fc15f8255fc7c7badfa568e71a7d60d583594d09e2c85737774437472b6bc8f9

Analysis

max time kernel
993s
max time network
444s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10-07-2024 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

final.rar
Size

8.4MB
MD5

81ed04678ee2b51b798724c42ce69e10
SHA1

d6593651d3e8c5fc6806d224fcb133d3b0137b27
SHA256

fc15f8255fc7c7badfa568e71a7d60d583594d09e2c85737774437472b6bc8f9
SHA512

2b096194826272b62256658bd9410c969627e4022fb08e7a4842fd43b5c00da1fd88b846e00701037297fb510f75b88aea8e52c23e7908f69fe50ee176796352
SSDEEP

196608:gD8qpk8Ndpa5c4K+rJq0nVIFAaFIijgoBKjdDFfHwCwt/z1g1/1:gQxQ6Kn+HVIyaO0gnpD57wtM/1

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

Processes:

chrome.exesetup.exesetup.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651195607581116"	chrome.exe

Modifies registry class 4 IoCs

Processes:

firefox.exefirefox.execmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3866437728-1832012455-4133739663-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3866437728-1832012455-4133739663-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3866437728-1832012455-4133739663-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3866437728-1832012455-4133739663-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

5128 chrome.exe
5128 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3132 OpenWith.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

5128 chrome.exe
5128 chrome.exe
5128 chrome.exe
5128 chrome.exe

pid	process
5128	chrome.exe
5128	chrome.exe

pid	process
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeDebugPrivilege	4140	firefox.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe
Token: SeCreatePagefilePrivilege	5128	chrome.exe
Token: SeShutdownPrivilege	5128	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exechrome.exefirefox.exe

pid	process
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

firefox.exechrome.exe

pid	process
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe
5128	chrome.exe

Suspicious use of SetWindowsHookEx 34 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exeMiniSearchHost.exe

pid	process
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4140	firefox.exe
4828	firefox.exe
5532	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3132 wrote to memory of 2480	3132	OpenWith.exe	firefox.exe
PID 3132 wrote to memory of 2480	3132	OpenWith.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 2480 wrote to memory of 4140	2480	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 2108	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 3596	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 3596	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 3596	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 3596	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 3596	4140	firefox.exe	firefox.exe
PID 4140 wrote to memory of 3596	4140	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\final.rar
1⤵
- Modifies registry class
PID:1460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\final.rar"
2⤵
- Suspicious use of WriteProcessMemory
PID:2480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\final.rar
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1912 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1836 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {641a3cbb-894e-4655-b1c6-2786d4f68114} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" gpu
4⤵
PID:2108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5fc1f0-04ed-492a-abcb-627c7cbe343a} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" socket
4⤵
- Checks processor information in registry
PID:3596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2932 -prefsLen 26812 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e98a172-ee55-4873-ab22-bb5afd55297b} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:5032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3560 -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3664 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17de1982-01ca-401c-ba10-d861ae6be657} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:3424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4528 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4440 -prefMapHandle 4520 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1f9caf6-b21d-4046-a47a-101dc345c5e9} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" utility
4⤵
- Checks processor information in registry
PID:2388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 3 -isForBrowser -prefsHandle 5616 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4237c03-a530-4910-a144-2055f774edee} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:5772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 4 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c46b395-9d49-49a8-9acf-96107baf7403} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:5784

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -childID 5 -isForBrowser -prefsHandle 5988 -prefMapHandle 5996 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88fb66c8-857d-48c5-8a34-7c471208d65b} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:5796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 6 -isForBrowser -prefsHandle 5364 -prefMapHandle 5316 -prefsLen 30106 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8950667-d0e6-4764-9aa8-0ac5cd944102} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:2764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6520 -childID 7 -isForBrowser -prefsHandle 6500 -prefMapHandle 6512 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e019bcf-0606-4c34-b2aa-bb854421a5d8} 4140 "\\.\pipe\gecko-crash-server-pipe.4140" tab
4⤵
PID:5936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\final.rar"
1⤵
PID:6140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\final.rar
2⤵
- Checks processor information in registry
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf1abcc40,0x7ffaf1abcc4c,0x7ffaf1abcc58
2⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:5748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1792,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2084 /prefetch:3
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1728 /prefetch:8
2⤵
PID:5808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3580 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
PID:6084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4832 /prefetch:8
2⤵
PID:6072

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
- Drops file in Windows directory
PID:5220

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff62dd34698,0x7ff62dd346a4,0x7ff62dd346b0
3⤵
- Drops file in Windows directory
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,8826664029669577155,15790778995802919214,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:1220

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\final.rar"
1⤵
PID:4084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\final.rar
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1872 -parentBuildID 20240401114208 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 24528 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f3dff88-8cd5-4bee-a74f-856a475dcb5f} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" gpu
3⤵
PID:3052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2208 -parentBuildID 20240401114208 -prefsHandle 2200 -prefMapHandle 2196 -prefsLen 24528 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a34d91d8-7dbc-4c6c-8d8b-89a4608e21b6} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" socket
3⤵
- Checks processor information in registry
PID:5564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3056 -prefsLen 25911 -prefMapSize 245025 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {915b2340-5115-439b-885c-b24182e77348} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
3⤵
PID:4644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 2532 -prefMapHandle 2608 -prefsLen 30260 -prefMapSize 245025 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {168c5b23-d3cd-4d93-a55e-023ebd938a2d} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
3⤵
PID:5464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4264 -prefMapHandle 4260 -prefsLen 30260 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e5a3b5f-a690-4421-8f2b-59943681d493} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" utility
3⤵
- Checks processor information in registry
PID:1708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4860 -childID 3 -isForBrowser -prefsHandle 5628 -prefMapHandle 5624 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b88e43-7972-4d43-8314-8ad7df94595d} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
3⤵
PID:4984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 4 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c38bbe25-4e85-4c1a-9bd6-5f9d6e60445f} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
3⤵
PID:1220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1020 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {358a224d-7e06-4b05-8f20-91d5c33c4c6a} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
3⤵
PID:5748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\final.rar"
1⤵
PID:5656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\final.rar
2⤵
- Checks processor information in registry
PID:828

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c4074cf654904ad5e087210167f1b711

SHA1
7ff9b239d9362b38332cca17b9c3a58aae4bc84c

SHA256
7d8d07dea4841638a92095b1bee6bd121730ebb78edfa0684a4a3f8610ad5f31

SHA512
4366e5528021b1bc8c8129718cccdc14c23ef60282ab20f7adfad919120177bb276182df805e31a62c3b4bed223efa22dc901b3b1b59def7d2da23c32175e8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
daaa44c1d4b2358188b232e4f0aa7a17

SHA1
7d042672babf7d31d3d72b300d3d915d52c262a1

SHA256
a057f316273b2149e7777e67f828ed97b131184213ffb37ce8344156b7f1b238

SHA512
fba37630528e25ab613349d6e4010742c171c65e0e6e96348b4f9abb1ac82eec96bac881c438fbd9812c79fa8a9ea4aead4f78333b1cb33eb3594f9dacbb2729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
12d8adad1eecc2f0001669cf5d48bf38

SHA1
b1ee4881b7181055fdcb2ef4aa1b81ecb659ea13

SHA256
6f7c3b9036aac3f0e8333dd3587776dc01ec1fa1cce40ca2b19ab7ce008c8784

SHA512
ba89b9bad22382f53086976bdaa18c12bcb794ec5266083413087ae5cd1870aebb1b8fca49ccb841b305d7e0b9ba7e58e839b8996237d6fe25bbf05f6f58383f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b4a486fdd14bc8192a185145204052bc

SHA1
ef8c5102075c185b4324f9254dfc79f1638d1475

SHA256
747efd2914f597b493869ca235880a69a4db1e45c6c77402417d68d53f66c4bb

SHA512
9b0aa8fdb22889c05d2140a6e2aa803587a9f6008aeabf8a635a983ab965be058b4e2797168468607e3d4685c2452b8fb032288e42bafb1c825a3280ec224ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6b69709467c202eb155ebcc9e0fcac91

SHA1
b318f96ecc905c92e12fb6c5ecc64297fbdb31d8

SHA256
d7a1d3934b75b6208f0a7c9006045a12b13db4492c2bd74dff4ea5426a7b5d2e

SHA512
db030694d0b55362882c361f9ff459096e9ba7fa2359b9b7b202d96e73e9280ace7152346f7d8b18779714dde14bed54f90e48524378c99192955b465361491c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
735cdd9f231e1818dd52a3959ab7d2f1

SHA1
0aba42e183c1443426283d893c9957012787a7bf

SHA256
fc40a4d0716b61cc33eec1d851768ba73386cbb398535c8a35f0d3bae44e2955

SHA512
ee6eb9e2a914733481d5ea27f9b844092d20fdd79b884b38f31af1c077e66558e57821bf7f773d90ea979b22e47ef57b97114ded327104e76f5718fe21aa4495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
751e7700fe41f9ebef3c90bab8782ea4

SHA1
4b0d8a7f4bdca0306e7996bdf33816bee3d8c850

SHA256
e0d49a7800ff948b80e7794a9497c2b3c40834c74b258e6db93e19bdf8478e6c

SHA512
179abb6d69ad2931f489018579a6b2b10229071d0eea47eb7898ebf0b2b84fbac63082c674f95015ac8688b876e638986ddbb3d359ee108ee4e90a05ee3cc5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcedc2973df1901c70912afa41bf67e5

SHA1
ca880a6ad59844c84d6fb8b4d0c49667ef092687

SHA256
66a190fffa147b0b0e23ffbd63c6949962ad665cf7bfc72fbcfacf142ea7fb0a

SHA512
7bf7d43dff2b52e4a401c6f0ec436edd7dd4c79154072a8ba740032a5554cfc53d2fd9485c809351147db57ad7ff879b94e6d9a3631fe4ee83ca91387cc8ba2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce3b9686af4c5c65c3e8fe57b3020951

SHA1
0324e9f79a048318ecc0ed8ca37916ebe1fb63b7

SHA256
45c4db9dcb8e66ce512f5f00c384aa010fd8fbe09efb4c16d21a1cb08102738f

SHA512
037cd75cea324d0370548a4e7cee8aec8dad6339cbe0ba67e4bd57470a6fbfdd4433904c389fba050d7573ace1cda55599e9d782c97c9423f9ec00b19032845e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
313439a73fd4f7e776f46321ed465387

SHA1
1fcb00ab10188c14642f1975e424008d870ca328

SHA256
811178c21a9cbfcfe34f952cc52b290906c4643628b8eb4c376627f7a7106704

SHA512
2a5a83ffa5a596eb8c1f87463ad807d11dc34d04dd18b7790f349ab834099cc1616a3a1c44448a626ee1db45ac6e45246b91efb34dd1d8f03cae89396d9029c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
2013a1dea06cf56e63d6a26f620c3048

SHA1
f6f9e231631c3dbdaf64e67811653541fd3f7a7d

SHA256
e5946434a9c1167ff4dca49c1c22be168d78947fade6536404b2226278aa36a9

SHA512
0ddd9d16819aad68907bb4148ff4d93b302cdefb2ab3cfe0e89769e0cf236469e5e99d505ad2de6903d005200cdb66b9140a8525f79c9f27a9654ab0270e51c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
2fd37d437cbaea386cdaae6b1daa0859

SHA1
952590f93c97c87aaf524d33daa362b4c9e6c3b4

SHA256
482ea8dbc7f530d7ea1942656f2183b323759b4cfb9a5e98930ca04a4aacd885

SHA512
2ddb26c729afc4742dc9f544f36ccf28dd458640eb1c0454839c0153f09b18d2f7b1c8f95ffb60d69cb7095b5c52b286709bfffb05e52dde1a07ff47831241fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ab3ca31bcfbfce45a7f4b19746b869e8

SHA1
333b853c1d0c0b6350b14147d37cc2f3ce17c2d9

SHA256
ccd6542855cfd2e2caf366b3cef0bef111f77228018faaeefa25f3c24cd4640e

SHA512
0e01ee07bf36ff077efc189107883d8f9a01382b052583bfe9bd2f89afd9a73289e84522b82cd92aee2468cc6c5387801b554cb2ffa923c299a72aca808ecd90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e7497cf3-01a2-40fe-abb9-6c2bf5a4aca1.tmp

Filesize
92KB

MD5
1b58b4843c7cadce0572a311a3bc7ab2

SHA1
39804f0017ea2dbd32a4451c93d81f9b9f298f15

SHA256
61649b9998fc08e200a2c3c337e0872aa5afe1eecf0507c9f7ce7add23349ef6

SHA512
bc14b811f4bf0a250dae12504f0bebf7389d4230db11ee048c7946774c1e36d22fca210ead9731e0eae178f9cf7ee727a308e8093cd953065d2cab305d36893b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
675e3b99cf74e43fbdc5262923309d63

SHA1
2c519836b59ffeeea387a8ef8e7d7e526e5fec01

SHA256
8c68acd2ec4887a3736a1372457da1983f364982f9913e532e1a516b44e03dba

SHA512
848de5d25fc86529098115f377b8b2ed8007984c543f440719e26ac214151a2f326b96a0ad440f397eedd9d642d61d0a1300cfc0d86eac5a8a57de67c920478c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
8e2ecea8bef9cae32d3b27b065848b50

SHA1
65407c4abe299fe9416b371af147b0c1e254305a

SHA256
4fc6277caf0a9881346c80eab46c44dc3d3493a1c7492c256426ed9ca70ee957

SHA512
0a5c54f16e53de20e9729ad4fc59adc578e2186c2c4073e8d48ba76af674f4f1f2258463bf5a92abf74533bd7c244f615d11942442b0b700844ccffed4774e08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
addb7ec67de0cd5613a289dbb2f5e174

SHA1
93c4a7085251ae267e57dc9a7b26437c4b737b26

SHA256
8b0229a0409cab677906acaf06a1d6c32edeb074fa3c9bd7b29f8009a2a4c2cd

SHA512
fc44895da1d6e1a00ff99e992ac51257077470b5cecb0ace64c78dbf2ea3fd0b96fdd08fb8162ff6b377f54921bbc4db06aa9bc755b191c8dbf9b10ace173570

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
0d636ae361e689adfefddb717e741737

SHA1
3d1aee3ea07678e849bcd312da9abb185dc10d04

SHA256
fa8b38f53a4549fd2f1f126ccdee3dce72698359c39f28e5ab390ce59f9d1eb0

SHA512
4dac994fe4163d52690e59c18d7f1d713cffad9c115c86c2eade6aab995f05feb802c3b88c2e2271cd79502bd78c732ec5721564702ffd8d7b1c1e53bc75025d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
030f3583e3bf633462ab9cf93964cdee

SHA1
cfc6f9390b97ef8a937b9d7e8f42d36d81d57dcc

SHA256
0dda7ff9159846d29b157d2470789e8fed2272d02dd27cd9c2c15971627f3239

SHA512
355608c404d1f497921e93a7ecc3a387a7ccdd3db2aec3f2d64abdcf0784400f4c69b0100ac0b65e4e52d5d5f404d84b0cfdcbe0f20c6a800454428be8c7a364

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
133KB

MD5
bb93c82a7345a6abb2901471ceedb6cb

SHA1
7d9f72452843a626c768da878944c2cecedeb604

SHA256
f75a274c433ec73a9c0540a8b9fcea3a0a865513f62292156c0251dcfddd6816

SHA512
a3fda7646a712a5d2043ab07073204bcfc33e6b86b4aa25264a074468e0ffafe80f223a8e80f80e8bd304dc07db733b80679bf370abefcf064bd6f80c698cd88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\startupCache\scriptCache-child.bin

Filesize
479KB

MD5
0855c7d08fec744aecdba12f3d841475

SHA1
ccbb699f95e0facee98ba71f59b8a654111df21a

SHA256
2a7474f3e141c135ae792c015f8a9fbd8313ab53ac8c69f3bac65ab8f945adf5

SHA512
c6ac5080a555adfcab4f09b0a011095d190ffe27af60c22520b075a8cc8d20ba26df76927aae1ad1e2159f4cdcdf05df4514aa8dfc49223970084141a3f81091

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
94b0b4eb58f94b1ebcdb7e0a87a0b953

SHA1
f38c0f2f55ff26e5bf22e9d83d19d53075201f45

SHA256
8339fe9b17fd2877ad14e9c2789a8c5a7c4854fd982cae24cc0f05ed956e45b5

SHA512
d904e0094e000d032cfa417b5cdd1acf6ab9e8864f569903ccc2b3594c1263899d8d94d0fa85312e2bf02ec92f32bf9eaf3593f273c7931e299ed8174d88772b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
266d2b011cd8284a932a26e188a73349

SHA1
5c2a0d95701665c2efdfc936f3ec7c84f264283f

SHA256
6a3aa5b2b663cb0f9655b62a046ce7ee8c54fd734a9d0d7adb9fb166b8164b60

SHA512
bc1604f1dcc6a037eee7237fe36e94b76985a792d4db047e393cfddfc20c0825625ab6ea9a3b59cdff666f5d566e5ae29203529f7b22e7ce9617a5b3d7fbeba9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t4hat1k8.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
2b499b05ec289558b4f9dba0e2840cc7

SHA1
1044fb1b386fae8a4d915a990e9588bce910d589

SHA256
b35e67dfb42c11e929d784f28cdca2dc78d2591d4c2f2c062e99e1c73ae0608f

SHA512
3ff261f64f12afe658b8ce0bc62322b29cdb39c87c163648ab9ac6723f62ee383142191db474f7f463066014c324f7a132e8b6d89ae1373e78f012e72cea465f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\AlternateServices.bin

Filesize
12KB

MD5
7bd7df497a06b53c3d040e699b7fd14c

SHA1
4e3b54b22f28a1f5cbbdbbab23153afafdb7e09f

SHA256
ca085ab707b441387c9cf4a968460ef551e26aa1363c0a84144b66c535b8f94e

SHA512
e00b91f8963a3704cc053af35ecb9b74e15a30a88bbdb4a9b1f26488d145cce4a57688cbb2249e0cdb9eb5b570886fd005e318bd6938fb7425f296b04e88c83d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\AlternateServices.bin

Filesize
8KB

MD5
38aed15390493c49eb69948c39fee697

SHA1
cca7ee7ff316282626738e2414c0478ebbfd66e8

SHA256
08c2178ba6965cecd586412d876a5316a274a43c53ed95de20e12169aabaa08d

SHA512
af29ab58c911a5dd113f11779a23c929cbb8ae8347b7766ee68fe8bbeeee0683c02e1fa43c86dd6cc25235434f168ce8172b97eb93f54614381c863ced17469a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
94d7bba2fdf7ab8177a81c2b707e40c3

SHA1
6b1efe4beb5821134937f47eb8c72bfb293b2097

SHA256
0215cac3fafd4dfe66a8461e06f9a6c58617cea9965cc0fe7058ca38e0064b12

SHA512
4ccd894e17e1225b225f36f51506ecd2559170a1486a94170b947ba7ebe05b89182cf0943e69f028881d6f7d7120f30f14355378bf30eda7a5443e9204574275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\cert9.db

Filesize
224KB

MD5
b6f73a961c94893d18196c9697f83b38

SHA1
d58f247969b13aeb818079172f41a33a98d02d1c

SHA256
e031eb86a44d6a0bbb4f86b569e54cea4a5301d6f6d7fc7228310af563da8e8f

SHA512
1bf1450c417d92d4f9e027f071ec9d331f831e482cd4c42fc3d32ea457a2491d24339113512b7f531ae11a38a8142759b495f2f4ea924bbb14a0d3ec60973156

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\cookies.sqlite

Filesize
512KB

MD5
2e8185faa7d415c16c137106b5eb1de5

SHA1
933a2c5af5a695ab6b65c346097fd2fbf311edcf

SHA256
afc15a77f0fc88a4e324345f7b6604ce5e38668b3309c1d5e0faa595cfeed4b0

SHA512
5eec9bf97bac690a058501e18014c93260bc8741d156a0ea7681034f4f225cbebf4bd3b04f8c8847fbd926561e3f4a6bdc84ca5c4e63f3591cb0c250ec951e90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.bin

Filesize
33KB

MD5
64bcaad4299ee87e4b0c3ebad1dfda76

SHA1
4c75a87b6d5be288266a47d278e772127c571a53

SHA256
bd1ae4313f2505b20ffe1b47963312d19ff9740061159dc72f54761076ba6d34

SHA512
87812276a0f5a4380abbfd919da3b1757da58f8c2ff6600b931b12bffa62107bafeb1ff30396755e162265420cbe21887320cd6beed201773413de8d3d375e16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
faed6e38075ae4e29876a97f36b128c2

SHA1
f1af73bd4de6f5162363e8ecbe5309dacb05f5a2

SHA256
b2db2179ee5171b88107f346e927e2611ede3f8e45e94ecc0757f7534552194e

SHA512
0b796923357d7c419016916ae5ed2aa14be671029e99bf991760c24c3c151d21d529a5c5a5e7f2e68ee6ea829f11dc63367c4a4d9adfb6d24629652dcce471ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
32KB

MD5
1f2dce1a579a75b4917fb4da80caec3d

SHA1
862e84898432d78ae646191ebc68d0ac746ed58b

SHA256
4a90e3dd33c32ddebf554e3ef4d04da1ac2c5c4b8cb292c2c5a1fc96133397ab

SHA512
5b0fa1ff835fba533150c5ba73d0c845243704568e3404de0a35f247c0830158744ed4079c00a6ae56b767554326e390e37ece39418bc83d934b90be067b8050

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
54b260350a859a11fbf1bdaf4c8c3974

SHA1
6932a9f521cbc3e5c1a3ff203d42fb221d47e269

SHA256
8ccc40f252a2d101114c5994909b39912ca5202f610c1abef45c0f6bf1d5e27f

SHA512
6d52ef72efff307e21218a2d247ac2f8c7410a946d6f0e3364ff5bdfc55dcef2fa492b78ac943742598fe67e164b54e08a52b45bef5b4203fa09be3d4be4e579

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
f8764169a33b03bb72c27339f038aeb9

SHA1
a64cb878540a259ca5868352a6dcc55d83348ac0

SHA256
fa1a30319dabec2883b511c1b3e23f17721f0f37adbff0ba3b45f4bd18d9a965

SHA512
b846f62bb5425a14554f5e5312c75f9e47e9bc7252705bdd4aaf4f2b3018539c7b43f9b7e897f79d378502a09b42338b7373db1823f89daec3d0768e7381d721

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a34d9b29a9484ab6974633a94725e211

SHA1
5c027f0320f6e817d79daa2c3d4b6cfbe8aa3328

SHA256
f0912310c1a70af24169614e3c9f857c69266424ecc4eea8a77d1bb88b9d4f20

SHA512
0263bd1b428671a747ca8c3232795ee706a269d2a92ae8ada2375315c356501db9f02c965c19f48cfc18f32d3cb8a6204c53d672b9cc0622f17b6355cae1204c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6da21ab99d53ee5363abd8df55ff3a91

SHA1
25c54f9323421178303e1c400400b7d5f20a4cb1

SHA256
a2c93325f78171f2923fa0f0d463a405b2ef5016fae5aafae0275dfc794a9f19

SHA512
d1872d2508173aa270439ab49c1f84f25f7227a946a2acf6d58f14c604cc52d23b33bc9bb71af2907c0e3598673b4e5a198ca8c39fb485ac96cd94c4297ef441

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e8543b4bab2e5d88249c6f09012f3b0e

SHA1
629ce2502e2469fa2c3096a2b15fb268c32ebb14

SHA256
3a02382fd4fc0a790eb61fb278af9f7723ac552f8e78168c6fe9c6dddf7dd55e

SHA512
325756d98be4713751c9d9e7a9adeced56ca3cbaf9f99808778a6909c81c7d23f7d70e117b08d673a849019025cb1a30ba6e85b57fb60aca7e170b5dae6b66a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
8e95fb18f1911a3aaceaafb1a8d34632

SHA1
7bb89c475f455cfb2f987b13cbbc01ff0332a470

SHA256
9a8aa2acdfc6d2fee17b9e5e86af0787c22403fefa4af48e921c8effe0b43038

SHA512
fb41a0061dc31ea27047e236993108be687b48821d8e2676bbdddfa1514cd1105e40086e267e47095b2e8d6c519c131eca37e0a729c9aa00cc1a1ce17af5930d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\events\pageload

Filesize
375B

MD5
6cd4ec3da45b209ed967dc31c73e3def

SHA1
9bd4463fa2efbf4782e7f60006064b28eaa073c1

SHA256
e69fc415ac668a23da967321187513950d4ed21963e8eb7a929acfcb73cec51e

SHA512
16417cf5fae94ccc02621c7ef7e87bdc88e7e3e885827a054fa7cfc0e3e1eaf2e9240c8f4ac4080794b87bf347121b11fd91ed09c0b2c3fe6518055b7ff0dbd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\0cb65677-03c6-4283-aba4-a939b4a09503

Filesize
982B

MD5
5af3c3b7570f362da4bb742f242ec85b

SHA1
7e3eac0061488bca9d20287ba23011aca704fe9e

SHA256
e31f4a3ea50062df823f095ecc9089a1a18a575b2ab1119d85f772ac97419f95

SHA512
cc048044570e5f19e45e92a56d820ef98adbcfb59316d602b8d25604c1ef2a3ded78255baf67b5aac0ae1c704eeb754a54827df0b8cc7eec15c9cd054dcf1c7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\3da59b02-4853-4047-bbaa-298237ad0061

Filesize
764B

MD5
cc12c19900034448cb516fda11374d17

SHA1
8845643e30771684632e7b20789e0fe673644c3b

SHA256
0081e28963038ddb78cccfd79ff8491d5fe01445db2a082c697ae267c1bd2039

SHA512
2cdb5f8741919e7428ba66fb8786afd455586eb022356db4c518b45732dadaf32671ef29c0e6dc48fbad23bf9ee43ad217e75e000e5eb777cd88a8375642dc8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\947b246b-814e-4987-accc-7436da43e551

Filesize
2KB

MD5
d81fe7f93e81fa1bbc053faa62368619

SHA1
aee5ee712656d7dc0e96d975b97e7698c00d08dc

SHA256
f216a015729c5587dae16a7c24840b8c71fbe14a3a14c0351c71634059a7dcc4

SHA512
256cdfaac2fbc9f2e89a9e26d1ad99c4a3d1ff531d623c28afb33088f88df8c975976389efb30141620bfeff6dad7d6462693d726a25624f9988b6188cc2d53b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\b73cc0b0-e10f-48b2-a5c8-5a92dbf1761d

Filesize
671B

MD5
8d9aabf0586ca3ab9296675cf2f06e04

SHA1
58e7d0e653e02a6006e089b4451891298ff65750

SHA256
23e1b8bf4d9ab7cfb3e72774ffaec8119bbaa03518be1b75a2f5b874df1950ea

SHA512
23bf4300497f0fa543d739da01e11f64ab99f6a154fd9fb439e4a435e439b93e9297c2fe4c3919c5f700a3c3c81129243c97ad1b0d89803d92a9ea53ae162821

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\b964b744-3ca1-41d5-bfd5-117dff04de75

Filesize
734B

MD5
81bdfb0e37e2de3ed3f40dda27c08b90

SHA1
1ba7b4fc9a64db0abebab31aaf3b3bc3ba2f1ed3

SHA256
d69f83676b20f4a8f772a8e76eee9f13c7d845b54ffd7b2d11b1736961fbba4e

SHA512
5eb5456f409a542733a89d0aa677ec771f8aed33342c7ed1a6d4ea753195168e9fd1ab0db5a7351c2516014a661d4e001b3a05ccb1cfa9eb6fb5b477083d81a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\d33ce322-b39b-4c41-be92-ce33ecff52f8

Filesize
8KB

MD5
d4810eb2243be780d413197ec82225f2

SHA1
b0389bc3c27f46f5a6bfdf3e125dde1356755d2c

SHA256
cc94d5c5db00b33ac51a9b121ceef76b4458f5f3b2b12a676e808072e69f3e68

SHA512
378a2bf369271a066cbc027802e1a42277ffa2f4bfb2753aa747681abf4340c729c091e866cad787a61d8d799467b75875738759f289c0478407037ad9a4ce8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\datareporting\glean\pending_pings\ef903491-2909-4a9c-9222-5e11091f9b84

Filesize
26KB

MD5
5415996332cec76c9e0ca7a4581e5601

SHA1
54d3fed2d7c89525153287db27f2792f47d2252c

SHA256
033ce12e215383a4a24ef3915aed2a9d83edcdc68d19462a42919bbf8908786c

SHA512
d7a80f6fabf2987d9a20b5d14c2fad5cac18e824a3322edbdd21ad9801ec4cc7de23e6d78942ad222556cb3ae39f3c54a661420431cc94efd596f63b3129eb10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\extensions.json

Filesize
37KB

MD5
f96f12f83c5a3bb81d0094fdf69b22b4

SHA1
f4151972e8fd562dfd6b73d10a0e5ec176390853

SHA256
2a793a11e7cbdf4496e664141307b9f9ea8af05ebef5547cc9818171e6364e70

SHA512
d5f4b542f1d8b648e9eb488bab4b031e77f8efd46d2629d407a01ab8eb8b31a1cdb2479b8c42723e0142a6728a06bb89f20eaaac38a75e328602d8bb195e8c95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\favicons.sqlite

Filesize
5.0MB

MD5
1aad26c06c1b562a6015fd9384126bf9

SHA1
f3f058e48087ec5dfde3f5dc95fbc26a2226e9a7

SHA256
aad3b80c5fc2af0f424db8a4dc998ce9d62b7e13b81d3aacfd3ce26e18478079

SHA512
a74edb00c94b94fa80db720b2534b863ba82876e91e939049007e78178a6f45f9e17fa9a02f9e9775d8ab16c4debe1e0d5368743f3aef709c9d955639196255c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\permissions.sqlite

Filesize
96KB

MD5
e944f9415b17a40abeff51d03593f386

SHA1
0f64f7e8ff63b0b9ddecdc0bc6cd20c9bd4e41bf

SHA256
acc4a67a4db507a11a89382b9ff38109dda62257149b7dc175e922bae8c10f26

SHA512
3b3b6f1e5fb47442c2bd2d7c0533673f5efdd04336476878768fbce01f53ee692f1076063d95fc55d19341b5cd61277ce68338037adf35cade90ce2497509528

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\places.sqlite

Filesize
5.0MB

MD5
f375fde00ca4b65b9720da1d2d9681f3

SHA1
3342d7351e45f08d12f9e0e07a4846533e578520

SHA256
a74cccd9718759c485c5faf666e8300f5612240ee7f278f34e5acabec99b1177

SHA512
25a92db5117e2cd96feec2a7731cb6c154e3ac9c35131207b5426c642ea6c3cf41bbe2d18d59bebbb17f9a5a0852983b0496377477d766a7227d971a1cc3b402

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\prefs-1.js

Filesize
11KB

MD5
628f7e6fae8910a22769299657608675

SHA1
a694b245a8bd346b1a7ea6499793b93749007d08

SHA256
33f61dfa18944d6b2e8ca65788b4c81607fecc93c0664873eb9d7476cb2f509f

SHA512
9538372e64a28d371a7c27228a5d878e71bec0dc06b42203bd2ec45418c6bf58687e3a6d89f6130ce93b87a71854623fbeb5febebf01b6fa33c49ce752ecbf9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\prefs-1.js

Filesize
11KB

MD5
57198ae7c9040056fb306889c3809eae

SHA1
8b45a33efb7a1f2039758547ecbeb04fc60f34c9

SHA256
48331d8dc8006fcbcc193324ffab0e337f21d335b2d4609ae8598347d72a7d32

SHA512
03582011e5cede62970dbf18732f6fbd939d08f1bd4e78a376c4415d800857aec8bb424c9f1a59020e59fcc6baf10984f23235b800d15714577d92f9658e9c59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\prefs-1.js

Filesize
12KB

MD5
923af8500652e3e8a5d974438ff1076b

SHA1
cc14a9a7e69c5aa303c1160e78927397776ac5a2

SHA256
d3a494fc4c80bd3da5eb3f54a72f0fb4b4d580337acf39ac713e633a894fb3ee

SHA512
165dd30c054dfa137edc1149131832cfaf4bbd989d8225aee558ebd7d02576998eeeec06927dbeffae56194e1c02c1eb566b690ad771bb151f1948ebf2f7a2b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\prefs.js

Filesize
12KB

MD5
ba30b4c02383ec217116a47fbd7cdf7f

SHA1
90e903a76df95824ce2304d93b97d4d23692f849

SHA256
0cbd5538e929b8b446c83962b99a1d9eb560572049140dc405b1908811377bc2

SHA512
8771c3097da3852faf057ac743ec9ef865920a774703c431a2dab3d1ee1377a4cfd1635eb86d216c48f53e2febe8249462774634b2253c4fe9b783d9d5d9944a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\prefs.js

Filesize
8KB

MD5
04a6824c4e68bc382850288d401caf99

SHA1
5af41d5b5a8caacefd10ece4033134494cdb1b44

SHA256
f6dc887c18cac5e060f41bf5f7aa6121192ef705867cd54c50610e14c0bc6158

SHA512
ac66b60d561aeb9af30273403694082ff5f43ad7150fe2ebca91aca9d097c4c3e2505e6b0b115955f2c2c6f251e7d7f8ff4ff067e2ee1f75c961bd77eacefdfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionCheckpoints.json

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
1f550fd425a8563b944faffa4f97e7ac

SHA1
0831d80906c4e0461365e1616c825d573a761c14

SHA256
51718d0e3d47a855e2537e4ee13f5ff9358eaa28ee93b3dc82529b14989713de

SHA512
05f5a50502881a6d7fc5ce4054e13f97bfeb19ff713dda956b80c046d935435540e72b1637dc540346cf953f56e1ebe15d3ff76ba11bfa2c1395649e2101be0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c272e85a84d5c97d221d9ac8f65cde71

SHA1
eb22783d1f060ebfb08d7995f8c4d8a5e1c78543

SHA256
0437253c6da781f7604d9a91e4116dac46a6bc3c3b5b18a33d3daebbc4c1ac0a

SHA512
7fee4a343edf695320311f1d0e44f028285efb602e739388001ae0b900892c136e2822faeb0b7a955b9c1731bca8d6ced8892b2096051d016bffc8a60c8a5334

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
1026535b813b26f0bc68d3de2970df5f

SHA1
16b43085e377f82cf354444b54a7f5a58524f135

SHA256
25d3160dde857a0e2ffae31727224793993fa62c396d498a88b7421ca9d954a8

SHA512
a4b6b8f59488bc4f3f7cc7bcad6ffc0bfedfe0301a0a4a0f9ffde8d167b4fcad64f1e37d370da55d8a2f3a758a5f8bbd8415dc44be0ab15719a8740cd4d5380a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
f9be07fd6f0e562cc0321f0970498ffc

SHA1
e8bffaf886335f4243867c01c0f08f53eba0ba25

SHA256
57fd8b8e16d4ad5773e9ffa10bb16a4137182f03cf7573d8a2dedc8e56236041

SHA512
4c9dbf54077db7ff9ae59877376cf7c2d6e95600843b380273ff90d76c752e4a5a6840762d1beebdc6fc4664dced80360218e4cb0e88c51acdcc9ef8e51bef98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\storage.sqlite

Filesize
4KB

MD5
4ddec224884f7110aa5a788034e60f83

SHA1
209d93f40e4b3e4e8b9f5104ddff66c2f0580f30

SHA256
305106fb904672a06293394b4a140df820fe02008df1b32b8b24d297e2361568

SHA512
5d1085264986e4021db9c1b2911c57cf5da9c00b5e11c0bef703e2a389b590d06ce9d6baf7f2e40f4e2f8f446efc273f923789d76cd537c33bdd28589aa7ba5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
0fea1271ed5c7de277e95252ef52ccca

SHA1
3dead2d2fcf7ba481bb360a825e336053f3ebd1e

SHA256
950fdcf46837cfc4010c5170fd7940da5573e485bb2f198ea3394daf98432278

SHA512
698b5bf4c0e1081de8d8490d16c483bcefa747fecd40b9653112892cb821d7d0c3a3555e9f0c1f33080b8ddc34a240455e21b379ea970bbd6c96a8b3c68990e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
552KB

MD5
d013447dd1b897ae5784c7dd45d665da

SHA1
446d0b7e9f5ac511bcd85acec00c38a43620f6c2

SHA256
a81352e66a6ec44182f53bddd35aba3c4fe5510cf3e7c40253814cd90e076e02

SHA512
637f3e52f06e0216e164affee0648bc5c06aa11d674b52f73a2f51ecea272d0665a4ea245d72cb9d1692deffb88b39ff00072469900e85ad7b0a7091f1b23cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t4hat1k8.default-release\xulstore.json

Filesize
217B

MD5
4cbdfc4880bec82d84bce21747789706

SHA1
e11d96dba2f23684d3c47e915103fde230293a23

SHA256
09df9aeebf64843204519e11c0c2d42816576965866bac84aa1b0cb58945a910

SHA512
21ba56a3558b1f2e6dc2c2e6f7589d3d2d8371c924e066da961eed61b8423f520c5d1eb0aec3a00fb0032fa398d3cd3051d2f27976fbe5dc2a18777d8c71b456

Download Submit
C:\Users\Admin\Downloads\KmwrUAu4.rar.part

Filesize
8.4MB

MD5
81ed04678ee2b51b798724c42ce69e10

SHA1
d6593651d3e8c5fc6806d224fcb133d3b0137b27

SHA256
fc15f8255fc7c7badfa568e71a7d60d583594d09e2c85737774437472b6bc8f9

SHA512
2b096194826272b62256658bd9410c969627e4022fb08e7a4842fd43b5c00da1fd88b846e00701037297fb510f75b88aea8e52c23e7908f69fe50ee176796352

Download Submit
\??\pipe\crashpad_5128_COCAIDOQGHTPKZRA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit