3197203ffd2bad0b61791f9da65dc83d70f5ceff9eb9482f88801ce738b51959

Analysis

max time kernel
571s
max time network
602s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
30/06/2024, 15:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

lmao/toilet towerdefence script (1).exe
Size

22.9MB
MD5

92d6abfedee41c843ad9750c16acd300
SHA1

7a4a3afd669dca7f9ba08e4fbc43fc9ce65263c5
SHA256

b537b41e5acb2acb817cad1f29f3d6ecfa23126c4194b23b83e218841d597569
SHA512

d4de3d07b7a280010b8acbe11edbe23b5d9a41743d7422df2cc4ab4255f54af6078adf25734dd4603de60e27a4f8067046b2a510e8347ef4d31e5c44eff8bfe8
SSDEEP

393216:qm2HJxUcsDEFxDMRyhQVaHf50hHmwWlbmfrW8UQG+drkEHBXHnxmSQKHENai7xD4:Mpx3s40RYf5WemjW8KirLX+KGLGYoc4b

Score

7^/10

spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Updater.exe	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe

Executes dropped EXE 3 IoCs

pid	Process
3684	toilet towerdefence script (1).tmp
3796	toilet towerdefence script (1).tmp
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe

Loads dropped DLL 2 IoCs

pid	Process
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
66	discord.com
82	discord.com
83	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
332	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642356892216139"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{6F76B6E7-239D-43AF-A9C7-6B4248D6BCA7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
3796	toilet towerdefence script (1).tmp
3796	toilet towerdefence script (1).tmp
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
2564	chrome.exe
2564	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	332	tasklist.exe
Token: SeIncreaseQuotaPrivilege	1400	WMIC.exe
Token: SeSecurityPrivilege	1400	WMIC.exe
Token: SeTakeOwnershipPrivilege	1400	WMIC.exe
Token: SeLoadDriverPrivilege	1400	WMIC.exe
Token: SeSystemProfilePrivilege	1400	WMIC.exe
Token: SeSystemtimePrivilege	1400	WMIC.exe
Token: SeProfSingleProcessPrivilege	1400	WMIC.exe
Token: SeIncBasePriorityPrivilege	1400	WMIC.exe
Token: SeCreatePagefilePrivilege	1400	WMIC.exe
Token: SeBackupPrivilege	1400	WMIC.exe
Token: SeRestorePrivilege	1400	WMIC.exe
Token: SeShutdownPrivilege	1400	WMIC.exe
Token: SeDebugPrivilege	1400	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1400	WMIC.exe
Token: SeRemoteShutdownPrivilege	1400	WMIC.exe
Token: SeUndockPrivilege	1400	WMIC.exe
Token: SeManageVolumePrivilege	1400	WMIC.exe
Token: 33	1400	WMIC.exe
Token: 34	1400	WMIC.exe
Token: 35	1400	WMIC.exe
Token: 36	1400	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1400	WMIC.exe
Token: SeSecurityPrivilege	1400	WMIC.exe
Token: SeTakeOwnershipPrivilege	1400	WMIC.exe
Token: SeLoadDriverPrivilege	1400	WMIC.exe
Token: SeSystemProfilePrivilege	1400	WMIC.exe
Token: SeSystemtimePrivilege	1400	WMIC.exe
Token: SeProfSingleProcessPrivilege	1400	WMIC.exe
Token: SeIncBasePriorityPrivilege	1400	WMIC.exe
Token: SeCreatePagefilePrivilege	1400	WMIC.exe
Token: SeBackupPrivilege	1400	WMIC.exe
Token: SeRestorePrivilege	1400	WMIC.exe
Token: SeShutdownPrivilege	1400	WMIC.exe
Token: SeDebugPrivilege	1400	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1400	WMIC.exe
Token: SeRemoteShutdownPrivilege	1400	WMIC.exe
Token: SeUndockPrivilege	1400	WMIC.exe
Token: SeManageVolumePrivilege	1400	WMIC.exe
Token: 33	1400	WMIC.exe
Token: 34	1400	WMIC.exe
Token: 35	1400	WMIC.exe
Token: 36	1400	WMIC.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe
Token: SeCreatePagefilePrivilege	2564	chrome.exe
Token: SeShutdownPrivilege	2564	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3796	toilet towerdefence script (1).tmp
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
1692	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe
580	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe
2564	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4508	MiniSearchHost.exe
1692	firefox.exe
580	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 3684	3792	toilet towerdefence script (1).exe	77
PID 3792 wrote to memory of 3684	3792	toilet towerdefence script (1).exe	77
PID 3792 wrote to memory of 3684	3792	toilet towerdefence script (1).exe	77
PID 3684 wrote to memory of 3556	3684	toilet towerdefence script (1).tmp	78
PID 3684 wrote to memory of 3556	3684	toilet towerdefence script (1).tmp	78
PID 3684 wrote to memory of 3556	3684	toilet towerdefence script (1).tmp	78
PID 3556 wrote to memory of 3796	3556	toilet towerdefence script (1).exe	79
PID 3556 wrote to memory of 3796	3556	toilet towerdefence script (1).exe	79
PID 3556 wrote to memory of 3796	3556	toilet towerdefence script (1).exe	79
PID 3796 wrote to memory of 1028	3796	toilet towerdefence script (1).tmp	80
PID 3796 wrote to memory of 1028	3796	toilet towerdefence script (1).tmp	80
PID 1028 wrote to memory of 4560	1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe	81
PID 1028 wrote to memory of 4560	1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe	81
PID 4560 wrote to memory of 2972	4560	cmd.exe	83
PID 4560 wrote to memory of 2972	4560	cmd.exe	83
PID 1028 wrote to memory of 896	1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe	84
PID 1028 wrote to memory of 896	1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe	84
PID 896 wrote to memory of 332	896	cmd.exe	86
PID 896 wrote to memory of 332	896	cmd.exe	86
PID 1028 wrote to memory of 344	1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe	88
PID 1028 wrote to memory of 344	1028	0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe	88
PID 344 wrote to memory of 1400	344	cmd.exe	90
PID 344 wrote to memory of 1400	344	cmd.exe	90
PID 2564 wrote to memory of 3812	2564	chrome.exe	108
PID 2564 wrote to memory of 3812	2564	chrome.exe	108
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1052	2564	chrome.exe	109
PID 2564 wrote to memory of 1816	2564	chrome.exe	110
PID 2564 wrote to memory of 1816	2564	chrome.exe	110
PID 2564 wrote to memory of 1664	2564	chrome.exe	111
PID 2564 wrote to memory of 1664	2564	chrome.exe	111
PID 2564 wrote to memory of 1664	2564	chrome.exe	111
PID 2564 wrote to memory of 1664	2564	chrome.exe	111
PID 2564 wrote to memory of 1664	2564	chrome.exe	111
PID 2564 wrote to memory of 1664	2564	chrome.exe	111
PID 2564 wrote to memory of 1664	2564	chrome.exe	111

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\lmao\toilet towerdefence script (1).exe
"C:\Users\Admin\AppData\Local\Temp\lmao\toilet towerdefence script (1).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Users\Admin\AppData\Local\Temp\is-5A933.tmp\toilet towerdefence script (1).tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5A933.tmp\toilet towerdefence script (1).tmp" /SL5="$40236,23118239,734720,C:\Users\Admin\AppData\Local\Temp\lmao\toilet towerdefence script (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Users\Admin\AppData\Local\Temp\lmao\toilet towerdefence script (1).exe
    "C:\Users\Admin\AppData\Local\Temp\lmao\toilet towerdefence script (1).exe" /VERYSILENT
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\is-U07US.tmp\toilet towerdefence script (1).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-U07US.tmp\toilet towerdefence script (1).tmp" /SL5="$50236,23118239,734720,C:\Users\Admin\AppData\Local\Temp\lmao\toilet towerdefence script (1).exe" /VERYSILENT
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3796
    - - C:\Users\Admin\Documents\fa97967324e50a31\0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe
        
        "C:\Users\Admin\Documents\fa97967324e50a31\0b7106a1-9c8f-4f80-bf5b-82de83e40de2.exe"
        5⤵
        Drops startup file
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1028
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "chcp"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4560
        
        C:\Windows\system32\chcp.com
        
        chcp
        7⤵
        
        PID:2972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:896
        
        C:\Windows\system32\tasklist.exe
        
        tasklist
        7⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /d /s /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:344
        
        C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4684

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4508

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff834d6cc40,0x7ff834d6cc4c,0x7ff834d6cc58
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4904,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4336 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3764,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3396,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3400,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5272,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5316,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5476,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5420,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5368,i,762279247872971617,14042762181035413772,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:4044

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C8
1⤵
PID:2616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1464
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8114071e-ba1e-4345-b3af-cd817cd398e2} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" gpu
    3⤵
    PID:228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49bddd96-afdf-4dcc-8dca-49bc560bbb0c} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" socket
    3⤵
    - Checks processor information in registry
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 1620 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bbc8c55-8ab1-4be9-9e8e-363d8df1c9dc} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" tab
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3956 -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 2728 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77fe6004-96a9-49b4-8185-b2742e3f6502} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" tab
    3⤵
    PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4496 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4488 -prefMapHandle 4360 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc75dfb9-1655-4c39-be45-49b28b113036} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" utility
    3⤵
    - Checks processor information in registry
    PID:1820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 3 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19e15646-97e4-45b3-bbf0-91c155922d43} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" tab
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3976 -childID 4 -isForBrowser -prefsHandle 5596 -prefMapHandle 5604 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afb706cd-26fa-4e6f-be2e-9dd09433af65} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" tab
    3⤵
    PID:3084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5768 -childID 5 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {379914d2-4d92-4616-9761-614fb2e83d4b} 1692 "\\.\pipe\gecko-crash-server-pipe.1692" tab
    3⤵
    PID:2984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1504
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25638 -prefMapSize 244710 -appDir "C:\Program Files\Mozilla Firefox\browser" - {080f7f97-db5e-42a9-a420-089f704b0b43} 580 "\\.\pipe\gecko-crash-server-pipe.580" gpu
    3⤵
    PID:2348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 25674 -prefMapSize 244710 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb187b8c-e9f4-41f8-bd35-ea3c3238bb41} 580 "\\.\pipe\gecko-crash-server-pipe.580" socket
    3⤵
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3184 -prefsLen 25815 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc927e82-07fa-4c4d-802c-61aa06268ae6} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:1956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3644 -prefsLen 30991 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aab2297-3d67-433c-b2d1-87dc6a50cb62} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:3524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3960 -prefMapHandle 3972 -prefsLen 31045 -prefMapSize 244710 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfc435cd-b6aa-4737-84a7-e8e6f371ce58} 580 "\\.\pipe\gecko-crash-server-pipe.580" utility
    3⤵
    - Checks processor information in registry
    PID:3732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 5244 -prefsLen 27044 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d772871c-a104-4870-9c0e-472f9411aed8} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 27044 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff4d547a-5f77-4fa9-9df6-73fca0126e49} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 27044 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a08275d4-b37b-40e5-b4b8-7eb645c5c8e6} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1340 -childID 6 -isForBrowser -prefsHandle 5908 -prefMapHandle 5904 -prefsLen 27123 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a91685f-5394-4ec3-9e04-3350802aaf05} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6228 -parentBuildID 20240401114208 -prefsHandle 6212 -prefMapHandle 6208 -prefsLen 31124 -prefMapSize 244710 -appDir "C:\Program Files\Mozilla Firefox\browser" - {634459ca-5715-4a30-a3c3-2389086d8bdd} 580 "\\.\pipe\gecko-crash-server-pipe.580" rdd
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6236 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6224 -prefMapHandle 6220 -prefsLen 31124 -prefMapSize 244710 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42b324ff-fc88-49f3-9417-2f075b753c5c} 580 "\\.\pipe\gecko-crash-server-pipe.580" utility
    3⤵
    - Checks processor information in registry
    PID:3168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6584 -childID 7 -isForBrowser -prefsHandle 6616 -prefMapHandle 6612 -prefsLen 27123 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99280e90-1a7c-4dec-b46e-46a63ff84006} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6756 -childID 8 -isForBrowser -prefsHandle 6836 -prefMapHandle 6832 -prefsLen 27123 -prefMapSize 244710 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10d6246b-2d1f-43b7-ac33-6dfb3d23ed1c} 580 "\\.\pipe\gecko-crash-server-pipe.580" tab
    3⤵
    PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fdf587fcb577d7d98756234c649a6c05

SHA1
8bebc13cc2b68dcbd9ef07990286ecdef9ed4e8b

SHA256
5526b055e05306873afc8b2663d63474b631fd2de2b303672495587ea9156737

SHA512
6a40544853382c777a4a7ae53cc302cacb65017d6a0328be064fb9cbcaa062b0f781cfb968d54b6376b72aff2ed62ba80d6c681aa113c21aec2233974372b1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
107KB

MD5
f3dfdccc45c2c2058f3c40f5d76437c9

SHA1
a55555fbd2f486242b60908cdcb43d54fe7ed1fd

SHA256
d065bf33da39718961295125d42b78db024c5c93f43d72809f2148fbbd495065

SHA512
4aa6b5cb290fd507f754c983cf1d8144203379d557d50d3cf1cad8c1c4c77a236f1442ae13bceda19782cf0fee77a829c2e7a58bad25ac315f19f477c8818811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d6af9c32c6925855d06d5d018a3dbe49

SHA1
0183adf97ebde901dfe1f34cfb7603ee3f1efe04

SHA256
75ea66bdbf369101b2f74be5b6010e71b32de882a4109d172aaa1131789d68a8

SHA512
dad105f74a4d4bb190cb031986cbfd3d77a9d11481a82c1f19f8694b8c1d79cc29530e9196a3bfe3fc627fcd7ce8989523c88130fece836ddaaac43831c3bb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b120b4728d05151ed730e8128bf0b6ff

SHA1
a5e732982f5adfde0e84dce6c25e705de53fb081

SHA256
eb0bd0f82ae7949ed0cbdfbcbf65412afcc0a35ac49b8ec6f69d674cfa00a248

SHA512
6d849385fc2c6387faa51f813e878c23763249decf174f9b7e79257fb8cebd80c7cd4808064da4b94b77d59f1bfe4bbe473b92fe6e0132ae8878f79ee7d060d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
38bd6901e4772fb589c47336b3b58e38

SHA1
d7a0c77da8db47f13b064680fab4547a392e9dc1

SHA256
c74ae00e3e9a1e3cdc707a450f9fbdd5c219caca208b0d5c1e34cd0ae984851d

SHA512
0141422159ebf2f22bd061443fbdb10393ffac1181e64c93deaf0f0cbd5350a657f0f55039dee5c8acbd8b066e1ce0cf3b2f98bce8c16fe836b6012f3f652a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ae25c797c37523b0260197dc689fdd4c

SHA1
f1253b8600496abaa90dd7991592019cef38462e

SHA256
f70a3dff3fdac0b590b02c384aa8b070d20b22cf0fbf419dd03b5d06c99facb5

SHA512
7038d337ea5ffc4f9b2365917eb4365f841f2b9631ed7bba50c084bc19e7e3df46ac4affa7846f5fc7e03cccd6b213e7f9451188b872f2c1cb062d04e4d1da24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eccba33c4b2ef99bb81e2e660072bc68

SHA1
422e9792b9ad18569273833d4167e6ca9a8ab14c

SHA256
da1998c2e4ac17bb64afd45f0dd23f2bc25a76d01d500d198625e9cfe4aa38f4

SHA512
624f4df7fdf86b6b26d871f16bd4cc16ff966afcfabd07f7a9753aedaeb402ebbcc9f6b7187366c9dd86f353c7fa611d574d7f2b1e6ffed3276e81995e72dd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fcf5ae2abe11efb653ec6eb7f33bc817

SHA1
1e57908a09670abad622371a2b8a0e08df8b3f52

SHA256
68ef7dddf2ac9a035d324b316bb59a46cac5cb6ab5a1154293306b3f38465ef1

SHA512
8114d8d6b53a43682be9b8e998250b1296ad14e58e588b43ed90f40fc16a4e11a957dceb421fcc54d954db6f067b42d160748236938026846c31ffb9ef64ab86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
fdf60a7c618ba43b8a2d087eb7e4f27a

SHA1
7805c00132492ea5a0bc35c6cf2607442bc2c43d

SHA256
1afe678135e49959055a7575768136e79691a904273610dfdd336374d3ae0a2f

SHA512
87d46a23f4c58c4824e1ee845bab48185a3c5e256c052dd5e8be02d94cce4e5e9c19b598f0867756a0cd83fcac64c3f081092471a4021a98dda32c2f4a84776a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
a56dff066e3d9b2c40cb1a1b4740c1f2

SHA1
4651cf5c4f6f6ff3cfa9eb24e2ab611f7d0897df

SHA256
c65ee47390f282b81a93d0d29be892198f1d2e5604a3205a986b90cb6b6db5ad

SHA512
b1811dde43e449b2a1f8b1e14b7af8dcf786dba70998571c9c1e3fca828b4635f4a2556f5f52c71945e916f8282ff0e352a413af25b9a768fd015db852afefa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
dc9bf37728784beaa8192b6a434719a2

SHA1
88ece5be7365d4e63f95e6c48a8b9acc9c48b5a8

SHA256
3e86ab1905ffbaf0e80dbacf5f0f239a5b1d19e45a99937c953a60a4d79511f9

SHA512
09d57d04764723c119c62950a5d5e146791dc240b08e5eed6c51f23758277b20a6b5d25f54f3144d3c7473a25364dd23ff6f5acc747fa6dacdd9c77f893fb892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91599caa7f68b058a990bb8e1e540325

SHA1
1878a8425e4c41df59017c947c8575b8a91d19aa

SHA256
ac5f18f524ce0c8a71dcebefaf0251e458b1769e02f24a96d9e1aa857d773dd4

SHA512
11e8b11b0e70b0bd120cb73831cf0e47e3ec65131a1070d2062fbbb5cdcdf85ba5f0a9c7d5c9b435a96ec2bb34d5ed597d53257e20cc954ab854b53092a15b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
87108c1b5afc6d70da8b2d14032e6c74

SHA1
8091b03958c3755ad69d3c973dc5fa8a367d6172

SHA256
72d24a1471224c64c0f091a7cfb25d1468c5d296c7a8f0f11a5a3fc2c1882a90

SHA512
9a15d514c4502cbea2fad38d6e1dbdb06ac5904fcc314b2623bdced023625624f6a59faff23521155cc536d2f36c021a5b6b1e7112283db97cd9b1a579c55c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e751e8154fc08ffa695284e46dabfbea

SHA1
4266e515bed4b1771652428b5ef1e7d2206a0afe

SHA256
ae7621fab3d112a2c2320b80531bc24a9ad3fa037db54bdf452984e2a005a150

SHA512
b4e9530a7fe62dca4350955818f5b43b61c9d7c363bd30bfce0a0ed3d5618565499120028cc075650e5147281f95a55d41305711d3dc8600909ec283c205bdd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e553d5f65740573ee39cab4220dee1a

SHA1
2495b0897c055768104b0678933592a6a5f220c8

SHA256
440f8a3dcfdfc8e39ab27abff67d41d8e6e7d72a13508f29cee4fbc3205b990e

SHA512
228e01762f0bbfddc52cdecca3c3e7973a44ce404152f7ff777d2222ee94e3e35357cae196ee157cfd63a938d3b89d61f574732c5193992026e6a4597c1b10ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3bfc86ead9b374415857e2cb84f3282a

SHA1
672761491701e5e281f6211c667788849808c805

SHA256
f6cb8af59585ecbdda4dffd348d5348a01382e2229dd25cc83aa23747a0fba46

SHA512
9b5d2bbbaf3fcd23afd35bdb5a9e11a6972dffa14c56add36d79eea1865607484eea9045e76e03af44aaee862847ca0a20e8fd321b2ed17f96a17449b38736af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b7cfceeb367d16c453b4349a37f3adfa

SHA1
32f5b44ab24c717a7d2b7e9af579bbb4870b2f14

SHA256
4f36d862d1f1ffe86ceb968dbd07a6856b93c7e5b85ffb69e549c5818d1efcbe

SHA512
26aa902effd70c2773a96bfc6adb669e14f2a0f6be6b19447b46e3f9c08f8eb56e8f4a1d61018e87aff0598cbe103fa8efcf111f7db2a35989da205888bf4ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
10895cd77c792f5f7377daf5f5cf1583

SHA1
f68330c1e50ec9aea8585e025561bfe3a457450d

SHA256
7707cc2147a6921d1715ce826459d1d3265c59743887bf30ded5ed0488e1a4d2

SHA512
a3d2cb5a769670e046739e310d2ff8b795571b12a135660afbc8fc2700b1d853c27edeae2221a8791e26168880e422116d8bc3f97e1200ceb7025675a7be4ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
42da1d48882c7238beb3b714389d0499

SHA1
b014d2813b47bd54ed6702b7879a35c29262268b

SHA256
c89427d8cbc08a534c1dfd5496d5fb35aa835433aa12f699acd16dbed40fd52f

SHA512
48aeb8919324a9d51a6682671bed1225941bdf2c1417ffbaf3ffcf163476e005dfda37eea507947a920ebf983989ca4b200cc54be6f1811dbfe05e1f39253c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3eb30396fc998b8c9f705ff4aa1c24fb

SHA1
f602804a9b8771aebc9bc5a3f049bb8d057196c2

SHA256
1a56ab9c12d62b817c6fb60531d122398e0d6081943fbfc1f4a4eb62d6703d41

SHA512
c2c308f6ad7ac941e680c9358a40de84407afcbc47495d8683a583113ce6e2a1368b5d0b52d1d12be0164503a9d1f16df97f064887f3d01198360ff9994f03eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
778f3d2d754dca60505ea5858ed05c47

SHA1
43fd47059b49dee12b7d7d6ac08ed91be30d133b

SHA256
fb92705391fa5b81c62bcfcd3f954a3126bb5c0ffcf080d7dbb8b4be2b22922d

SHA512
487be1cfa48c398ccad05ec5d64108025ce9cd7e273ce7b6d651ae7caff269e8798e75bc054c2208f8a4374247157a785230a2a7a920c1445b487d9314d4345c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ecbd7b6c69426be9081c0fdbf3ca1279

SHA1
bbcf5cc5157a4ec717cd91374c0e71bce4f22ba2

SHA256
117d484171272c0991e65714d8886e5cb121a7acab256fb5da6255e575014753

SHA512
d8b367f72b9e9a81329e5171edd233aa11bf1c3fe553b7e0ab06d725d12bc5aef15104446eb4549734262ca35cd1f7bc15bc823304da75698d7c6d557cd4a56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
266c1759d16243fc0e53d5d2bb27b1d1

SHA1
e4457beb307f86af969bcdcf323072a6ec56afcd

SHA256
a3c0a401d4c5487623f5d55064cc765937e010c187666f32034c84b67ba110db

SHA512
600da02be6c1cbb075ba49dfc8c69272d339a6383a68f67e04add452b24d7a34ed943e2541634111a7a745703f12cf016b2cba7429d9f061af9d374dbbf575c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
022aabb64f3d9927d91ce4c31df96d05

SHA1
fd15bd50055f0d5cf516a827e406a0aae9b5020e

SHA256
e9e8290124a43c9e00588a4154bb34483fd60f27336ab5ad61f690702761d2f5

SHA512
995d500304d176d10b69585a6e8f26e55c0e55574de71e6c13943c7cbfa99d81193cc21ac197cc6581b6431fc710bdfada86dc815260eba4dffd0cada804f1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f816dc23324899cc3baaff39d08cda7a

SHA1
4d9ab533f987e510a0b00d3c322d30df0d607db8

SHA256
1a0fa18ea8fc198b62c62cba87179a981f3b6cb7ca692e71fd76d1619d0be849

SHA512
1a6ab67aeb09ad6f4ec87aa3c313429e8a50870c77e314a22f08d3cb07f4fdcc52b14dbd5c8cbd5fe66aae60bf85daafd2eff1d5b09f7d55c79af79677fc5f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
97f9119404c7046eccc6a2d5b9a49115

SHA1
51598bf20bd13b455e8c8a2a44ed3deb4dfffd1e

SHA256
e855bae1247564da6efd6b814a7cc16e1b7f459af637563c54fed6fc3c719592

SHA512
d6fa87a08a8c888d9cc6872f987c87755c6a12e8c29a6cb2014df1ec801121a541ccd4ba09e9c5565613e3b38f293573f460e541ede2a7e2ceb7fdd89c01a88a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d72437ae86052638cc5fdb0406f6af51

SHA1
9719867a29b194482103c8ba1193dcb450b81f82

SHA256
dcafa07e18973423d40d6e4aa3f2225d3f41ca4e4d227b08aba289fe73df88d1

SHA512
365ab23da8675dd22cc090143f0ad9ec4a2708144d79def722bfff9d558a584839a608f6790aba4bfe185a3a1d4d850afecfcfa8a610c2a764534442d0d6352e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
245e297e6ab8d6131aa33a6ec319dc34

SHA1
396019334f83e0f61a2497473f6858c18a970236

SHA256
d41f72dfe3253da3a45759d6112359b26df2ff5b077db0b0cee22ae7e5f1a9f3

SHA512
af7220d96dc376dcec82a89a072b97b36a46a3f73f6c36d3372716564968ecdd16bea4f030e77d46881b2519821c02a80a342a3f368eca1471febec77f400632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3ff2f93ebe90cffeda6e5669b00be7f3

SHA1
6014308d40924aff3cb5e3f1abd9975e77b8afff

SHA256
b73ef756aa1e820288d786de317a2b21beb6b216c390dec316137fa8d2f46495

SHA512
9e973d678d77e3e78ea451deb7e1cbeacf65972c9e9b4f546acf417aed6297e12823d966ec7b9a4e8922e977392b9fe0b09f0c722c938d5f37e0d11ca3f85c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ecaa67770571596d174d664ffa4b912b

SHA1
a86af1e31a4705067c9ab156e9a71c66ccababd4

SHA256
821e5c3ac294e23e76a2517d7c0e2c7e18b4a3b81b59c1e41901bf031ee15338

SHA512
e9823b83da605cc11331dafa7887ef947a75fed738024ba73e8edfeb35f2cc493d64640d0d5a715a9cb1413e4b056377bcb6284df9ec700dbef34cf5839cbf09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fdc1f2781cb5453bcac166526e643974

SHA1
8cc6e96e178d395533abbd4aefdc04a28a2639b7

SHA256
6d791a4bf397fa2647298b93da1cac05110279b6bc53d48ee7999123cb55e42c

SHA512
b371da8ec7bb195e73899ce6f3ec9deb2422ed5b93744adde2278d50b6285cd57f9d61f9f2cfca08ed5826cd6f2e92a58d1186f8b4b7cb7671788e488a8b48c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2dbad60dc9f2e4a5262c00410b939d8

SHA1
3c0898a9da2b15f0a146e72dabdf7f12f8f42697

SHA256
7a1c35774638c37e83508f6fb0d3293c86ae67face84a93f6ad51c2c673d8a65

SHA512
4af387c81710064cc14ccda19154bd2b45210c528a3807d5e7b78ac6dd1d7ff09f20cf7d8f24f06c281f52bc4e748eaa4b21a6d0a434cec7c46fdd2eac52f451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9b5df6ba658b3666338684418acab58d

SHA1
53491de21506b42039f66307b0c18e0a2a798855

SHA256
d3e879292af7bfb4394c854dd91d9b0fcdbcfee80324c463840c0f31706e224a

SHA512
e1cf895867f82b12d17e961424fb2abe05829f8d038e725f754d374db979fd883c328d8ccbc453ab922505f78ed46402faad9578473031004b583e43a923bec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cde8367d45666f7205ca34e1bf07b823

SHA1
a8c025984f79d83d3ad205974c6a5222a14ab9b2

SHA256
5cd8df657328fd107e592806b0e614392746394f9aa8e1a48d97ad08b05ba01f

SHA512
a24d7368f3ac7b47d34e1383bc9be36eaae469101a798e0f9fc85b3f7b410e023ca6a20c342e1b36db771aae1197bd4dbe288ae486da4e7029734bc0f3d5efda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fd62fbdf46cd422feb4371f7fef290c6

SHA1
8b9ce1d83887b5f24a3666869cc08d89b43114a3

SHA256
385c6b41ac93e26f8b1d554b0d2bcf58fe37e4553b8bec918f47b0f6d0f7fd86

SHA512
717205194e6c593930270c44ed26e12756c33689acf3c26424b27e0a22ba6cb7e4b0e8b438158abc8536caffb9b452e99b8b4b5691cee019af8065195402825e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b31a4a41ce4ca3e1af217c9a2c9a6ab9

SHA1
21e1b35cb7a1d735906d7ef4f8fef5234492e451

SHA256
00b8f132845e54ec9c6356d3391148e40dcb4bf052d347488d0e0227190c01f2

SHA512
21761888b97d117703b6b98364f9142a58adc5d769322b9e5b62b43410d23758f7e2cd381f3a2f4a0f66a230dc66edd4cdc0db2289f9f2b7a5493f17409eaad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
aa15ccf4cdbe911a0ed7271f34c43956

SHA1
e4ccf4c9bddc3312fbcca216e31bce0ccf7f0d15

SHA256
a55a02b0f7bcfa9871aa5744369d3ab5a13a68ef799c831089e2a8d931f13130

SHA512
7f6ea2640c244222a3699ecf06aaf184409bd79cd7d2466e5f0e23fcb31423e164ec30bf878a8a12639222937622a8b2a5f54d5523aaece58807f4fbdde3a5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
db4f1f249d8e4f2c8165478e4ef58c6f

SHA1
232bc009ae6253a9ce6b7e72f3762953554e2c77

SHA256
19c7efcbc98991be984332b23c9f9584c2b5722603069edf02c88ed7e9d07048

SHA512
923f534ed06123a239753cd3dbb2df64da5c187e60db6ee251b13388fc4373076efabe31831cfa3dbe489b9c604ab8c3fec9c9881e3f8b1ac6fc571b41dfc981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
86489c633093b78736747bdfad9ef164

SHA1
332cf549402f6891def60b69132379659f080249

SHA256
b788382d918f0792cb1b7c2efce1869cab075ac7bfea9f4a872926b50fedc361

SHA512
5835d137ddc37011f562ba909c0b9c5bd8a2ac0eebcb41e917ed28f0d40e10909e73213949d2979a3f45894529d4814b89766991d1326bb28fa3e00c9e438433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
93e7bb6e76c40ff8a288f7ee746e4b14

SHA1
b6c0efc5466a883d994dba50a3afadf231d705c3

SHA256
81389ea2379941c70790beabbd0580b48654e0f3d6e95ca71a1230560afb2c1a

SHA512
d929fc51659d61d7ad7041d21327482ce20483c86e6f4b0d2068e71f792845ae2976ad0152c9c837737766b4da2b5697dc8591f92e0b515db71bf42d97786efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6871e7f0-d463-4219-a51a-02d2a9f049c4\index-dir\the-real-index

Filesize
2KB

MD5
bb776484c512b37f96ad8c2bee2b2cc1

SHA1
d782dc3ee8a284e67b364b8c0465430f849bd38d

SHA256
b710601862391772a352386128ca1a5b56126f00aad02afa8bd1f048194e2084

SHA512
93e6026aaf1802f71a7c51a6c53e4e96a2278d259c6366a77026e6b9a744721fb41cc2e5d4fa32dc5274e7b64d3df8a29104642430e66c83ce58745392a3c236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6871e7f0-d463-4219-a51a-02d2a9f049c4\index-dir\the-real-index~RFe59b8f6.TMP

Filesize
48B

MD5
9e196e66cf1afb5306c251d0a625dccd

SHA1
39e9e76c717b83e3287fe73e44742365a2cbd5b1

SHA256
51ad64b00e2a96b861201038e411743c1c54ff3e3b613891469a3782835dddfc

SHA512
6bc3c5a849f239e98bc8fff9c66d06afe583f39bd7072ab2d145ff01424f1684daeb01cd08e81bdc8c7027c55192633923ccbf2711410bedc162ecd7b58bfd1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
139888bd78d8ce3e9f8ead2be0354bb2

SHA1
0a0b0ac03968c973934123de57078efedf79a3e4

SHA256
695ec82f875d17a48ff67885219ff153c2972de8cb7ea59194d502f2a0e02489

SHA512
890eff032f434a5e9aaef5f9d7f54fa9cda3fd783f748e904fc4e4e4e94da2cb19a263bcde5e9d58343dc1e746b350828b72aeb3911eefdc408c5258dbd0eab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
d81e1a8e62a0d287b25dc23bb9411b07

SHA1
38af2a6a829730d0baf6bf3fa7b9ac48ea04051c

SHA256
e1fd72a774f1d16f8f9bfe4e51c117ef5b034b7727c319ac00d2f3360e62bbbb

SHA512
bfa79356bf62707d0b721fa90a3177226941bc45dcc5b2c8d9bc9faa8c613048e609be8de69bc027f39249b46184e6c83386733018d1e00303a7614b1068e9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
3fcc7c447a3d34a9bdb09496fc214b78

SHA1
90eb4aa9b1fd125bcbc45039e860a62ddfce91cb

SHA256
68e15d87b2e967723ef5ac48063e969f2185d67baa0a37001df6f7eae59283ca

SHA512
1912d30d964c97a51a4e1b8cd0ecc5b3e63017190179b352f8eba6502320447ae1d133b54e84d10c0a9bdaee82b3f2e82b0036a24c461675aeb37d747682cf83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599f72.TMP

Filesize
119B

MD5
af1d13e81ad8f369015aeb10341753a7

SHA1
090d86bb492d6a4c318db1835b3fe1db47bc5595

SHA256
add261b45160f1c5a4a1634e5c05dd7a4c19cb83ce36681a2c1ee09614081f9a

SHA512
14997d44066cab9303d0b0c61a7661cdc99f8b847c4deef6b2cbc8bb226dd6312d9e6401864b093020d7745b8bae17e66abb09c02066596eff6d17e09d336320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
05fca39396a678e3ebb4eaae46d48bcd

SHA1
83e7da282ecdd54502f4d4e8517926397e29d180

SHA256
642e44ad1e5cc25acf504806a9021059fc4702016a6eaed59873a93bba84595c

SHA512
cfead90292fb7ea8bef10a152edca70f89ae345a33c4904329cd6a8b7ea135bf356edc52bbe6a4b5060d55c6e6c94718cb7b7ad808ad02dbaba63e980d20efd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2564_189035538\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2564_189035538\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2564_740106281\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
169KB

MD5
57402868ac1a34a2651fe5112cbf610a

SHA1
52eee28ce4073e70d62b43767c1618a8fbc1b4bf

SHA256
140e86c3b93d6282601d481208bb7b6944efb54017b849854f469aae5730ac3b

SHA512
494fb41d2390332364425e6a2b342a0c85ef3c18cc079c310612b6355a0ac596958f666156f8e9360b15b0f064bf29c16b70442b1b373da2b9f7d510fc175ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
169KB

MD5
0dab67e44281ff072b059f95673f4ce9

SHA1
b67c3c716b0e4f7fe967b36cbbc4922647f15fa1

SHA256
c8ae3e3fe2bc7252741542ad40a58c1f4e052dc86985075a53c6c2e6b7e8bf2c

SHA512
16283480f7f8b9282f50af2ff580715faa6e49c226452511bb007a3a42d8b9fc174f26d70f35f249a4ae998cbd1b289e1ba869bdf8ac464235ac551e2c33230f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
169KB

MD5
d7797d0b422b27b16f87f6979a169913

SHA1
0b5ae006e9f6b800b70d5a76901e380995011ae5

SHA256
0fc8d9739fc7fafba3dd4e8a3e9ed0ff63099a61dca7ab4e49005e3a4ca53be8

SHA512
e986f094662c4fde81522f9730bf11b247742067db7dc865dd170bd8be7adfaa53d9771696c5ca4531e8d0cec0811d057bf865226557bd9daf87baf70f309cc3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
c15251b34a74ef9e1a78953e43584b1b

SHA1
a67ee196dcce35ea896df6f9a916f44576b22025

SHA256
5d96b8bb2c1dad4e34a870fad339eaf72d524630a264ca564215778c600e940a

SHA512
aa7213d68c88c382fc11d9b86ac2d47114b84525d93504fb8821b05c13d2e810252d55d81e681b754010ea6e8f02b0ae9da1049db7eaf0ae027faf086d215bf7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
8e3dbeeaadfc95203677da5efc3ba455

SHA1
100154888d8412262d7f8a928cf95f4355bcd825

SHA256
1110bb89a9b3d5b780dc51f8b18952d7153f1866a74b44af4d2a5914869ef169

SHA512
8b2e3adcaae627ab7e71af4236a73df28ac910407ece93faa67a22c4a60e8355a0e266c7190821744e745af53810f80d4355faa8dfb86a1e388a0ce10387f1a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
11KB

MD5
25692ca134e69654a0dde7f6df77ff96

SHA1
b66bfdc880197e2bc1c189e05177aedddea6dafa

SHA256
1e26d77a0571e25233bdc97ed6808280d9972be4c79ddf679ee083bfa1fe01ad

SHA512
6f413f9e55b06448e6f7883e2b701d6467efefd1d8bf6eba61dd580f08d49efbe5bc9b901216a6de6fbfead2794fcdde10f296e213f2eace34638d073e75e6da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
1703ecabc3bbcb81b9ca51a2f02e8b87

SHA1
f14b61c89a12276cc13e92e0c490999d22417dc6

SHA256
38d8f19fdfb46c06a69ba2894b0b7282dd89f66c8b0efda137afcf12f06b965b

SHA512
18fa78b0b9d011a7565c218468abf643c8e0e3f2fc745dc1e96cfa986d315758bd46c3a2ac2a968b82d879505c612c971c9b95e5eb6143a7e3e5154a9f28f8c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
131KB

MD5
a1d04cebf0328ee31f62cfc80f28e678

SHA1
8a894917c4c3fe7cc76f4707222e1584740580a1

SHA256
e86771099c1354c6c2f50497013ed694da71225c22f116f8d6bd3e126dcdcd34

SHA512
be6ffa7171ecc7f503c9d1bede7e49aa4a8328995681ea5eebf4c166e9b56ffdef258482fe9b2df755df651aa2c5e8f0332446a559f63182347e85b9f5243f90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\ads-track-digest256.vlpset

Filesize
54KB

MD5
64d20d05a5e1dc74631f0b7efeda7ee9

SHA1
567a2116f2a6e7db0306485e64b170e7c8b6e3ae

SHA256
b224780de64479dfe67affae848dff9e838628ccff1d9515cbfc8ee074bd48ff

SHA512
529b682913b709af8eed4fca911224b1b691e94aeccc99951b8c970dfa8a7776f9ff2caf311ddcee44910bd7e3c419fce01cd8f32f41aa781ef3e020569fd3ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\analytics-track-digest256.vlpset

Filesize
12KB

MD5
01c9d44786c5994b56eccfa294d701f5

SHA1
1f1ec326e812ec296f97c675e39c60794920ffbb

SHA256
f3560ed7c826289cfd01f757d3e20273ca261110da70eb32c4d32d3c2e4aa2fc

SHA512
ed6742bd469d7d20bb94e5339f276a6b202706e04c34ad5ceff99549a6632fbcebd7bd5510843c0cc589b508cc80f45ba6bcabeb330d2bdcee9f1ee38f662a03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\base-cryptomining-track-digest256.vlpset

Filesize
2KB

MD5
75030fc0c97997338ab538b7615fd829

SHA1
dac3d0bb59949f922b99e4c0dcc6c705842fd6ad

SHA256
50780f9fd932d7707a4bcb454c7bf031205a22fcefceb5b9cbef3fc43acb9bcc

SHA512
21ad8d76b2a24d5cecc065ba9b5250cfc0f29265e741ece2fc30958662f7f820ebef5db476636cccbe5ed632006ad0fab22c42a05b714cf89a2fd93a89790174

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\base-email-track-digest256.vlpset

Filesize
6KB

MD5
213325f07445a473bc8b8e39ddd01f1a

SHA1
20008e14f24d114deea0193f3d4f41926a1d42a5

SHA256
27dfdce520faff676208952b08a0c4fdeb47eb8b506f69bf5ff2344d2b1b5a8c

SHA512
06ad311be8844db4d42250046aa0b875239ab6c31b5540d056f30ba1ad262eed0baf567717249574b558ddf0e0814f08554dbac4331b08abde7b1293c023342d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\base-fingerprinting-track-digest256.vlpset

Filesize
3KB

MD5
616affa2edda8a3e06dc1b85387d4246

SHA1
432e6e9144cc96cebf9f1b25b169eb0c6973dd44

SHA256
b2e4bb7de736b399f2caffb7274579f46bea111966ecc459ea6a6c02bc2aeb85

SHA512
98294b41e7a6020c2a6623d3b6e7b6f4b93f5545f4aa39470c6f588176d36febe3ff6fed102e215f0da811fd3d8926e81ea670c4d4bd952d62f7cbbd26ff98b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\content-email-track-digest256.vlpset

Filesize
8KB

MD5
af57a9620d86696b2bbffd0b7499e8ec

SHA1
0313dc7c50eb67d5974a95f8ad328e6d418751da

SHA256
ee6ff9bf6173569890e1d04556f5d25799898b3f18b7ac1f5a019d36e5d4e2ec

SHA512
cd5f88a80a0be1bbbb2b90b052df13dc6b2398e09eb4f20d613f81b86873701e959a2c33105730e338c693ceb1fe51c0e3f92b7df158c754e2f17c97a4c1db9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\content-track-digest256.vlpset

Filesize
8KB

MD5
68aa5542abf4f84cdf32f68d15ec7d87

SHA1
d19e327117566e16129319bcec12b11db1c42e47

SHA256
e80b6d551b6b93cf01fa2774746bcad9d365f509776659b84835f30e0aca1ca6

SHA512
7679f7a14c2bb7351789d4acb2b8edaea2c4f613f70492577d2c91afb71574087088c27727dfe0765cebd19dcefd0738234f64bff242a75948c61e066e37baaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\google-trackwhite-digest256.vlpset

Filesize
1.4MB

MD5
c0e1ac752cb716038a8245aa68af4c1f

SHA1
52152c6f058aab68f996311e424dd30341200fdf

SHA256
e448d98c433f007a572960b5a956b474528893020773110d6921767becfd3837

SHA512
a44670bb0e64bbc28bb647716e000405688cdcf62b841619fb00307b29163d9477c79260485d0a7675bc0f943fa343ac01d2225baf01b27ec098e2e2354b1150

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\mozstd-trackwhite-digest256.vlpset

Filesize
290KB

MD5
41fae052da51d99364071f405c6c003e

SHA1
04c88b9e06fd189859e283d0e8f945ccec7272db

SHA256
32fd3723664e71d8b405ff333c9140dc5cd221b7d20572255a41609a95001db6

SHA512
a47ef3facfd5ec05e8579ad1759b131eb2b53f55e47daaf7924d11d26c2b5867b489b0fc510245f13e960e7485ee1ed3080e1747033ced720485a716c119282b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\social-track-digest256.vlpset

Filesize
2KB

MD5
724e72a447fe71f26bf2d238b74ae4fc

SHA1
f523d76ca8dc7cc125572e3d72b142de0ab3b387

SHA256
239eed59fd36f00c99db1e31a50aa8b0151e4c9a10c73b2eda66c7370c591e60

SHA512
dca33c41afba5474411fb3f5e0a1b59aff4268613ac04c9ac9eda1a9c6dc705de300a9b8343dc7aec4f1cdf2dced5e6ffc8c48485f3554fd4497f7dcda4442a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset

Filesize
485B

MD5
daaa03bd7519da1744f99811880c2e54

SHA1
3712d23c4138e87c8213678d0047968f6539eeb4

SHA256
3de18607bf87948b854949674e41d74373a8f8def1fd4e84b33a61bab84de49f

SHA512
cd65857f2f7c8f967050671b91ac85b7497fc2887332a5f289ec747ae228e4658d1b8b6f0f856b47a5d2d8346436000370fa85af9038e1870dec32ac62af34e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\social-tracking-protection-linkedin-digest256.vlpset

Filesize
165B

MD5
530d70dc8f251c579d059f5b1b73fa9b

SHA1
78b2a695f8741ed92e534ed431494d1adc566de6

SHA256
db7ec6c7001da7cc14c7814fcf8ccb76f689d20adba407d0a2b90febe1260863

SHA512
3e69371ec0801f952072ba0bca007b6e433eb744fd2aa8228d5ae0a0ed11943eb6bb035e44d05a013803eee063740fd34fa02a5bec18ef5175ae2472734f8148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\safebrowsing\social-tracking-protection-twitter-digest256.vlpset

Filesize
293B

MD5
8347e3838b3f176a0c4f78364fccbecc

SHA1
d68d4ff0bd768fb685bbeafe39187110c6ffb32e

SHA256
510dd943627bc1e62bd8d6c01ff3b448934813084c00390d33c9e60772bb529c

SHA512
41d7235a324bf27bea6cbb31271f20b132ceba2e6fb5a3f9acca132ac12771237b77acc7f5dcb8e11571beee1d7d6315ac1723476cf4c0bc3cb01307e8b22e1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\scriptCache-child.bin

Filesize
462KB

MD5
24d6c20c2371bb9028a30bf2a6c873cb

SHA1
0c3e9dd4ae0d70fa241ff9c9104bc8800a8e703c

SHA256
5531f258fd34995aad0248d4781fa9182332fdad29406e3dee6d99fc2b7205ee

SHA512
a06ec9cc88980c6a9c8f18f65a205599f49eb62071d5a06e0328853de9e888687eb6eba70d7f0e4bc8d403a5cff532d2f93defbeefa3d469986c0466d8e02dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\scriptCache.bin

Filesize
9.1MB

MD5
5485b3179b2d9e296a619d6ddf050e71

SHA1
6e7a2febeb1efb4f6470a456095c69298ac49d8f

SHA256
8775604e458df2c3cc7b81cce8faa5b953e609c50dcfeb6880c4cad5b48773e4

SHA512
e1127845529337a7d5ea33c64f3cc97536b0883601f9ae0768019c67d7af86fc78b3d51d6e1fd52d8e70574bf7d347ee06d27c090e79c86c3a41aa3c426383a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
47a9d61964b51005cfa1153c202a3ecd

SHA1
a87c0c96ad19a1c4cdb61d81fba7bb56b1e345a8

SHA256
68cd9a52b5ab499db099512179dd405a8beb1b4b47636081cf6494601c024018

SHA512
a19e1a10daa57f1288e1d39a4bfa91e88aee061143cb7dc7ce462a0678c26657b071020654977deec90e521bab70e5c2d3b0a43e77ba49aac371db02ad0adddd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\startupCache\webext.sc.lz4

Filesize
108KB

MD5
e9b786067bdddda67a5a025f2348dfdc

SHA1
ff0cddbb44f0128ec6d00cc1b6ac7ecd97879219

SHA256
d02c52536523d8bafbe20018909b6c69ffe009c924a2cdd2eb1cadc3826fc463

SHA512
6ab0d0d6192cb4f2beff4a18ee9587056e47f6d435a65fbd2884f2f635f4e2f924bca1aaeecd39a27bf8ece07dd1bec86a78aebc665c73245499a38861b3b750

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
18951ad4190ed728ba23e932e0c6e0db

SHA1
fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0

SHA256
66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915

SHA512
a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ee87a5df2cec41353233851e9956d539

SHA1
cdd287b4be58f5ee3464c31c9f073daad13f2eb7

SHA256
2c25ce8141d1e6e601907a4d54f367ba7f6032c9596d24b30a245d94b719c880

SHA512
3afe8451239bbfa4c7cd6ad4e123d8558aba43a570998ef76834dd12b8b0266a4c9dc7bf57dd9a903208a029f3a0ae54822f1ba1d29414615bdcea963b062379

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5A933.tmp\toilet towerdefence script (1).tmp

Filesize
2.9MB

MD5
0614e02107a1480fa89d1f9b44525b4f

SHA1
e4a603a7639f07e11dd604149b69812b72c8d922

SHA256
1149a527f7a0b30284aa2db00816c0339a7bfd170e77bef1fa3d70c26f210ea3

SHA512
3ebf405241a48bbde0bb80df5f92c8330db440478450f53794989c4def3ab7b2f72639785dada21a39cc75b17d1a29be9d1298a31e54dacd52cecdb231c39bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd\@primno\dpapi\prebuilds\win32-x64\node.napi.node

Filesize
137KB

MD5
04bfbfec8db966420fe4c7b85ebb506a

SHA1
939bb742a354a92e1dcd3661a62d69e48030a335

SHA256
da2172ce055fa47d6a0ea1c90654f530abed33f69a74d52fab06c4c7653b48fd

SHA512
4ea97a9a120ed5bee8638e0a69561c2159fc3769062d7102167b0e92b4f1a5c002a761bd104282425f6cee8d0e39dbe7e12ad4e4a38570c3f90f31b65072dd65

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

Filesize
5KB

MD5
02fff9fbb3b4d68b386b0ca770717cb8

SHA1
347cd7a9b3850664b9af15cce468335fb33ebcff

SHA256
6c66805a55cbfbdd096b7fd26317c52a3cfac6e2780b59f60f80caa6a6d5bb98

SHA512
5c70b042377955640e31f600dd79a230e749fb76d43a3b5ba7e20763ffa78ad70686ed1f39c743316d68af599b6131458d2a4f1adc40983ce4342e9bf9359523

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

Filesize
7KB

MD5
ad164f5d625a7855ca947588ca361768

SHA1
a83453839c3e52ae9456f4831021c3aeb9e97f36

SHA256
0586d77e7846641c37ab3641509d8edcee1b6775a24d75daffa8614ff9772004

SHA512
f99f4bbd3bcbc3e748ce03f33b3663ae7972f92ccb2d381e24be6df5733f704dc3408e65fcd72a6fc6de9e8a4cc3f1ef6fafe360823140fea95afe36448d3fd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
e479f648e373ad6f3d7e92e83eb7ea09

SHA1
c4c1729c0ec316d68838495863d9f2a149acd16b

SHA256
e6f62ea2f80fb4ef014ce90834d8f63432ee0d9ff25089e433ce6b19931dfdc9

SHA512
32ccec20d3ac7344b9d6ba36ec855042d3328a887f0312ba94704633ff55aaac166af0bde10b1b6a5ac902f80d1df0b9385e985649c2c8069f7e050790c6be6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cert9.db

Filesize
224KB

MD5
77cdd24e4be14f127e3268e609474bf2

SHA1
281f8422472a8f7dd484687f4b8d064b863a3f80

SHA256
ac113a781a75428f1537985b4475acfe86b08e779242b808780d7928b4797281

SHA512
3e67f61c85a95199f001deeb2a96e4d90a22e7212bb2728bcd0864f9a6d034a2094676caa72f2a9b67d05f170ef9388c28a10b9c88614ace29afc0fb307f899e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
9606a1bb89b36e0fcf058f46e7c61aa4

SHA1
361c5785b4d9cc77adea71149936501db87a21ca

SHA256
82de201b8c6eea40899fb243e3aabfc78b1f72c556b016bf2806a5dd0f9f7908

SHA512
2a65aae73b82af88783cbca03427c28546daec90ea6c3a40153825b936f0f58bb0bd2099bfabe40a3d96b4990f0534a01f1acfd31e2c5e30fdef0c2ddd072cfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
bedeec075f3d5318a559130e818f353b

SHA1
869ae8f2c597569c93b9c2744906ec3f5763a9f0

SHA256
ed07e5a28002ac201aa36fdcea83c59c8fe81a8a0292cc719de0c474672b4798

SHA512
e1fa2172c931cd5823210dd998248cd13b4b3d706835ee7d3e52f17282132a9af14550552610092fd07607c19dfaa7003e4442ed83646cdf7fa4aa01a0c1f8e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7fcc886f65baba7db84e9b347ff01643

SHA1
e5b2b6848ee932620f6c0a9abec1c4ac4d4f8896

SHA256
f78c044aa4868e45e96b6fa7df12016d2f0844a426e5475d5c2ab11fdba0bb45

SHA512
bc44fc3c9eaf96ea2f0d3bcd6b6dfc78aa05bb8c6a39afd1c4d79a6921004b086c7380a9d223039d340e05d7cc34069d2cfcded38fce90601c3a4622b358e4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
37fde164bab082a020e4542398fe2d9e

SHA1
ffc674a71fa5caaf6bacb25de7ace1cd574a3451

SHA256
4bf4dcc99f473e0c35753cc41e25274920963e788c766b1081c1de4035e77a2a

SHA512
1628ca873601ff2c375e677d4967b6a38e06f389432deca0f00e41665a3d5d53e677c8b336e046a7d2de0dfb8888539eca35458560069de3a9acc5626b92b023

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c5ec65ee0a91d955e527ede9fab261cb

SHA1
c9ecf1b3ff56da7359138f03ca89da514509f7d6

SHA256
0e83463349f204a541c9c9b0b9a0b169ef43f9337a763f921b1617fdb6c232cd

SHA512
62f815fd33ff04903e53490dad1973c15f5933e355c53ec669805cfd0e0bebe1b7f3615c14efa78a3fd5166c0fb4db55f9ede164a1b6de51b05685f5b814748c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\11e15bab-8b35-499c-a1fb-3de8750724fe

Filesize
659B

MD5
a65bea0902782f47ea341b8c0170e70e

SHA1
67c2331e1299973c4d694c9c925fde2f592011e3

SHA256
f6f49b9ad22a8b21a48e5fb1af41d81b49c3fee243c925b89556d976ca2774e0

SHA512
af15903b27c2589aef5d261d2f494d50fcc6a6059be7b926eb9d4a97c3615bfc2fb5b3c7e9d91087f7ea66ae6f491880df0a17be4ae28d304fe061f2ae389748

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\2432efa9-8297-4f35-8465-f05b98400e4f

Filesize
905B

MD5
5e48a2c91f3aa84ff0cfa435a9e858ba

SHA1
300f986f6b207b06fc1ffc60d41119ec136a2fa6

SHA256
a23c1ff317ef5461f5d235cc30b0da37eee9a2122e560ea35325f52ae00366e5

SHA512
ffd5f8bd1d5006d7e067745ff26f82b2fbef99935631dc586c923ddf12f7da5513644cd8878c0bc5e6a80c70503288069b0fd9ce22f862759ea8de25febcd040

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\4489b815-a6ce-433c-9fb9-3a8f3bdbbb9c

Filesize
26KB

MD5
899d8de133c348fb7487dd132a489fc2

SHA1
97848109d0de659466eeab81fbbb12ccfe39c7a1

SHA256
cff5cc285c770df6e019791f0aa30a78c546cc050309b3f23a83c7a537b2875f

SHA512
8d70620f6f4393ab7aad5694111cb888206f730cd5aa10806974708a557773db9add34de3d6c73e47725dd6d209bd70356fa38a1978365a89afe42c05ca1910b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\77594c65-d0e3-43eb-8b58-310823912993

Filesize
982B

MD5
441f4edc635c99e1c041ef19a17f1f27

SHA1
f6ccf6a42e497ec809dfc86855dfa18ccc695891

SHA256
62735c1a52847e2c40fbda8465288b1b99cd8e05821dff68c3b5af7d4e7a8a22

SHA512
d6d549628b661e27642de6a77e12cff1586be5031a12d3dd256390b9eaaa63134bbde27824cbed36ad1804a315e19b6e9b9962b5038535c9485e3e959847587b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\87aaab33-8b43-44f5-b601-3b10f764116a

Filesize
671B

MD5
48d589e85c36ff0569cb91dc4a01a34e

SHA1
28cca6110391895b135996d197a61b73e56f2662

SHA256
93058938b95dbcaeeffae59592cbdc1deed871803fe72c0f1d8a04f94b98d37c

SHA512
eced03c17cb1e575a5c02e8c7223f8529dd1f2b9579b6aa314be2484b7c787cefc88eb779e837b51da20959938affcfb32796c90ca4d8a64c50e585e9c9d15aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
2406dbda989fa0b5c44e03bc3484754e

SHA1
2f4b088cd7d03aa30b00f8f8c04c93b73b92ccf4

SHA256
f85fc28fef443a96222a7d7ef9b4aa08c3ae30c8e9ecf084d34a36919a4902d6

SHA512
5da30ebb96977ab21eb770ea79471b020992eeda901455cf3d399d7022955678ff671341344adecfa810aee78e142bc059ae264679c832c46baef88134f4bd56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
ba7c631e28f8ef5fb768984f202f2eae

SHA1
25160c0fbc247fdac87d1be6b80f157532784f0a

SHA256
f2084d002fa1eaa1626285c71b1fd557e47cfd6e29e2c892ea014b1a9d3f1d97

SHA512
a743ec4c5c683a0f02fcc6922579c1597f99f2088fb3624d7986915007d03a8c096c33dc499b5c6e70f40a75c011476486e5c04d6dd66935c32c3589bda8ca0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
5372b0678bfc7ffdcc6526f3e9da37e9

SHA1
f905679e58b040e27e277370ec357ef819b7a478

SHA256
e691317220e6c003b03ca9596b9469b08b69ad070e131ca92155ed914161c5d1

SHA512
013fea6f37a8b8edca12dd0baa5e48b3895cbb8a054eb78dc7ca90a08bb8be79413b8a6f9ebb308d1c05c21a794b5544a3e8d4f256797837ef0ab84fd1b75cb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
3fc6fdaff40a073de455e8e623c43b62

SHA1
897f01003ad0c722b662c689e6ce37c023be7399

SHA256
284fdea4e3e990f659bc8527eb874413983acce01179f0e77eadb62f4877a7a6

SHA512
e7e84861c8ee6392ec204eb00cb7e119c2984d4348ba42dd19bb703099a86da82e96d912b56d3c36403558e4230ae4ead4ef38edb6a4eee00459b731a474cc73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
daedad3e16aaaea3e40a8868cfde2db2

SHA1
c7234d2eac4dffe89f9950c2034961cc99600675

SHA256
5ab9448d7dc8c0a1a099a673545bd60e354fa54bc48d01bf2868315a29e4cb94

SHA512
e12639e4dbd872ed5a5cf59611e699b0263a7cc802f552ea37a59929669028ff0547cd7d8a62edcf8b66bb2622228ed215f0fb42a4d5d31cf7829e44c38c09b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
23847cd3ab407901702c07eb11b2a493

SHA1
b4328571d56bfe172210d758dbec7854a0830093

SHA256
111247c1c350218b10afa9827e09f6fb949f05ea0c2c1800756086a2a0f8ddb2

SHA512
55abd150578d5775a6bd5bda9fe023648f050105fbe1aa20f989e99d463bf6cbb824a4340ea9c3d667530206aa66c940e15ecd06a4a134fcce8310d3fb0d9e21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
6439ebd00d707eca3df06b745f452c4b

SHA1
6cd96bd6180f48c0cf2ffcf4a0e0bd5f9e410189

SHA256
26b345c148a287c0a0c0150df59008f78b510b2d718941dea3fd7d0a850dc57f

SHA512
091035bfb28b85bd543bfe09d474bd12e91a32219352c549751babf5427f6773845aaad6bedbd0f4ce0e1b996efb0a87b154b2951fe68aa4dbc517557386e95c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json

Filesize
228B

MD5
66bdbb6de2094027600e5df8fbbf28f4

SHA1
ce033f719ebce89ac8e5c6f0c9fed58c52eca985

SHA256
df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc

SHA512
18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
a88aa283f9bb9a93ec925bbf4da24d50

SHA1
75494998931126b52a8dddf6e8eb007e794df06c

SHA256
ab2eb1c6120089cf0b2132cc8f669a57c9d2db4dbc60491690d3da6454a18c6a

SHA512
a479641eeacc24f1abac7fef59ba507c20ac4ce41cf487827ee3f7520073b0cbe901f7a7810373bf6d0912f8cf9761a93ce476513ecdd2a81b0979e9b4ee6a5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
cc2448ecd26423e8016d2ef11cccb774

SHA1
91d242bafcc39bacd9e3d80e9330a4ff423f44a6

SHA256
1a892bf28bbacb9014fcac2b674071562ea8029bc79d77c50f3af782dabedb03

SHA512
30f38ee2ac3b2e2c6ca302d368ed4a5921c9db9f1c5f694c79e46a4b28d78f39676dfaa18f67a022bd2ed1d2698c17db09702e767b6415ccf03aa1e106543966

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.youtube.com\cache\morgue\38\{1ebf36e8-ce53-4e29-a9f5-0a12600dfa26}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\https+++www.youtube.com\idb\3567987672PCe7r%sCi7s%tfedn5t2E.sqlite

Filesize
48KB

MD5
8f78668d710a944dbffe979e0fdfc0d8

SHA1
83b51ee0c530f554f59dabc96a853ea59c010f98

SHA256
94ace63d90d64931919de9dfe104f4aa09864f8aea4230541007790478ef7fa9

SHA512
0fccc090261eb5d213a23783a1a990b5a772f5bbbe811171a1d38db3bf2fb5a0eba04be4acbe5680796dadc2eb9bb09fc0b6c4cbc5dac43e408cf884ea583dcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
8744bac5dcd7621eb0338eb35a708daf

SHA1
2669b919cbe34015dd84e69e646a9ad689ffaf28

SHA256
f138610f5e57479615de16751bfc8e07ccb4abdeea70c8ddcc0aa3cbaa5311bd

SHA512
99e1d0a4209c92fbc8f188e2e400f6eb6c172009f515e3701ee8c769d8393aaae99f1f9270fa67086eed9eaae056711902885b826b0d17ccd17d0e590bffdeef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
a706214e5058265313c10e25cbe3cfca

SHA1
b526b2c095b7fb2b09248db673aa356bbb3bad9c

SHA256
3b50670ddf50d0ee9bc81e7415bb7038fe641f4fe6b7d9e38b18c7f1dd991535

SHA512
fd253e691fef8856fbd31546c9427af14434cd0659af43dfd66fca4567d6d05d53a1ee1c8c95939164ed4a4c9490bda94be3e92258c8d59fe5b78285c12df9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
c9d88721fd3fee5e2ceffb4be607ab29

SHA1
7e8747f87e074b3e9a49e351a9b0f82755a44a47

SHA256
82731abd4e5a2afccf4f2e107cba98c2b1f326f0c868983322c6e6f3bf855c73

SHA512
43c0d19478fdab146900d578bc1932d83f35d46241e831dabce99a2e57e1afc4184e826abeafc3ac0dafcc9490f759394c4f7ba159eef6f7d4d5a54059bc6478

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\clean-stack\is-9KG3B.tmp

Filesize
1KB

MD5
915042b5df33c31a6db2b37eadaa00e3

SHA1
5aaf48196ddd4d007a3067aa7f30303ca8e4b29c

SHA256
48da2f39e100d4085767e94966b43f4fa95ff6a0698fba57ed460914e35f94a0

SHA512
9c8b2def76ae5ffe4d636166bf9635d7abd69cdac4bf819a2145f7969646d39ae95c96364bc117f9fa544b98518c294233455d4f665af430c75d70798dd4ab13

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\fs-minipass\is-3AGSA.tmp

Filesize
765B

MD5
82703a69f6d7411dde679954c2fd9dca

SHA1
bb408e929caeb1731945b2ba54bc337edb87cc66

SHA256
4ec3d4c66cd87f5c8d8ad911b10f99bf27cb00cdfcff82621956e379186b016b

SHA512
3fa748e59fb3af0c5293530844faa9606d9271836489d2c8013417779d10cc180187f5e670477f9ec77d341e0ef64eab7dcfb876c6390f027bc6f869a12d0f46

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\minimist\is-NVAJ8.tmp

Filesize
1KB

MD5
aea1cde69645f4b99be4ff7ca9abcce1

SHA1
b2e68ce937c1f851926f7e10280cc93221d4f53c

SHA256
435a6722c786b0a56fbe7387028f1d9d3f3a2d0fb615bb8fee118727c3f59b7b

SHA512
518113037ee03540caae63058a98525f9a4a67425bd8c3596f697bed5ae1d2053fe76f76b85a4eefb80cc519f7b03d368cf4b445288c4ca7cacb5e7523f33962

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\npmlog\is-TULI6.tmp

Filesize
798B

MD5
c637d431ac5faadb34aff5fbd6985239

SHA1
0e28fd386ce58d4a8fcbf3561ddaacd630bc9181

SHA256
27d998b503b18cdb16c49e93da04069a99ba8a1d7e18d67146de8e242f9a6d21

SHA512
a4b744c1d494fcc55cd223c8b7b0ad53f3637aac05fe5c9a2be41c5f5e117610c75a323c7745dfeae0db4126f169c2b7b88649412b6044ba4a94e9a4d8d62535

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\p-map\is-LBHN6.tmp

Filesize
1KB

MD5
d5f2a6dd0192dcc7c833e50bb9017337

SHA1
80674912e3033be358331910ba27d5812369c2fc

SHA256
5c932d88256b4ab958f64a856fa48e8bd1f55bc1d96b8149c65689e0c61789d3

SHA512
d1f336ff272bc6b96dc9a04a7d0ef8f02936dd594f514060340478ee575fe01d55fc7a174df5814a4faf72c8462b012998eca7bb898e3f9a3e87205fb9135af2

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\sqlite3\build\Release\node_sqlite3.node

Filesize
1.8MB

MD5
66a65322c9d362a23cf3d3f7735d5430

SHA1
ed59f3e4b0b16b759b866ef7293d26a1512b952e

SHA256
f806f89dc41dde00ca7124dc1e649bdc9b08ff2eff5c891b764f3e5aefa9548c

SHA512
0a44d12852fc4c74658a49f886c4bc7c715c48a7cb5a3dcf40c9f1d305ca991dd2c2cb3d0b5fd070b307a8f331938c5213188cbb2d27d47737cc1c4f34a1ea21

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\ssri\is-DOIHR.tmp

Filesize
755B

MD5
5324d196a847002a5d476185a59cf238

SHA1
dfe418dc288edb0a4bb66af2ad88bd838c55e136

SHA256
720836c9bdad386485a492ab41fe08007ecf85ca278ddd8f9333494dcac4949d

SHA512
1b4187c58bebb6378f8a04300da6f4d1f12f6fbe9a1ab7ceda8a4752e263f282daebcac1379fa0675dd78ec86fffb127dba6469f303570b9f21860454df2203f

Download Submit
C:\Users\Admin\Documents\fa97967324e50a31\node_modules\tar-fs\is-CN8OK.tmp

Filesize
1KB

MD5
9befe7026bf915886cd566a98117c80e

SHA1
a95ab3a4b0e4bd978897f09b3b430a449da20a08

SHA256
3fe8d55a98dbf260eace67c00cf9bc53edb46234e840098a0b93df3096b97fb6

SHA512
b52ba143042812d6dd1031a12946afddb6e8f8ebbc7169c59c138d16aafc5e261aae92fe6b1ea94a3d80e39d2415c4b219710ef46939a2df135db24a0cf712fb

Download Submit
memory/3556-2441-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3556-12-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3556-10-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3684-13-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/3684-7-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/3792-15-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3792-0-0x0000000000400000-0x00000000004C1000-memory.dmp

Filesize
772KB

Download
memory/3792-2-0x0000000000401000-0x00000000004A9000-memory.dmp

Filesize
672KB

Download
memory/3796-2437-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download
memory/3796-20-0x0000000000400000-0x00000000006F4000-memory.dmp

Filesize
3.0MB

Download