1042394c3f41a835eae2d83dc8146dfe4b6d71147828

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\_metadata\verified_contents.json

Filesize
1KB

MD5
c6a8dcff24d9d1852b0175d5ff59231c

SHA1
b343627d458933aab66d303aa57c723a1d00dead

SHA256
d0715b04bb7d32c7f7d888834983406ceef885799520af976dd164e6b8d1d535

SHA512
52905fdbfcf9b24708be49c1bd481a066c7091e8769e049a46cde0da866aae92e2daaf4c930a9234c4253eff383c62414e8837fe5a4ff3fcd3d0827252bbaaeb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\_platform_specific\win_x64\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\_platform_specific\win_x64\widevinecdm.dll.sig

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6824_504416090\manifest.fingerprint

Filesize
66B

MD5
a2c66c5636ba1d6c6f4e6f6e2beab7b5

SHA1
72f4d77d5fcba521e25df2ae082e339d39f7bae3

SHA256
a47ff5dba25765c696476506ed4cba5e7ef5dc1b402d8acc5887bad76083f6aa

SHA512
23b9484380a44db3fa7f45bff40928f3e940d67899d2d0ef3c7faa80f943aed69e878964f4cca3405563a87af3db2b7bff8fb88f66698abb94293dccf940fe38

Download Submit
C:\Users\Admin\AppData\Local\Discord\app.ico

Filesize
278KB

MD5
084f9bc0136f779f82bea88b5c38a358

SHA1
64f210b7888e5474c3aabcb602d895d58929b451

SHA256
dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43

SHA512
65bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\28833

Filesize
7KB

MD5
4f8aca5b86d51442c4bb33975910546a

SHA1
42ea68c25650e54d017af3c87858c003978251dd

SHA256
f8e6f0a45c5888eccb391d6fc1de6d1a071ce0f8ab0787e5e25e586626dd85fb

SHA512
6024f6263b45cde917be2d04c13899ca5b03919dfa93ce55b283c6bb46158f8705f0f752359a25b3d738bc0fb86eb6a874f618e429e94e79a9ceb5317f5247c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\7168

Filesize
8KB

MD5
6f4c9a1bc5b15edeaa60e4437e52275b

SHA1
77cffc8ff80a2f5e98f3118922b2edbfa2ddf80c

SHA256
c414c57d7cc9bee2fa29d7b60764f14acede3e306c238ec364d9273c584a383f

SHA512
291e9956315982306e6dbd5d7263b9a4910f7678b09e7e83ccf6fb42f834265d667d3e4ef242f75ad45c3bac0e441d4a994755ccbc960c427db1334dba5708b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0106421E1F1335662D826A109741DCEABC51B254

Filesize
22KB

MD5
2910af30337567b7f693175c1d0192f9

SHA1
527779722807b6ebae327c770f4a419085ba0bab

SHA256
16b291c9a94bf2db5a505d22b914ee89f22e752c528dd0e0a52043fe88b25641

SHA512
1554794dd75ed16c07b4f3cbcb8eca4d3ff24e03268e29c0a187ca138646c23cda30ce06352ac8086ae8a631fe49a4edff1fc53b2522c050f13b7134590fc80b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
fb6066ac97509cd5e4e5e762bf1dbbb5

SHA1
820517bedda2b8be6e39cf84b413837ad4a10e3b

SHA256
ae54641b7fe20927ca7f8f9d51861e7646450060f142fbe16a585114831f0022

SHA512
111ab3e67e7796b847d6e95f1e3cb32a70cba1b5e34f9d6ce85ddb9f3105f95f238d0afa2fea832e3f36e1a95bdb8de77ae269a64d85b485a19d458c50805169

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0C0CD5576DAFD8701192A18DB776568FC9F1C7BB

Filesize
16KB

MD5
3ecec8e03c9db0570e983054db6a79d1

SHA1
b77483c1e1c7baed8c93ddb2645ca30f275be605

SHA256
66dc1f1f6dcbec382d524ab41a87fddcda2763c0f78cc4de3d557478bedbeb30

SHA512
12bc335c0e5150c35d1ba72ca420a1200c8a10461e3bb17b668c2a1410d3a5d9ce50675d01fd0c9c6f5d92b2af3c90bbb659cc0a194e969d46ab0c6f8600c443

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\18CA72956DA9AF113862652FDDD2F131E624473C

Filesize
49KB

MD5
79d1f0fce5e195b97ef5018e7338875e

SHA1
2c7c0cbfc46c249f059452a3b381aea0e7c5c981

SHA256
ec26359d6b04307f42cccab8fe0c707ecb86f62bcc06a8e6a65b5fa865ca82b9

SHA512
5619ac101d53f9bb5c8eb1bcfb82bc927fc9a0a74c2e00ed0e7198564d9c50894bfb0cb9bcb90ce0e39b19b376ac951da4f4b16ba3253c95cede108d63956230

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\1BA0E78C8A782DFAE9541EB98BEA12EC4F8C1A5F

Filesize
67KB

MD5
c9c4c939a2efec823dc45c5dca25c23f

SHA1
14c2642bc2552b9739fdd2ebbb9224c4c581ac01

SHA256
72fd4dcce7e2c8ac8a3ba565d325cdad0f97f0e0e8ccb5f4fafe964969e056a5

SHA512
0ed05eac6362bb6ce936081777107d165dbf5d2861a7dec5b9e0bc4c6fe87dd65a880c7d28289141fc91b0012bc6c3a224de2bc39bbe80bd989558cdafda7796

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
fcfb7dde83088650241f75bc96038e77

SHA1
58ba97521b4e70be7fa04bdbd76eaf79b58965e2

SHA256
bf79ec45603624314daa88e3c6ccb1a4286721830a84d9d63d28c739f71889a8

SHA512
c27ecb19e051dc04619adebe88730ecf932ccadf918fe5702539df3e816eedf07d0871b08b40dbc672b8f06ad8c03de93333058986fe762db3b87cd8154f4e39

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\2547F4F8D6358638CDE0B31A1322D63360CA032C

Filesize
219KB

MD5
a95160c97a945d2b4786e6b7674f61ab

SHA1
c90a072e2749b9081297e20afb259c1402eaafbb

SHA256
74e0aa46b65b7e654c075dc3e4ec91b20afae601713b5da45f139e06b3a63c62

SHA512
0ea8668387c32e33c86788972c81959c03adce5f9f61c784b61e6b8a8900a6093113706371d5a3f22d5c7d7ff4e89972018e8160e8edffcd7003d1f54e95d5df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\3C037406957C6A3957979D98A58F5D96FF6B1489

Filesize
39KB

MD5
25828dc9d45e8ec7e13bba2eeb5a1d1e

SHA1
e4f562eefca6062444f401850f1103754e0aed9d

SHA256
59498e70ed170c26d3365390cdef846e61dc269876c801d4fbdf1bcd622a77ba

SHA512
2a9046e5cb28abaae0af0af187a24f8cc0423f55443c883a0faa391122817fce6fc89cfe5a4b3c03f3139450e3af2bb8513dd5603a5b8834ada835809a2db4e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\4DABAF7EFACD377F68614B900873860C74399618

Filesize
220KB

MD5
52ffae659502aca532359cd82d4c6b65

SHA1
b8fe445ffb2d68ab9b9f23f02e43ce519f279d4b

SHA256
34f232b32f94a9f42d5008a5c020705e04d5f767d9f4411ac6f5d70d2a621f12

SHA512
83d64a75b97cd246f897758d2fec284eb5c963f323b604701e50d2f39e68ba84b8c169678b99354deebdd8c0b447dfe270e726500f13794e67265ec62021486c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
46b63dc7902eb37c3d22b3119da1c8b1

SHA1
d6cb569f3de345ce0a070b3a99377a734d35955c

SHA256
987c9c12c466e4f92d52e3a4fb9b73ee9eb73e30e6fcdc00cc81ffb70520d946

SHA512
60a4c85fed2f653e8d629b26419a39625667764f8926753a3d0180ab1d6826efc98e24e988e1d0bb28903bf5fd4a019bd799806d87fb7ce8a83fcca4dcecec05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
1295cfaaabb954251836aea87124f1d7

SHA1
c3486c1a0987a7d45d33af050a10325b927f90a7

SHA256
acc00bb8bf98e4bde15bee920ba64bcc4f107059d4daa2b03c9ac4ba21966777

SHA512
1ae7d7510c0c1ddbee9486d0fb858d8a4eee0a845b8d87f9f1ec4c6d5fddf052f30dd625a95895826872c77a36b3cf4f56a3f6d53c3a62c8d5859def04649529

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\7E8C60C5E7EA7DC64873DDEC2539EA12E6CF925D

Filesize
52KB

MD5
1fdd1d3e97e87774e04ef4ddb08ea7a8

SHA1
795e10fc19094dd3cb324a3eae5740535b4e5c07

SHA256
eefa4e26c9162f9908b5934b2db9b4d38f0bebff127e37b37563ae67d739c4d4

SHA512
973f0bafc65958e3a3c4212a6cddd508de882f282816a0a96523177dff4a20f3e5938298608a718bfa43d0171524050cf04ae216a84104bb1a65dc0d1ab0129d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
16KB

MD5
20bcf21d2dc0f39e5aec400e5f787455

SHA1
d67419758b8818a71e6933df41f0db8634e44da5

SHA256
fa026fefeae9dea1ff4fc33d39b627d7f6d11009ff5c316b60f50f13ca02c3a2

SHA512
c7eee4d4b9bd7ab92c681a520115efa482489c9df8b459382bbda7d834964eb1b95257a089a9e07f1afff7a9edbf1dd51ef19a25b64b22d9ac4e2d660ada6148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\94F72B6F2D0DC3ED340D601AFA278D214906FBC5

Filesize
9KB

MD5
42459830b78608f0ec2bb673a561f4a0

SHA1
eb50f67d8dd3f0b735b402a67dab52a9e9e80a49

SHA256
5bf9743f7645003c9ce5a9ece729c0de2efc7f319c066c1355fc17c706d797ef

SHA512
06636ac350c997bbac446efc28178839e167cd5d6aab6e8058907fc81ba0b8a1f3040bffbebc3c289c266e12da54196fb2dd62d7a0fd55d8041e42e44832f18e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\97E21079D4338ED644D10F3CF8B6CCFD6F24DA5D

Filesize
22KB

MD5
62f5196feb910ee99520b45b5f7c60f1

SHA1
2f2a27c1fa2389d099e09566d27d4b3955de7b40

SHA256
ff7b8a60758c4a2125ab38f2c73f821abb96ef52e11668920e89b077a77eb531

SHA512
c8c8413b90a8fffb05439f34a0f081159f8c6b6e77e4ff281061440b03060b93c4d1d0ab86d275c4d0500cd75b289eda34ea07e6c242066266531444d86b9bc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
6b910ca4e1818683bddc6b8089e0fa20

SHA1
61c46fb43ee6e28a7258fd39a03586e50dce8ef1

SHA256
45604188c553ed807317db65ae12eb4252793338703759dbf9983624ce3a82d8

SHA512
554bdc74ef38c23b7a32370c24c48f9994a2b8b5f0662699bc0b0126bebb222b8c23779d74d825cb7d538cb310412b44fced140b06b3a7f59dbee31891f38957

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
24KB

MD5
73f91fc589b2256c3961fec6e864503a

SHA1
19be1eec5bb3d3451ef96e5eee78bb5876d0e889

SHA256
8a0b1fe386abec69b3178984807957625c35dcf5f2fa4e0a38ab8f7c02a7db9f

SHA512
4136c591d43db0c74742f983d39a1cefd1d578a856fe0985ffd7a9e96e71d964dcc5c314955a65fa84dcc362a3e2ebac151966c98cd052c9aece7e53a99802cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\A80E1A9CC4D0301F1C0A739985A8B591F78835E0

Filesize
57KB

MD5
e08ceb1a95654add9f2d243042e58bee

SHA1
3a345e1357cf9c05b8d7a17c4e613d41d15ba6b8

SHA256
7859228588f277791bb445960e94b49826725806dce336d7916efd872983e66d

SHA512
430a411e6479a62b00bfdd01148f250ef958e3a985a46bbf174e864c2a6c2d82c085c841529bd3c9bf60379785aa6a4946db776503d889ad53b1568e5020b531

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\A9FB5E6047697568641592A7A75CA6ED3DBF5590

Filesize
9KB

MD5
d8e41e8fbecdce70fc9fcbe27b5fb399

SHA1
e220c95e68c4c268753c5e580f7302e7c99b1f19

SHA256
d80c3481de1eb9662a9b4e37bcfe766b394475b4b106f8fc3ccbe179089ae9c7

SHA512
c086914b604ca05ceea7e15a6803810b21934a1d37b69b8e2e716ec033a2a1e4d6e8647c90f6d9c60534c03776e69a5a249eea09c053430473458be30dd302bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\AFC5F11EB94B553BBE4B1CACD76DC1F655ABBB2A

Filesize
14KB

MD5
f447045ca70b6f264678b9a7aed47bc0

SHA1
4617b4dc7f5f747f4e1bd611c75019b614b63db0

SHA256
5bd0058c24cd583615e7d52af4105b2072ec6c375d08d0e353d8cc7daf90677f

SHA512
7c3933d3526cb8dd868af5b5b0bd673a96ebee90341744f19ad248327979957920fcd9c0ebd6a7931a7b23b7d539ad2d66e4e01f7ad107ac461aa07bc2a03a95

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\BAC23EF5F1970164913668C2035CC5D4C2CD3AB0

Filesize
9KB

MD5
3622c1970d2d5f81534573be190a5417

SHA1
c39a6b730428c3b88591121de92d7e551283d7be

SHA256
e1f1c91698367667d95024745fd900f690d8e82d36642bbe1d8fe6bd04f71f8b

SHA512
76c9dbd89ed1c2e260fff987faf151fffea3a5ddc00cb4affa856009a9eeddab7205de7cc822858902b6efe0347ea0cfc7ce690bf314295164ad0d4806754872

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
efff80532b96828a9dacaacfc7add847

SHA1
970af0c040af04e71138f39779119a39c58b091a

SHA256
18eb5472dcbde09f6746370698d6bb7fa52161d4574049cedf0abab55c5a2086

SHA512
f2af4f7d9cf3c71e946424f359143aa1b68910521d3024cc3ddacfc5364fe594037f4e221303b4b40c23b2bac199f382651ce43f2af2383edc67ea32be3c7647

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\CD8F88FBAC79E87885152B701820BF0598D212BD

Filesize
29KB

MD5
f7e624606b49e392b1dbfd660328eed2

SHA1
443518871cdecae9b4e6206e48862562c1947bc1

SHA256
271155530ed7125d9b38eac8260c292055c383d20a0766e64f2aad81bb5acfe4

SHA512
724520658f57c5049d6fb504e48ae729b6d29eb348685fcb544abda1e8e811bdc2d4f32b0c283d0ef4984cab8d7f0be84910f812a711b0660a6795fc229ccacb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
8KB

MD5
f98f84a4b6f2103a94d8a4f509bf980f

SHA1
26466ef98ad2d5437532284f7e11e40c00dc6802

SHA256
a931a76b45894c01c5d700af987304207e6e2ca0a9122f9bde7e42d3ae515871

SHA512
fba8b88d083d7ffd10728d9fbe61f5e8ad70589d628a3cdd2b93824468f55889166ddbb798e1ab655e5c203302b796308f0e190ae6d91a19cbeac338a3e328e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\D163E5941014961769E3A13B7473818E5FDB4286

Filesize
32KB

MD5
302b452c9cd021cc3761f75fc033d87a

SHA1
5fbae5eaaa42f62216188a6adeb9821bef6a1629

SHA256
bf501f497c08e9764be1be306407a84ca48c33d5f514773faf4b2dec86e9b486

SHA512
4b8b9b9a6490ba84c606b399c2aee2846c0c5ad1dd756b596de2c8951a162606f970a56506874b5b6b4e7dd7763e013f0d085ec14321a768285e14973d4462f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\D8C2CFE0485DFC922614553B1999E8CE09530D68

Filesize
23KB

MD5
f138f57731915505f00a40852e08c8fa

SHA1
5d05106aacf7d7276bdc80861429e1e1a4bdaf86

SHA256
cfe7388f6f001488c8cd191eba93dcc09f474004ad856f87d4e3e16dc94c2a1f

SHA512
9a37e020cb6b6333ed9da85b04dfa77087ff1d79c2a7a49649fbcffac3e104019035d5cb68c87c5f7f6565c71fe8bc21c881ce56f15f2aea1d4da640d9e5e30e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
ccc001bf0caf96f8cf0089b5ca5858d1

SHA1
15578930b9988aee65dd4d58a05ed0693b5da4fa

SHA256
fb4562a432bed64da0dc6fc9f0f43e67668abb3629519bbefe4a5b9a427d12dd

SHA512
50a44f9c9df9ad3766b42352dddd5830b30c74715388a1b2e4674f9792da636fe00f1083899d4c051aa7e41a24df832930fc794cd3b9a41a6e7d48ba5b3dec37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

Filesize
11KB

MD5
2c3f4450f6292c5d9705f8ad39690773

SHA1
e4533c0d99d84f4aa76a4433c07de1baae1998f6

SHA256
550d277d05a22a81f564f7ca0f82587fad94c9c1c2503485de061f91c405e703

SHA512
46212c9092abaf27f09d3673ed408a27d15843cb3f875cf1ce983db282378b2a2fc622bec28e2d193ce1a3be79a4288b44da8c7cc791511ef31921978b50de98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\F21F53293B85556D4D7282B4E507DC37E6D6037D

Filesize
9KB

MD5
ce105e885c31508e9a242f830728b4e8

SHA1
1c34152c6576dbfdbdf48eb6e0f477c60bbdcdf9

SHA256
2f2f6523b01ca528b4937f3ff1aa8e5c472620f2160e36aa34a1cecca5e2fd0d

SHA512
22d6432425aac724daffc508b6f430641dfd8426527147201d446f79808f2e9ab2f8ffd3f3efd9297eb89c36b9d40695c7257aa537697ce52f977f0fb88405a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\FCAC582CA3B910D0C0BECF98767EB5494AF8AFBC

Filesize
81KB

MD5
fb2cdfd14906f1adf72ae7d30b5f04cb

SHA1
ff2e8f76e3295d6b28cce15f19c67443282920e7

SHA256
716af4fb2937feff4b277e475e84dc065af128848474ecd18466d1f15d426bf5

SHA512
32144f75ba87db6d51d6f487bb6ee70334d0c458aa1825e42a781205866ff326549fbb036a98d3f77c27eb24e97da7886abf3027ffaf71e74a267274d1feb4ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
2479fa7bf84d408bf5b4a593781b2635

SHA1
6aa4ae0227101e3e3000a984ef1afcdac0c61f74

SHA256
17dbb0ba3193ea69612b0c420ee0f8291765598c1899953a1f5865df4707a833

SHA512
324de07276ab3789e75ebaa03592ed45b465d3fd72eea969b46b7288b540c2c83d3f0fa4a86bfa923dd43fb7e3cf132e147683b7a662354af6691c104e41b9e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\FFE609326D03E6B5BD5C78E1DA0DB4A264A41F56

Filesize
220KB

MD5
3326ea157d2915d9e701e91ce1388323

SHA1
2047b5b35a25920cdb2ed9757b4e473c5e98fc18

SHA256
0ae640c831e83c3f89e0ca94afc02571a8eda0eae2738f017ad09e1a1057b7c2

SHA512
5f3e0d427803ab311b92d244278cafa3f5c7b23d0f9bc544355b29bd4cbb35c21b963ec6c09b0e3e77c06a491a692a98dc2aa58e5ce1f65fa05b788808f8bbe9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin

Filesize
7.7MB

MD5
dfb48432fd1dab350519a364a8edda64

SHA1
8f7f6114f3821e2e63ec6ed78cad41208b0d88d8

SHA256
b2ada89a76e88ffa4e353e8fc5450f137b08f692fe71f681aac9e2e9cc287051

SHA512
3fd937f8f03d2a2e02412f835e8427d2a3f4769f9fec88bf19b0aaa895740bf900676b2de115866adf3e530884399accb521fc908eeedbf42a6d5dd66c5790b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
1b56104a4f0a0b43d3d6ccedebccceab

SHA1
0fc13faca49bf572d627c91b17491e8e8ffb5a84

SHA256
0d8d296609b534ec0279ef25b87b15bedb2d8c2d65d31cdbf855911d1c89fc06

SHA512
7fa856800e87b9795983671670406553b92139069597a3092b2fe38372e7db911a71d2ff27517effabeb372157e47f36b9f8a5e6e49a85efed279ef13ce71218

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
a7a2ccd9a66d4f5928c3b73590fc2858

SHA1
62f99222c8a06aa74cefd667bb2a2e16e9164438

SHA256
161de70989b18983f51d874810d4b952eea9c05e263596a9dc72df3eeb81b144

SHA512
8ff2f145f818a2f71086723215b9303696720c2af3907c423ab9c25eca988ead9c8639026d3946bfde736eaeb714877788aae80c9e9d90351f8d5977a5e8070e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
062c432031386baca5f2da70ae873ea3

SHA1
ab7f71bb06558f303e067c898b33e089571d9d92

SHA256
95d862ffae04a6f0ae042158f46bad8be2b7c39d356f27c5b4a9d0ee03b557af

SHA512
d51ceb375a2d1a808d621e28f5c0bb7dae965e1b90707d2c98f0d18d8bb419723bdc00a82b1452a245ff714e18b76314803e5649e9b6c6f736477953c05eca09

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
800237bdfcb6074c24047e9c5c5112eb

SHA1
49164b6722c611336f5a89508b293351bde5c358

SHA256
7f1cd01811f4941099ed6f3ddc12ee686939bad04f06e3b46a8f05d418212b8a

SHA512
e5be3fd42964c1557f26456367a4ad348d4f897d2c9bbe0983474c60d58adb4b9ae45ca8d2e11ef94338689ab97321efac328cf2b59a2a2400370fd1f4ce46eb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
84a916f50d4aaf4f37854f2980122507

SHA1
0817a64d3ae9a2b2db2f21ce5874651c8dd8651f

SHA256
ce8db25aa6dad97954293fd93efa53d2dd779f17ddfb77c8c5d0958c52a94772

SHA512
b6150c78636b723be23f8ab175ce202f41c8118f9be2ce99ed0530740f3207cf4370f861a882e675767f9c868b53e30d9eb4a2888cbe93cfcb3d3274c353bc89

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
701B

MD5
340b15962d946ec7f2c574b590837eb7

SHA1
e2354f3cfdf491e7e393cb768b8c7e1a90533da4

SHA256
3979d025b3df839bbd6e7e2708f08f9551f1fa441757b411787ab337c66e71d0

SHA512
f7dbb513e9fcfd91a4215fd21d1f4c57095319c9396381e17fa27f14eab2170450fee3995010606e6f9e6b8610953a72168c63c130e5b871b37fea13488a6d38

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
45f0d0d5fa7d6008bba0e13fa29bd45b

SHA1
4d055793d02a1a45042aeec5f178f227b1a799eb

SHA256
cceeac03fb564142de0ee730772a66dd437b1b53262f7e81b7641e9314e808ec

SHA512
6caa303378e43962cc57677ce39bc42aef471fff7ddc31ac48f7563fe5503310bae29542295ab227ed945bade68bf90565badba7b9054de4c718472b54c1b212

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ceadfb39e483b0fc93c1f704f196f100

SHA1
2a8f2197bc0034e272f8d717f4a371df17516cae

SHA256
5dd1e7749f3bd707d2c0d8aecb18f54d7c27b9987f40cb3b897f9d42d8ce9205

SHA512
cf76a70e58905c855c5cf3693185f7698ea13948180fdb81bc43234aa40123c812bf4193aae2f7f0a70b2d408bb398f2a8824ffe6d5928ba48026953ab884c3c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
ae7398d1016c8b1198f6b3b407936e21

SHA1
ebb6215dc923e400b408cd1c4e592aeb8390bb2d

SHA256
3c903c9a85dc5abfbe3ca6070003879d77b6d32934320f940df8f69d764e54e6

SHA512
c46977f49af32f9f4f9a3675829040ce49e7e843315e6197f10c464b235c0775842b6f6e40220a80ecbca9476e6f36bb507687325aff2ad38f5f12e9d485fc6e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
7b6df1792b49bd0fb26ad5d292fc5744

SHA1
2f366d9d8a891fd2b78b8182d221af71f35a4de4

SHA256
98ebb3d0526b5f60d0d016502a6e54a2b957500757ebddcbf93da137a6bee0c0

SHA512
f842815a2871ab75013bfa1c078cc7ac6dc133c4c1acc24aa7cacb5795f436a00c079e6ffb724a0e71842c738a11250e85016d5b994cf2b3221fe2780dc39162

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
4884e4ed8c6871daa3c73c9505ac55c5

SHA1
7eeba613bf7599ff72b787d232e76f9e7e50a4f7

SHA256
477efb597395dbb6aeb04842e6bdb2ced6d6d6b5337fa30bd61b65b166a1f53a

SHA512
93214cb71b0702d388be5db6d2eb316fa7101d695d053298c4b4414fb09adc98335ac7e1ebd444af2da5221ffed5197e11de53dec1fc429c81c747cc8c0910d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
ae5691afe18641c85e4519603c3c88bc

SHA1
b6aa530f371055b826331529fb9d72e9d2714519

SHA256
506193be72fcf7263f7e5aea5462e2b9e6641a3ed416d9fdb683b33a3021068a

SHA512
9e0585eccb5c3d76a53f62bf67e38ef6b019f48f4af731672017422ac50d1eb9868890a236ab11c310bf5ea00e24fc121d83fab35db0bac507408ab2e542360b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txt

Filesize
766B

MD5
6736aac2bb746b16ef6a199cd7157caa

SHA1
6dc32e5ad42bfcf2af2b0ce4f9b1544992d74238

SHA256
a15f54d354e94fd4bd0d9bd5ff90f9c229347468aaf1f37465829e2a93722140

SHA512
f2b2cb1e63276a96548c7de9827da6518c38004af820b3667c7af6223034658fd8bab95366b8bc1b9da0ad856448cccc656fbf07a23577baf907b8bb005ce064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
443cc7f84f8b68206a0a42cb73df6b02

SHA1
b8f37d5b222370f627734337509b6a218885a753

SHA256
dc9a66a46999546d9de10bed4282dc679b0d69a933d787a0eb4ef8ad87acd5ef

SHA512
9b9269137995d6e948593332f9109cb1bb3197f4618193c7150ac08a92cdd765e653aa2809f2084c931cce9ab79b31e1efcd555c024f47c24cea5b248deeb958

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.db

Filesize
224KB

MD5
31369cd307de035ba98432e3e4446ddd

SHA1
80e11e369244f6e13b35560c3ea7d89bfc388c65

SHA256
d636670e330311c3e9acf90d258870e3d505b93fb1ac483b557466a29c9be82f

SHA512
73a4613f9525528db23e04946ed0bbc7091c4933794caf2dab7d56509d0fe04cf4cd20d5ad553800a44b7b8808edc8235c212527b4870475dde2bcc9f460c843

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cookies.sqlite

Filesize
512KB

MD5
173ec99f05ff8383bac9d2af4e61b4f6

SHA1
cfd12f52fb04ebaf398a6d098007fa5a6d913b33

SHA256
72458605deff0d7e0dc3b4d44bf23b6c12cdcb4d19e90ef13367710b10ba56bd

SHA512
ea0508000c8c30a692570dcad51266e28bd6447fb832d50d263ee0c35cc6870efd678b3476d68b73a1b4e2be808de88d04d9b3f633060ac272cd6222cfbfbc45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
55e5762d20ea06204a20808361892415

SHA1
b29af26b0808751583048e5d6d2783e4dd89cdeb

SHA256
92ac467f8e7657b939a89a6d5f5bf8693437a85609924b971d292bf6caf8809d

SHA512
577cabca2bfbb3f8b16bf8e9235c2966a7b0afa4f65c42f5f6a3712f35b1b2651a3194a7894326e8b8bcb825a05d8993e61a643d3e889e56b2d8e3150162271c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
13KB

MD5
73b7c32a8bf18fa8edf61a41396278b1

SHA1
21cfa6483865fb5cee5dfccbaa59020221069afa

SHA256
cd6519b8ebf01ad72c48a001070394d3c8e2c0a8c7d3c56645c9d68363eb8cbc

SHA512
bc07f0256abfdae5a0ad092364202727c4c4c466c0d0b07841578738ef3728bbec8d7ddea229b3a85e6a63598cacd8d3f5d478214e3d2f634399ed8246b28c15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\events\events

Filesize
162B

MD5
c3b0bede57c2659a46064d73ef634737

SHA1
1dc30a704f2dde0f113bed558e7a3e417c92fc95

SHA256
d1b643adf645485e2920f574f452e121e3ab9d5c1e1a4da7cab00e4fd7c7b98e

SHA512
51085a8c491d8491bfa5388246d29b9cf43dd28cecc6b317007c322f7cf257b2c15ae1bd50c8d4ad0f1b2914d4b000908fdcfe7bef61a1621dc3e8ee27cf0db9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\44be8fff-b3ac-475d-b700-3ccbaea147d9

Filesize
10KB

MD5
ea85cf08d7df477eb332e832602ed4af

SHA1
f087f131907d0d9ba66ff3581885a31496bddaa2

SHA256
3d20c2b07b3ae6c7ccf73bcc9202ce31d8ca9fd7b65ad535d1d70ab1be30465b

SHA512
6fdc08c1853149810fe481e0dee62a225f0e8688b69d803e874d83a1bbdd1e22c1b60888527980f0f4756d6b19964e88cf594850331ea2de69dc2fedbad1d8b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\60c6a2b8-9659-4b54-a851-8462d8c6b4fa

Filesize
767B

MD5
edf9ee26b0d6984b1daae6ea05916f0f

SHA1
43a1c7bad3244a7006cda69eb090fdcc622ff52f

SHA256
55dad6383dbae75ff5d8fa60c1ba7c241597c7b0856b25a038fdea978cc0b7c5

SHA512
9117c73999da97377d5bcf6052a353efe458eb5666162469af4575da4a8ccf627dcfd71293bf4123e77928c688987284d2e4bfb314ee2b5193e401bede602933

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\da693d9b-0b7b-464b-bc99-011ed3dc1740

Filesize
746B

MD5
5425fa6773e9e466d4728013ab26118e

SHA1
c916307e3b62b67a192e65f52a2772a3b3d1356c

SHA256
fb825fc515babe417475d708d132092e694af6fc29644f0f4fc2d1b37abe4b3f

SHA512
adb4686224d27a3f13299de06dcc996ede3e096a562c086b1111bbfde4d80b81f3bf667a64594a4866ed899ad8f333b0ea5e9c8da9752c18f05b2ff74bca0cad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\e7b4086c-2af5-4082-9e95-75d26ff7795d

Filesize
790B

MD5
58ccd2144f8840f4e334df4b0bb8db36

SHA1
83074ff754563dd8ac7c844f9614b01126b11b2f

SHA256
4c11508ac36f21901abc5e308b34144289a6c1d6e6c24c15cc2ec47f86d5481f

SHA512
180c98a75648619b2a85180d2e8d4fae44fc92cd02acd13031d8afacf21b41ed933a965d8ca8ae5ef55ba1c78c10e13f3fe74d6eb113f5213a580b2b239583ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\downloads.json.tmp

Filesize
736B

MD5
087c3136daf0cb6c80df48b85904a8b3

SHA1
1afa4b1df141acd489c37b3d0271f2e2dac63c23

SHA256
a200a864b077f996552bbd7d3077d6a2db46770b38be95827b108243b48d41d4

SHA512
af24287f156a71c5ff193e98adb6c9c11ff03d32aac9b26246f4acd5377a4faa2453f33a5a972ff68d12b7638ef99c53a509bb791e553d1bc75ab6ebb4779f16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\favicons.sqlite

Filesize
5.0MB

MD5
df6a55448d5e1ac520d143693c11a1e4

SHA1
55aa876b0f25169a3987907a9f5b979716c3b5ea

SHA256
ecb7537f99bfce334bb9ce8942f61e3d2d85eaefc7aba80e3cb3a5bf8b1cbe5f

SHA512
3069ed915ca0928cad6dcf06ac2c612ea927ca276641cc30bbbad73899c34c2f212303d2bbb9a52b400cd467338ff9b0c299d2bb73f227f0139660245a2c8325

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\formhistory.sqlite

Filesize
256KB

MD5
ed87e6307f4bb3ba3d8191b85587f676

SHA1
ddefbd3cb39352a7885ad1c5a8ecdee9a6351a62

SHA256
4663cc7b524c606808d319ca33e850affefb2ceb0dc4b60d306d8ff67a0ea076

SHA512
4520f979c4bb334ebd58897b00b54c9ad8d1a5f4f3e100ed7b5754cf081a42fbef1f96a4556131158039bb0ee2869b30fa43f95a031ca9f877cafe4fbc721e7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\permissions.sqlite

Filesize
96KB

MD5
feb236c7957f5cb72cf21e54a697c01d

SHA1
29cb6d706ccf10e8d242e1fbcd08d8c588d82c58

SHA256
4e3f1ac442e4138e85072979e7fe698997aab7b9d160eff812b5afe337da25e5

SHA512
27b614abeced5c8f84f5a20ebc8440cf168f57398d19fcc91e62b64e122ab928ddf44bbea1c79c6dfcbf345edef795f7d1dde85b7f874eb8a169a366868def21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite

Filesize
5.0MB

MD5
f09b268d346f46f302e56e38acb439b4

SHA1
422372b7bf70a102d299c05458ed537d68c1370c

SHA256
782a306577c88185c8d199fe46500379495b4dd8678f239a12db5a23e4718e9c

SHA512
1a6038115d18e9fe982a65bf8a147b3d911570b0a1f2cfd2bdc89f14fb8ab1daf06d9b53cb8505e5465fde606283befada70a0ee8ee1af8f14e5f71067a8c28c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
3ba5a35de75f9847ce0c268674a2ced6

SHA1
966995285cfd2b318be8d659973a7b0d4624a9b2

SHA256
890788b823a293b056aca054393d26a93d826136e1d5a8de2b212aca3f2570b0

SHA512
00c6c08c2db97d2b11fcd1638a28fdea6dcd4aee34d62e3241fbbb695715d1670d691f0e493abde153d77256bdc5c8638bf707cd4b6f65cd8f713efbae401cf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
7KB

MD5
a0ebb85b44aede9bc7f8b3d4e567eac5

SHA1
c434b43edca6c935d3fc0c6a67daf699b95df96d

SHA256
1d483015d4ab16e2d8b688b77207423ca3874fbff46718f68b327c3fcf0355cf

SHA512
6a7421ef65f533bc13d1c2eadb0cff1206e2c2103d182a5a170fda1eecc8e96bb0eafeced0df3c6fc7108a010e05ec3cf0b34d00791feaf0853d020fb031685e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
0fd67cb90c032c68d9a6b68afbdc33a1

SHA1
17dd1bb30346480fc91f671b746a69afb0ad62a8

SHA256
f8607a8529064e85d1a90271cba5588d6eb16aa2eb6534d94b42e8349357b5cb

SHA512
1cd17dab9f160f3c64b75261bc01d006c64fb62c2f9e847c4f39d24c6b7d8f74adbc5d61b99b7f1f643242ccb18ccfcb10189ad05b32a7ccf207951c13423b72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
9e89243f92cdc32995978d93ac10eb1e

SHA1
0f92850ad8bb19c07069d4050cce5be941696322

SHA256
8c3686d58f11a980ab96bcd6ac7f967df104bdf6458d5d5e8b49e8f396d05c68

SHA512
88dc52eada0b7b8d1d43b4f5fa15b775839cf643a30e76a577636802dd6724548beaa1bb8d087009e0cd6ec77fe155a90484e64454fe3b38e34f026752431c57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
efffcb1c0b7ca5b923a18d808973e171

SHA1
6ea857a59a3a5bbeca81a38fed3a02217d97dd29

SHA256
731c7f6c73a392c9902fc0766b7f8c852244799ce64f4203298cda437a3acaa2

SHA512
faa3a33370db5ab90e8c28e4bf50b435eca485b79bdf4a9d9691918841bce9ca3b5d17c8ef7f44b856c832be323b5b33f5ceb405919c36c33e12dab17f2a11a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
0cfd57eedda41941fe30cd100184395c

SHA1
1ba71cf1536c902a9bf15690745b93fce9ba3a15

SHA256
a5892d55dee1fbcb93df04ca38be7ccf1b1e60281106edfdf8358aefb873c5cf

SHA512
475156c0b3039e556888a3d863365474075527f2ee8ab31ba6bc4aa3e93e511752c198bccc42d66bebcde2564751fa2bb3e36ee19841b3a051c228b6d95fada2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
7KB

MD5
ecc7eb4964ccf8cc111a013a4f472a1b

SHA1
5681b1af3c054f20e33d210fccd13bdc65028d61

SHA256
f5722efaf562a696cf6503cc69ac5ab7b7d1a251952fd3570dbcbf9b52796b6f

SHA512
f64be611a6d374e18722cbe231496159be0208b29551617aa380f05c60c7bda80f737669b1eaae08129b06f9acd13908bc9b357017545ad2622a39f7ee2a1241

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
038cb966c430781dc2a1fca874aadd57

SHA1
c02159339b20b55582907d315460b3fc29db8a45

SHA256
672114a16714b7afdf0ebee109a2bca3519163aedeb7704b79da16d930da1e53

SHA512
8522c7446fc0c7fe8a6d719c52d18d15ed782ece75feda3ba11b3a301ae429a4ddefb82b993a53f5b8b5bd13517de2ff1dcae449679317e02b317a6133d3cb75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
a4483aba8aebe9f84a896987fa443fcb

SHA1
3910535b9832482779ae6a19f1ae386cb124f3f2

SHA256
42970549acf16103eb05f398296a8149c5fbc02ece6bb35f925256ef8cdc5d4a

SHA512
84d348ac156e367e31e8d5d356d4291c1a8ae272f25d9e23e0dea97d30a6a4d707a622f86ce2df672b09ff090cdd1e3873b4fc2de0b9e9fae237d0aad65c2748

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
e499a158f57660039d8f9860f52437ed

SHA1
3d1966ad3e317edb363be15055bcfee067534671

SHA256
c2f30198632bd353f7a70a8318a95ffce600ee29ada850e9b6565a02a8ce6f07

SHA512
2a4c1c19ca6858cc0279c0453f3338724d9a519e00c3b954760fc4cf09bf46d4723c3fbef02f884f3a30fbf1609ff442eddfa7032384f8f00814ebc468b1a686

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
6191454cf898cb3b166736e0daeef16a

SHA1
a4fd43e588c1d5d962121ecd7fee9f9237446c68

SHA256
718bcc0deaeecd4e7eb83eadbde2cd0633bfb0894b9ded6df807e0489353dbdf

SHA512
f6573f68fb324f5138d618e89e14c5030ceb5e8618da4d2b603527fa0e472c4b39be3c7fd4f97f54f9bcedb20e3d398afebcfa984ec3cf7cff9e1eacf230cbf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
9c22519641472bf34e548cf8ec4a0a34

SHA1
de63b04149bb5cc1692283993bd4e9582824f4e8

SHA256
9561461e2cf2d34c1792f44ff29eb8b4bbe6e99e68b0db223e110de021fd6b9e

SHA512
de1d25d50ffed7abd03af63d5bf69dfd0dc808b493c5b70c16111ef052cf0919fb921ea7a8a461ecb663c8eaf2946b46b64c349b2ca5a490cead63bd4a2b13a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
2f4d328458c4c2dec49d473d253d5e2d

SHA1
297d7e92c4bbb534e81ae57f333d960b055d7094

SHA256
a3de3c4bbdcc77776a636a329f3e4c895bbb0e83e147f8e1f80d9ea938fa4f93

SHA512
8ac41948052859e3903bc4b3af7d9a23a82ae935e911cade0cdaa131758af75af81bade869502c510a39d411bdd825f1de44a2734be0611e04c9180ba53ddbbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e9d69433db9e88950ad9d41ca93c01d8

SHA1
aa421bf054ebcb11efd36a6c3ae8f853fc7a4c1b

SHA256
9da5837928ba0a5e9380eaeb707c74447747f1c7dbfa1aca4fd14875cc82692f

SHA512
5849a31c3fd81fc253f0c226a28dad6120dd09a765bb3a09c69ef11ee29394cc6c72d4af15bcc14fb55e438baab2f0240bffe4941ea9a208ca519867fa872b80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
d9abd2edb85ca46a1b1c849c07ee3635

SHA1
4504c40c810f8200c1c0b0ef381e0137079466cd

SHA256
781a766f9a97d13efab8aef53d18d6158b0a3ff1d79f836ae1e22418d104bf56

SHA512
4ff4fb984e3e2c3e2c18391262593558c23cc78d455c7315fd298fd76ab3e090670c0bd2c85eab0306bf1dcf647634957241f641621f92cc90154d385cee0b00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
8c20939060e715cabe5a1e1139d3b881

SHA1
e4ecdaf374962c2bdf57551ce4dc5cad5648f3b2

SHA256
fb81298af2af1dcd2465f2fad00313e0aef5add22381b78c6c5b70f908913b9d

SHA512
f1629e937aed78a7d869742abf7465d56d0e6742f33d2f915208d015c519c56c4746a88ac08cf3598b14d38edf95a535f7db595def53ad3d19025d1586b9419d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
da8febda78888cc64ca2699cfb18d3b2

SHA1
a3466b3da8c8434f71f4e6ab5d79525cda1846ab

SHA256
43e4fac16f0729427993b211b2ce7a4bef4938cf8fe9f06558c3e175a75c366f

SHA512
345aec4033e8f9e7d1430d467b5cf938d08008b80c909761771d82ffef09b5fcf920bd31fc2af4eeabe2de92be3e0682088e60e0e7b1accbce25836dce4c1f09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
10cc6d718489e1b901f2bb0c10b44503

SHA1
3ae728fc49eda6a2fc0a7f6ecc4049cafff18cee

SHA256
25a2e95264906c84526087b1c574c57b9c460ef2f6fd91b8fac09d195977ccdd

SHA512
c2706881b628b0fcb5b08e7210e4f603fd30a78275ed2eb6e7f58f483f16fdf06f6e610b5bd959cdd3891644d5bbea35594648a1333f840cc3159e1f8b5ec93b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
33ae5b5b72764f5096ac9eeb387d17cc

SHA1
e977d26d6d22e9b79a598c5706208b68dd238700

SHA256
70ea7d85e7c20410b3d2b5c479da4e1af7d7db7a2adccbb0d43af92eda134f59

SHA512
0f887cea49dc8c6561a63e8cce4f7e0901f77d1135046f1ee6c6369505d9d6dc7000d356ad062ccc60749e15bf262b53dec5adb726691f14c83d911b76a7a5d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
630df3413e381b914078c37bfb994c84

SHA1
7726cf06c08f1a0ba5ecfbd2482e6bc54be1b6ca

SHA256
7de4d6027302137936063fe84c480255eb908dc8a07118f742353334a9594dcd

SHA512
ebcf407f297cd2d741dfd218b1742554ed0060ab75f41cfcc6156222964fa5012dfc2959f8aa2dcfbd10af4978acc700598c1dd8bb8a57ff0b98337b2aee955a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7ab0ea96feff946d82517471b3996f47

SHA1
5e265a45f60864358094c7bcc77dd4d1f98ee3db

SHA256
e79f935909f0822fbba8bf29fb309d62c467a4108afc505020e599ba02857394

SHA512
724b11306532efd69b641f5c15869ceef48530fa93d43d002bb03ac25a8b5a9c2c9be3fa6097311845686f5a6f994a721cd44c9e44d8eb94305a54597bbf3ff5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
16KB

MD5
407fd694808487bc77b4b4e171dda17f

SHA1
486346595f15b5a2c4239271cdbc9828409fc338

SHA256
9f005dcd3f63f5cffaa0aa042490d50b868304e1ae8041b0194247a486179035

SHA512
865ce8ebf78c2ed69bc2ac0476c809fcaea66bb8442ffd4ff2c5be4934b0081243d1a5492b4b3c79717f8d74de803c373ae1d41d09480e1ca31c44e70de9f6fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
7222d476b996fe6bd0ba40e142537874

SHA1
6946ed6ac7e5c8207942f03cbf49cde8a2f9bdaf

SHA256
a5388b92dd88ee970b13063d212dc7c00bae1445dbe3299e0a8dd063b07c6d84

SHA512
59a1d734517b403fecb7906bb8f5298e794fba7530c680b1123490f48be110c64207b20ccbff07d2777d52a7c22191f27eb5f4dead3268515c6444dda4dc9110

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
75299fae3dca9ff3142ec67c749ac28b

SHA1
e2721bd5cbfa3cbbb8ce5d75449c89c5a8a76048

SHA256
883dceb09e3203776da21017f2fca7388c856b669338ca4969ff103dec2a1738

SHA512
9fbbb628e8859e8c86e4d9494ca86bb622efef9ed4d3e8c0e78a61d20e317e9f583cc6ab8e24e2974329dacdcb1a2fed49064cabf82de4e299b35b5a1e43fb77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
74c0ba08a80c2a17d442c757180a07ab

SHA1
e242f16904e66ccde2ee6d65815f28cbd99446b2

SHA256
edcb31637efe3e15d84d27e9a27b7dd1e08d54b9552c52bb32d13402d00017b6

SHA512
8c2cc30a6d3c2c3f4a6999e7861e954e3107cd369ec8b1b5a06d0fc1dba0a8e045e6d4d67d4fa482119db8685ee3fb63eb0a7c37c9ac4f8becaee699b3a7616a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
1f8923f7a1d711a8f4ac7998acb28111

SHA1
6855777ae76047849e37423cf4a720d57b647d48

SHA256
63be01003860dbf79e8ae8681da3afb18c84ae42b6d3321dc1f35f5ec6646dbe

SHA512
d963b175983745bc9b985ade49d2c14f4c99705f1d66497845c7d68808707f2657c40d7d35e0e4cc2ef484de79510f142f20c239113e255cf55e539c3f4613cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
8fe79d9acae3a85d0a1382ecb380d979

SHA1
0826b0bb80e92e326d9cc28116ea589250a8e2eb

SHA256
e35c7d210cb72e458e2cd12b231ddeea4351de458652e253057c859d8d5c21b5

SHA512
9122910fb8fc4fc9d3457b9a62d8442a0d2ce5ee87cd9129704465cbc7bdd63a1b53559c8697ac6f04f01de7038ba04179d6c4807d7253b87a00911312fd1451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
dfc7e0dc0b7e34ad62180dab7248cbfb

SHA1
a9f911182a8d7c4419b4a50e3a4470c02894412c

SHA256
6b1f0873c7cbac785aff1e7965843916a421eec50049c5462c0448d7539cb5d7

SHA512
d47beeea55c831db7fcacd3f5bfa634714dee3aaf360b45e02188341c1f3e474049908520fec0ee44ca3c01e8eb228b64c790caf65e5eaf73d7268137362bcd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage.sqlite

Filesize
4KB

MD5
ad71e51a472f560f4a35b9a694bd8792

SHA1
0182b724494421a4fc75454210f6948807830be4

SHA256
46ae8e2b15c79814ecb509aaeb416e293c023b2af57bb9182f23b06b81bce772

SHA512
39f86fdbc10b04552ab1e15b79f64fef24c5393bc2fbe88ac899e17d13aa0977b731f50ee89446ea6805f5a8eff0fb77c2729147b8439c1823bbb538b3c767a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++wormhole.app\cache\morgue\248\{5f40b0ec-6336-4f0f-a8fa-eae84817edf8}.final

Filesize
5KB

MD5
be9fe3f4519bbc6baf9a255746d2baee

SHA1
7199e68c29a904756376a06fdb26a32029d3c526

SHA256
a052ddf820f40b8bc03155c7da61a6bddaf54105c6aca2f85b37195f5e329b5d

SHA512
850a93200287fbcdcff30ccda684350d9fd4b9cb22831dbdd0c1a904f9a6cd85c139b829eb2820ba6f0ee55cf857057475e8dc171a1e79fe72d0aac0bf947806

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++wormhole.app\idb\3208730964sttsoerfaignea-m.sqlite

Filesize
48KB

MD5
12fea999fecd922bec1bf3f946b13970

SHA1
2ba127228d93fffd961b77dd26db35ace54fd51b

SHA256
7443c7e3a715ad20a9d112e7232e924322e3e63972873b2f3fb5907efad479a6

SHA512
e8d284810cace40b00b7197a4d8352d6002926d4b360b10e9dd1b88b5c38f10fef860a006651df3972e691fb76c690b07847abd1375d0e0757cad1621415062a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
62B

MD5
13afd06d89b9470245683d237da282b9

SHA1
59e5e1c51847d3413f9b5530634c1e561a977d11

SHA256
bcdbe333aa7448f5732907c0839b9c4396aa35c4537abcaf7460659b4ddefe60

SHA512
f735ac9a8ba62cf9bdef4ba9b93f91b5b0111b2f3e5847a3f5e7ad91f8b8c1721d607af3aef58c3dedd91634fa6621e6c2a9649f55f49d8a3f89f85bcdb00dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
795147fb2cda0a54753a836867497cf2

SHA1
b244563da1b687fac24696c6726a6760bf049e70

SHA256
4c5dacba23e726076570743f95f361e569a044b0d6e520ec0dfbd7435d0cc9f0

SHA512
18c8a62037f7619f8c659cb4c4fba988900f101a1a984336e73e7dbd52032d8491be4bcab0bb94663afd17d179ebf7e7a2280e1dca19dcc50744669e1a5a1822

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
4c428e195a2fad0b912480f1aaa48bf3

SHA1
52a8ec75e9ebe26a80438cfa5b234ccd96f24621

SHA256
330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d

SHA512
795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
1839f7f734ea734ba1f3aaf8882c0e92

SHA1
3f4b9a918b2497e183dab272f2685949b84bb675

SHA256
7b78744f0ada905ce57a7bf293f62b22c67596b215c09ccaf43b974ac204089a

SHA512
739244464e87b33fd893703bbf275440b31dbdf062b5d91049b01de28f4cb6035eb407d1887876faed16061016031022554b7f2e97a53e7e2eeee5a235b719e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3018d1aad8385b734068dbad441e344e

SHA1
2a3925bc92ec843db64b6db2cd6fe18ccf084a86

SHA256
f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

SHA512
7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\5d6a2be1-9931-481f-800c-c49b8f4c6ef7.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.dat

Filesize
40B

MD5
f16508f42faaa4fb7cac1adc600c4980

SHA1
237da7e8fdb9fb521aa73b3891ac998a0c2d799b

SHA256
a07eb490ea1796504de929308a1bfe9fb28eebb876ae2277297c2db8fb94ee7d

SHA512
6b5cff5d80affb016575f3fd0b09639f52d140614dc3347fa8330d96d3f6e67f050f415a3d475f6a36159ab36b516352c211a31332302186a15f57258ed82ebe

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\discord\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_0

Filesize
44KB

MD5
1f95849ec04ffa2575f388b9b6e97c89

SHA1
ff4fcc64638a1cb2e7b41ae69b1af34f404b32fc

SHA256
15de5ef9f7f45e27055d6769ce3714bd51e8f2e1bfc2f25a593b6e3b5dccc22d

SHA512
9794840717472623b44d7a61fb215dce769bdd9a1c0a9904f70f78db09529184577c388c15c282ed756023c39a572e142b1da0590c892cabba83ffb8e722d7ca

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_1

Filesize
264KB

MD5
d8712bd71dd8ed76b458fe0a1b119773

SHA1
928115ccd9de7fcea984102d30b693dfa5db76ec

SHA256
0940b0f46461ab13a8d0539a7f065d235d373ff890e7d82c50792bbec9b6fb8d

SHA512
fef91cb5168bd069593a4b68f2d6e6b5f131fa933ef315cce097c6f6633eb3f594acb146238838ccda0cef65b0b8bead00ed68ea760b800628acdcd004739426

Download Submit
C:\Users\Admin\AppData\Roaming\discord\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
643B

MD5
48f2ed7cad44eff6ab4c3c9d87dcda6b

SHA1
5dd2e66451d1711d64fe6228e77590ffe5a50c47

SHA256
9079e30f4023777aa38fc676d6b364851975cc1fb1820414a6ff372a1f5a9227

SHA512
373ce8baba2f1370b3a1c840d23e93acb707f4a88596c61fc355781eccfd8267393647e5b76dc60c45a10983c5256b2a4663de607edeea4f74494fb326a974bc

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
643B

MD5
9ae5baf9b239baba8b21ffc3565a02fc

SHA1
23c4d0ca0f9bdf9299a61657efcea28a45defd74

SHA256
c9ad880b5f0e3a04074022ffc59e82660138be9dc62c7180f877abf5dcd808f1

SHA512
16b31797342533e754e11c75f23962c9cef6cbb20f5195b1c4424e3ed4c5e7e2c4dfc4cd5ef239f472e1a3ca1c3646dba53babc709e49c9fbb25bb57bcba971c

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Local State

Filesize
643B

MD5
30fe25dfbe48ed1fb1f7b229b5c5ce20

SHA1
3de5202a62f8916a307a444aada6fbfffee8bba9

SHA256
25570f8f9a44713d8487ed270d6949fc1ec44d0c34ed877ec2d7dc33a1ad50f1

SHA512
3e82f7c61a6870233b18f009889d61504d6ccd5f9a8efae84cc7274edad5a5e1248e36992e032f688eea4163cf7e5b3a98ec4f8ed2158b4d92e25f664bfffb10

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\discord\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\discord\component_crx_cache\oimompecagnajdejgnnjijobebaeigek_1.d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

Filesize
13.7MB

MD5
17c227679ab0ed29eae2192843b1802f

SHA1
cc78820a5be29fd58da8ef97f756b5331db3c13e

SHA256
d9a253514b6a010dfc1916c55246797e5773f13844ea3ec2d25078e845fef760

SHA512
7e33288afd65948a5752323441c42fcc437d7c12d1eaf7a9b6ae1995784d0771e15637f23cc6bc958e40ea870414543d67a27b4c20331fde93d5b6dc6a59cbaf

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.1MB

MD5
aee6801792d67607f228be8cec8291f9

SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066

SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier

Filesize
110B

MD5
27b5902c353ca1528d9fe4573b211800

SHA1
5aad114403c4ec2dc88c9a112c5466aa720f0594

SHA256
1640f1a3d869557f28b2b408bd03c580b030ef247424a60672d9641b22ab7351

SHA512
081517fe37d650441799372bfdc6e1d7c554a0b2cd87fa47991c57654f4a3ae91a2eb93130047839f70897542285089a53e495341f8b387e9f3fc879618cad37

Download Submit
C:\Users\Admin\Downloads\AnyDesk.wef9vyTS.exe.part

Filesize
64KB

MD5
8fea102728eda93e210144790a5be0c8

SHA1
69bcdd28d4bcbe1dad506bf61ebfe79ead27015a

SHA256
8b505bfb4e0502898eb5a57a78c4b3f651f4d800731418115e8d3bff30650166

SHA512
37c3cb5407a4e9bb92860a7ed051c9f235bc54dfaa3a937130df203d31942d6c09af182c8ad9b3d85bd72dde55d7cbd3d32d6e036d5544c2d7b172083ac3a14c

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.64J-Rtr4.exe.part

Filesize
108.8MB

MD5
4a2bab1275706365277fbecc493b0bcb

SHA1
944287d298e5e3876d41f5416573091bfb27edf8

SHA256
d24dddbdf2970f6a51611a193bcd839faf3d7a28d4dc96adcb3c20a11424209e

SHA512
775c618c025f125e6fce586ec4727eede2761d75fc288ca0afece8723463e173ced87959ea706b4ec48ee477a92100ab1c3c2341311e1b0d4396b3a772e51ecc

Download Submit
C:\Users\Admin\Downloads\PapuGrabber.A84djxEj.exe.part

Filesize
7KB

MD5
9eca5ad739803ecff2c4cc041ad16871

SHA1
d45335518390c11363f669c462a0d7a7dc8c091b

SHA256
2d1aa9668b7f34a6dfde465a7a460e52be0d85878eb0891c50dacc242e472834

SHA512
6b16cdddf1a2e387704664e8dedbc103ffc3de2d0e59a0295ff7de0f5a339012b1b22815604bd520281382e3cecd38f80d5fae5851d4c02c1d19b044497d4119

Download Submit
memory/512-0-0x0000000073FAE000-0x0000000073FAF000-memory.dmp

Filesize
4KB

Download
memory/512-1-0x0000000000CC0000-0x0000000000CC8000-memory.dmp

Filesize
32KB

Download
memory/592-1333-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/592-1040-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/592-1602-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/592-1253-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/1556-1017-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/1556-1019-0x0000000000AA4000-0x0000000001CDA000-memory.dmp

Filesize
18.2MB

Download
memory/1556-1251-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/1556-1256-0x0000000000AA4000-0x0000000001CDA000-memory.dmp

Filesize
18.2MB

Download
memory/2616-1607-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1709-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1749-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1338-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1332-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1038-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1511-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1252-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/2616-1601-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/4684-1981-0x0000000012F90000-0x0000000012FC8000-memory.dmp

Filesize
224KB

Download
memory/4684-1787-0x0000000000C80000-0x0000000000DF6000-memory.dmp

Filesize
1.5MB

Download
memory/4684-1980-0x0000000012610000-0x0000000012618000-memory.dmp

Filesize
32KB

Download
memory/5804-1540-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/5804-1605-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/5804-1323-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/5804-1365-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/5804-1336-0x0000000000AA0000-0x00000000021E9000-memory.dmp

Filesize
23.3MB

Download
memory/6120-2004-0x0000000004EE0000-0x0000000004F00000-memory.dmp

Filesize
128KB

Download