36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Resubmissions

13-07-2024 14:14

240713-rj57ratgjm 1

13-07-2024 14:10

240713-rg151swcld 1

13-07-2024 13:51

240713-q58z4atbml 4

13-07-2024 13:19

240713-qkqysascrl 8

Analysis

max time kernel
1798s
max time network
1786s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
13-07-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.vbs
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

8^/10

discovery execution

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 12 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Code.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	Code.exe

Executes dropped EXE 27 IoCs

Processes:

VSCodeUserSetup-x64-1.91.1.exeVSCodeUserSetup-x64-1.91.1.tmpCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.execode-tunnel.exeCode.exeCode.exevsce-sign.exevsce-sign.exevsce-sign.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.execode-tunnel.exe

pid	process
3176	VSCodeUserSetup-x64-1.91.1.exe
1860	VSCodeUserSetup-x64-1.91.1.tmp
3672	Code.exe
1976	Code.exe
4068	Code.exe
4888	Code.exe
4624	Code.exe
5000	Code.exe
2836	Code.exe
3408	Code.exe
1572	code-tunnel.exe
2340	Code.exe
2384	Code.exe
1212	vsce-sign.exe
4284	vsce-sign.exe
3368	vsce-sign.exe
1604	Code.exe
4508	Code.exe
2212	Code.exe
4624	Code.exe
1848	Code.exe
2420	Code.exe
1608	Code.exe
1336	Code.exe
2808	Code.exe
5172	Code.exe
5264	code-tunnel.exe

Loads dropped DLL 49 IoCs

Processes:

Code.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exeCode.exe

pid	process
3672	Code.exe
3672	Code.exe
3672	Code.exe
3672	Code.exe
3672	Code.exe
1976	Code.exe
1976	Code.exe
1976	Code.exe
1976	Code.exe
1976	Code.exe
3672	Code.exe
3672	Code.exe
3672	Code.exe
3672	Code.exe
4068	Code.exe
4888	Code.exe
4624	Code.exe
5000	Code.exe
2836	Code.exe
4624	Code.exe
3408	Code.exe
5000	Code.exe
3672	Code.exe
2340	Code.exe
2384	Code.exe
1604	Code.exe
4508	Code.exe
2212	Code.exe
4508	Code.exe
4508	Code.exe
4508	Code.exe
4508	Code.exe
4508	Code.exe
4508	Code.exe
4624	Code.exe
4624	Code.exe
4624	Code.exe
4624	Code.exe
4624	Code.exe
1848	Code.exe
2420	Code.exe
4508	Code.exe
1608	Code.exe
1336	Code.exe
2808	Code.exe
5172	Code.exe
1336	Code.exe
2808	Code.exe
4508	Code.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4376 icacls.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

350 raw.githubusercontent.com
351 raw.githubusercontent.com
352 raw.githubusercontent.com
353 raw.githubusercontent.com

pid	process
4376	icacls.exe

flow	ioc
350	raw.githubusercontent.com
351	raw.githubusercontent.com
352	raw.githubusercontent.com
353	raw.githubusercontent.com

Drops file in System32 directory 1 IoCs

Processes:

SearchProtocolHost.exe

description	ioc	process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat	SearchProtocolHost.exe

Drops file in Windows directory 6 IoCs

Processes:

wwahost.exeCredentialUIBroker.exeSearchIndexer.exewwahost.exewwahost.exewwahost.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4185669309\3653706970.pri	wwahost.exe
File created	C:\Windows\rescache\_merged\1847152663\4105898438.pri	CredentialUIBroker.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	SearchIndexer.exe
File created	C:\Windows\rescache\_merged\4185669309\3653706970.pri	wwahost.exe
File created	C:\Windows\rescache\_merged\4185669309\3653706970.pri	wwahost.exe
File created	C:\Windows\rescache\_merged\4185669309\3653706970.pri	wwahost.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

5072 powershell.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
5072	powershell.exe

Checks processor information in registry 2 TTPs 35 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exeCode.exeCode.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	Code.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Code.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

wwahost.exewwahost.exewwahost.exewwahost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

SearchFilterHost.exeSearchProtocolHost.exeSearchFilterHost.exechrome.exeSearchIndexer.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.avi = "1"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{45670FA8-ED97-4F44-BC93-305082590BFB} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ec18327c2ad5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.html = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d71514f52ad5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice\Hash = "APtRLqN2abc="	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice\ProgId = "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice\Hash = "DoL96Ev46qw="	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{8082C5E6-4C27-48EC-A809-B8E1122E8F97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000925023ba2ad5da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e4196d7a2ad5da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e4338b7b2ad5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash = "j7qR0co5Fo0="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice\Hash = "Xz2iNSozY8I="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653506337229424"	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice\Hash = "Tm4seauOEeY="	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.wmv = "1"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.raw = "1"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4 = "1"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-180 = "Microsoft PowerPoint 97-2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice\ProgId = "AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice\Hash = "A8NDSOoICvg="	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-113 = "Microsoft Excel Binary Worksheet"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.gif = "1"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice\ProgId = "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003dd947792ad5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@C:\Windows\system32\zipfldr.dll,-10195 = "Compressed (zipped) Folder"	SearchProtocolHost.exe

Modifies registry class 64 IoCs

Processes:

VSCodeUserSetup-x64-1.91.1.tmp

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.cls\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.cxx\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.pl6	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.pm6\OpenWithProgids	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.vb\shell\open\Icon = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\""	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.gitattributes\DefaultIcon	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.rt\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.svgz\OpenWithProgids\VSCode.svgz	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.cc\OpenWithProgids\VSCode.cc	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.pp\shell\open	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.gradle\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.php\OpenWithProgids\VSCode.php	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.pm\OpenWithProgids	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.t\shell\open	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.t\shell\open\Icon = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\""	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.aspx\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\vscode\\resources\\app\\resources\\win32\\html.ico"	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.dot\OpenWithProgids\VSCode.dot	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.dtd\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.ps1	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.bash\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\vscode\\resources\\app\\resources\\win32\\shell.ico"	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.fsx\shell	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.h\DefaultIcon	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.jade\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\vscode\\resources\\app\\resources\\win32\\jade.ico"	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.mdoc\shell\open\Icon = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\""	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.xml\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.containerfile\ = "Containerfile Source File"	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.pod\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.rprofile	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.jshintrc\AppUserModelID = "Microsoft.VisualStudioCode"	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.pyi\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\vscode\\resources\\app\\resources\\win32\\python.ico"	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.handlebars\OpenWithProgids\VSCode.handlebars	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.htm\shell	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.ini	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.psm1	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.rprofile\OpenWithProgids\VSCode.rprofile	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.mkd\shell	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.phtml\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.log\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.mdoc\shell	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.phtml	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.scss\ = "Sass Source File"	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Applications\Code.exe\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.bowerrc\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\" \"%1\""	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.htm\shell\open	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.less\OpenWithProgids	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.ctp\OpenWithProgids\VSCode.ctp	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.fs\DefaultIcon	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.hpp	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.less\shell\open\Icon = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\""	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.hxx\OpenWithProgids	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.jsp\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.less\shell	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.less\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.pp\OpenWithProgids\VSCode.pp	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.py	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.cljs\shell\open\Icon = "\"C:\\Users\\Admin\\Desktop\\vscode\\Code.exe\""	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.cxx\shell	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.mkdn\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\vscode\\resources\\app\\resources\\win32\\markdown.ico"	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.plist\shell\open\command	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.wxs\DefaultIcon	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Applications\Code.exe	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\.t	VSCodeUserSetup-x64-1.91.1.tmp
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.dockerfile\shell	VSCodeUserSetup-x64-1.91.1.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\VSCode.handlebars\ = "Handlebars Source File"	VSCodeUserSetup-x64-1.91.1.tmp

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

vsce-sign.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	vsce-sign.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	vsce-sign.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	vsce-sign.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	vsce-sign.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	vsce-sign.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.91.1.exe:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.91.1.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

chrome.exechrome.exepowershell.exeVSCodeUserSetup-x64-1.91.1.tmpchrome.exepowershell.exe

pid	process
3016	chrome.exe
3016	chrome.exe
4268	chrome.exe
4268	chrome.exe
5072	powershell.exe
5072	powershell.exe
5072	powershell.exe
5072	powershell.exe
1860	VSCodeUserSetup-x64-1.91.1.tmp
1860	VSCodeUserSetup-x64-1.91.1.tmp
2384	chrome.exe
2384	chrome.exe
6708	powershell.exe
6708	powershell.exe
6708	powershell.exe
6708	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Code.exe

pid process

3672 Code.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

628
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exechrome.exe

pid process

3016 chrome.exe
3016 chrome.exe
3016 chrome.exe
3016 chrome.exe
3016 chrome.exe
2384 chrome.exe
2384 chrome.exe
2384 chrome.exe

pid	process
628

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exefirefox.exeVSCodeUserSetup-x64-1.91.1.tmpchrome.exefirefox.exe

pid	process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
4008	firefox.exe
4008	firefox.exe
4008	firefox.exe
4008	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
1860	VSCodeUserSetup-x64-1.91.1.tmp
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
5828	firefox.exe

Suspicious use of SendNotifyMessage 58 IoCs

Processes:

chrome.exefirefox.exefirefox.exechrome.exefirefox.exe

pid	process
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
4008	firefox.exe
4008	firefox.exe
4008	firefox.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
2384	chrome.exe
5828	firefox.exe
5828	firefox.exe
5828	firefox.exe
5828	firefox.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

firefox.exefirefox.exeUserAccountBroker.exeCredentialUIBroker.exeVSCodeUserSetup-x64-1.91.1.tmpCode.exewwahost.exewwahost.exewwahost.exewwahost.exefirefox.exe

pid	process
4008	firefox.exe
3892	firefox.exe
928	UserAccountBroker.exe
5056	CredentialUIBroker.exe
3892	firefox.exe
3892	firefox.exe
3892	firefox.exe
1860	VSCodeUserSetup-x64-1.91.1.tmp
1860	VSCodeUserSetup-x64-1.91.1.tmp
1860	VSCodeUserSetup-x64-1.91.1.tmp
1860	VSCodeUserSetup-x64-1.91.1.tmp
3672	Code.exe
3092	wwahost.exe
2180	wwahost.exe
4488	wwahost.exe
948	wwahost.exe
5828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3016 wrote to memory of 1996	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 1996	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4524	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 436	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 436	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe
PID 3016 wrote to memory of 4508	3016	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\target.vbs"
1⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa95769758,0x7ffa95769768,0x7ffa95769778
2⤵
PID:1996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:2
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:8
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:8
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:1
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4080 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:1
2⤵
PID:1016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:8
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:8
2⤵
PID:500

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:3212

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6d8877688,0x7ff6d8877698,0x7ff6d88776a8
3⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2360 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:1
2⤵
PID:4500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5152 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5592 --field-trial-handle=1840,i,2488247728025650228,11219754236256856628,131072 /prefetch:1
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.0.1801782011\1620633820" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92701be3-f3ee-42cd-a06d-9a3c1f882b27} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 1796 215590bad58 gpu
3⤵
PID:4556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.1.1306814591\1113123138" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e346e42-39b0-439d-ba30-f07511c0eb7a} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 2152 2154e06fb58 socket
3⤵
- Checks processor information in registry
PID:2224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.2.617464157\484214622" -childID 1 -isForBrowser -prefsHandle 2808 -prefMapHandle 2940 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {649fcfc9-c508-499c-be59-3f141d228727} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 2932 2155905c858 tab
3⤵
PID:1212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.3.445840406\792194235" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e5111b7-9d95-4747-8037-ea91afbc0e29} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 3520 2155b9e5758 tab
3⤵
PID:4596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.4.102558547\1677525036" -childID 3 -isForBrowser -prefsHandle 3900 -prefMapHandle 3228 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {037a1cd9-d09a-4382-944b-5cbfad1f7f3f} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 3912 2155d4fbb58 tab
3⤵
PID:4080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.5.1178562882\2110222788" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4872 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6ceff09-dd0e-4b88-baf1-95c334b226f0} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 4924 2155f993a58 tab
3⤵
PID:4228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.6.1543444116\1079186028" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdad7748-03ad-4d29-aeca-93392e3531aa} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 4808 2155f994c58 tab
3⤵
PID:4472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.7.475858072\1823190446" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cde3ca7a-c5b6-4404-bd9a-79b2b63d8ad2} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 5144 2155f995b58 tab
3⤵
PID:1580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
PID:4656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
4⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.0.619682154\608324772" -parentBuildID 20221007134813 -prefsHandle 1644 -prefMapHandle 1620 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b91ccca7-2851-4eee-945a-8b6ecf20e7d8} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1724 228154f5958 gpu
5⤵
PID:4580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.1.396392539\97264858" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1900 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6edd62d7-21b3-4b83-832b-2255753c5326} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1920 2280b5e9e58 socket
5⤵
- Checks processor information in registry
PID:1976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.2.834216844\1011480921" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 23633 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0ae6fe2-1352-4433-b6a4-0040f8e3aae1} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3240 2281a336858 tab
5⤵
PID:2020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.3.128479003\1248770904" -childID 2 -isForBrowser -prefsHandle 852 -prefMapHandle 1116 -prefsLen 23678 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfe3f00e-7075-4dc5-8346-cccd85b4b89d} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3516 2280b575658 tab
5⤵
PID:504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.4.1888688604\218984431" -childID 3 -isForBrowser -prefsHandle 3688 -prefMapHandle 3692 -prefsLen 24822 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef6d866c-8370-4fef-85fb-07564e926574} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3904 2281b0e5f58 tab
5⤵
PID:1844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.5.1573368443\1322432627" -parentBuildID 20221007134813 -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 25755 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec7d05aa-2b7e-4486-82c2-31d9feb42ace} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4180 2281ba53558 rdd
5⤵
PID:2688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.6.1358630243\1597566668" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4912 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34cc9c3-f92b-4a1b-8cee-4ae3a64067e9} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4900 22816ad3c58 tab
5⤵
PID:3552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.7.2054443866\207505306" -childID 5 -isForBrowser -prefsHandle 2880 -prefMapHandle 2988 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a3da28-250a-4298-ac9e-80952eb8a00e} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 1140 22816e49158 tab
5⤵
PID:2232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.8.1052407667\1948210885" -childID 6 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 32012 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b8f9535-4115-4acb-a7c4-74911c7bf1a9} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 5036 22816ee7158 tab
5⤵
PID:3992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.9.141215595\1834323606" -childID 7 -isForBrowser -prefsHandle 3236 -prefMapHandle 4564 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94d82f6a-427f-4021-a7d5-8a181cbbd243} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 3260 22820088558 tab
5⤵
PID:2204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.10.1519970201\1980244394" -childID 8 -isForBrowser -prefsHandle 3788 -prefMapHandle 4984 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7a33b29-0cd4-4d9e-b893-d3649f1d9996} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 4968 2281f198b58 tab
5⤵
PID:1204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.11.337919569\143345518" -childID 9 -isForBrowser -prefsHandle 5880 -prefMapHandle 5956 -prefsLen 32755 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6883ddf5-4ba0-43f3-81bc-18802496ceff} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 5964 2281fff2558 tab
5⤵
PID:4636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.12.1139434110\1009763674" -childID 10 -isForBrowser -prefsHandle 6264 -prefMapHandle 6260 -prefsLen 32764 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14e3f612-e5b9-43b7-87cd-b2bd42dafd66} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 6248 228197fcb58 tab
5⤵
PID:3856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3892.13.1887729760\2036781707" -childID 11 -isForBrowser -prefsHandle 10024 -prefMapHandle 10028 -prefsLen 32804 -prefMapSize 230321 -jsInitHandle 1216 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44be7932-cb60-4d49-a9f1-0ceed5960e9e} 3892 "\\.\pipe\gecko-crash-server-pipe.3892" 10016 2281f2fcf58 tab
5⤵
PID:4568

C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.91.1.exe
"C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.91.1.exe"
5⤵
- Executes dropped EXE
PID:3176

C:\Users\Admin\AppData\Local\Temp\is-J9U5S.tmp\VSCodeUserSetup-x64-1.91.1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-J9U5S.tmp\VSCodeUserSetup-x64-1.91.1.tmp" /SL5="$B008A,98515279,828416,C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.91.1.exe"
6⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "Get-WmiObject Win32_Process | Where-Object { $_.ExecutablePath -eq 'C:\Users\Admin\Desktop\vscode\bin\code-tunnel.exe' } | Select @{Name='Id'; Expression={$_.ProcessId}} | Stop-Process -Force"
7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5072

C:\Windows\system32\icacls.exe
"C:\Windows\system32\icacls.exe" "C:\Users\Admin\Desktop\vscode" /inheritancelevel:r /grant:r "*S-1-5-18:(OI)(CI)F" /grant:r "*S-1-5-32-544:(OI)(CI)F" /grant:r "*S-1-5-11:(OI)(CI)RX" /grant:r "*S-1-5-32-545:(OI)(CI)RX" /grant:r "*S-1-3-0:(OI)(CI)F" /grant:r "Admin:(OI)(CI)F"
7⤵
- Modifies file permissions
PID:4376

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe"
7⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3672

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1576 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1976

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=2244 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4068

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\Desktop\vscode\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2808 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:8a925b2d-9109-47ed-a6bb-4015f18966bf /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:4888

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=2544 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2836

\??\c:\Users\Admin\Desktop\vscode\bin\code-tunnel.exe
c:\Users\Admin\Desktop\vscode\bin\code-tunnel.exe tunnel status
9⤵
- Executes dropped EXE
PID:1572

\??\c:\Users\Admin\Desktop\vscode\resources\app\node_modules.asar.unpacked\@vscode\vsce-sign\bin\vsce-sign.exe
c:\Users\Admin\Desktop\vscode\resources\app\node_modules.asar.unpacked\@vscode\vsce-sign\bin\vsce-sign.exe verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-python.debugpy-2024.8.0-win32-x64 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\.43bfe7aa-87b9-46d9-a6ef-b459d0ea0208
9⤵
- Executes dropped EXE
- Modifies system certificate store
PID:1212

\??\c:\Users\Admin\Desktop\vscode\resources\app\node_modules.asar.unpacked\@vscode\vsce-sign\bin\vsce-sign.exe
c:\Users\Admin\Desktop\vscode\resources\app\node_modules.asar.unpacked\@vscode\vsce-sign\bin\vsce-sign.exe verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-python.python-2024.10.0-win32-x64 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\.93f02b39-d257-45e3-b394-fa58ed172802
9⤵
- Executes dropped EXE
PID:4284

\??\c:\Users\Admin\Desktop\vscode\resources\app\node_modules.asar.unpacked\@vscode\vsce-sign\bin\vsce-sign.exe
c:\Users\Admin\Desktop\vscode\resources\app\node_modules.asar.unpacked\@vscode\vsce-sign\bin\vsce-sign.exe verify --package c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-python.vscode-pylance-2024.7.1 --signaturearchive c:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\.0b230ec1-c99b-458f-82a5-0cce850367fb
9⤵
- Executes dropped EXE
PID:3368

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3360 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4624

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3396 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5000

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
8⤵
PID:3940

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\Desktop\vscode\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3612 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:8a925b2d-9109-47ed-a6bb-4015f18966bf /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:3408

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\Desktop\vscode\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3684 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:8a925b2d-9109-47ed-a6bb-4015f18966bf /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2340

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\Desktop\vscode\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3300 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:8a925b2d-9109-47ed-a6bb-4015f18966bf /prefetch:1
8⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2384

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3636 --field-trial-handle=1580,i,434916549526726007,13411918623346268376,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1604

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc
1⤵
PID:4448

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:5052

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
1⤵
PID:4272

C:\Windows\System32\UserAccountBroker.exe
C:\Windows\System32\UserAccountBroker.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:928

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2432

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:500

C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2816

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
2⤵
- Modifies data under HKEY_USERS
PID:3516

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
2⤵
- Modifies data under HKEY_USERS
PID:5028

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
2⤵
PID:4904

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
2⤵
PID:2160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:1436

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3092

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" -outproc 1 3092 380 424 420 0 0 0 0 0 0 0 0
1⤵
PID:2712

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" -outproc 1 2180 420 424 380 0 0 0 0 0 0 0 0
1⤵
PID:3084

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4488

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" -outproc 1 4488 488 492 428 0 0 0 0 0 0 0 0
1⤵
PID:3856

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:948

C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" -outproc 1 948 452 428 492 0 0 0 0 0 0 0 0
1⤵
PID:4476

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
PID:4508

C:\Users\Admin\Desktop\vscode\Code.exe
C:\Users\Admin\Desktop\vscode\Code.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Code /prefetch:4 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Code\Crashpad --url=appcenter://code?aid=a4e3233c-699c-46ec-b4f4-9c2a77254662&uid=0484d59c-f08a-4848-9be7-91ddff8e3194&iid=0484d59c-f08a-4848-9be7-91ddff8e3194&sid=0484d59c-f08a-4848-9be7-91ddff8e3194 --annotation=_companyName=Microsoft --annotation=_productName=VSCode --annotation=_version=1.91.1 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=29.4.0 --initial-client-data=0x3f8,0x3fc,0x3e4,0x3f4,0x404,0x7ff62d117d40,0x7ff62d117d4c,0x7ff62d117d58
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2212

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1580 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4624

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=2804 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1848

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\Desktop\vscode\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3048 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:b9fcb4f1-aeae-476e-b92d-9e2f29f6aff5 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2420

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3288 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:1608

\??\c:\Users\Admin\Desktop\vscode\bin\code-tunnel.exe
c:\Users\Admin\Desktop\vscode\bin\code-tunnel.exe tunnel status
3⤵
- Executes dropped EXE
PID:5264

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3412 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1336

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --mojo-platform-channel-handle=3420 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /d /s /c "wsl.exe -l -q"
2⤵
PID:2328

C:\Users\Admin\Desktop\vscode\Code.exe
"C:\Users\Admin\Desktop\vscode\Code.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --app-user-model-id=Microsoft.VisualStudioCode --app-path="C:\Users\Admin\Desktop\vscode\resources\app" --enable-sandbox --enable-blink-features=HighlightAPI --disable-blink-features=FontMatchingCTMigration, --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3328 --field-trial-handle=1596,i,3744864891165047359,11588352637137857194,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --vscode-window-config=vscode:b9fcb4f1-aeae-476e-b92d-9e2f29f6aff5 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa95769758,0x7ffa95769768,0x7ffa95769778
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:2
2⤵
PID:68

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:8
2⤵
PID:2928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:8
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2820 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:1
2⤵
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2828 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:1
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3952 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:1
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4876 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:8
2⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 --field-trial-handle=1584,i,14111749883226754458,6882834534329842439,131072 /prefetch:8
2⤵
PID:5168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.0.951351884\846340393" -parentBuildID 20221007134813 -prefsHandle 1612 -prefMapHandle 1600 -prefsLen 21289 -prefMapSize 233543 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5607d2f3-b0b0-4f4e-b554-9458b9db951c} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 1684 2afc9615358 gpu
3⤵
PID:5968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.1.92163461\111524659" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 21334 -prefMapSize 233543 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c194792-d125-4ffb-9b54-c0faf7b249a6} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 2004 2afc8d35b58 socket
3⤵
PID:6024

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.2.1236100347\1749388543" -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 2764 -prefsLen 21833 -prefMapSize 233543 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e25b63d-3d91-4119-992b-fbd11d88cd0d} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 2776 2afcd424258 tab
3⤵
PID:5328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.3.1900360038\974529547" -childID 2 -isForBrowser -prefsHandle 3256 -prefMapHandle 3252 -prefsLen 27103 -prefMapSize 233543 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbc17358-f858-4777-b1d9-97d499f69476} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 3268 2afbe166258 tab
3⤵
PID:5496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.4.1954270505\1799101023" -childID 3 -isForBrowser -prefsHandle 3484 -prefMapHandle 3488 -prefsLen 27103 -prefMapSize 233543 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f95d308-455f-4e4a-b4d9-56faa61919d8} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 3528 2afcec32258 tab
3⤵
PID:5320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.5.1056518487\1515304016" -childID 4 -isForBrowser -prefsHandle 3144 -prefMapHandle 4116 -prefsLen 27103 -prefMapSize 233543 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12bf2a7e-2790-4673-a456-59b7c069fa47} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 4128 2afce20ca58 tab
3⤵
PID:5888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.6.1496019380\1658155300" -childID 5 -isForBrowser -prefsHandle 4272 -prefMapHandle 4276 -prefsLen 27103 -prefMapSize 233543 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ea95ce7-c676-43cd-893a-64cd31a7a2ac} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 4256 2afcfabb558 tab
3⤵
PID:5612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5828.7.808863572\1955625727" -childID 6 -isForBrowser -prefsHandle 4472 -prefMapHandle 4476 -prefsLen 27103 -prefMapSize 233543 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a40382e-71ea-41e4-a7ee-42bb3fe58abe} 5828 "\\.\pipe\gecko-crash-server-pipe.5828" 4268 2afcfcdb858 tab
3⤵
PID:5736

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:6708

C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
2⤵
PID:7088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

Filesize
8KB

MD5
213b362363c5d15ad4fd86d50cbe8c76

SHA1
fd77756a575d7937ac97d4d07f9c24ea7ad80d3f

SHA256
d4f46a7355fa7148f5839d7f27042536cc916994a493bcaba69059bf92f558db

SHA512
b134db87aa99974e09daf76d6dca1d570a5a3049c688f33776d35f67a5da5bfa9317a06ed0c00a6f6efedaa75aa0c670444025e5921a5491a6fd1a89e8f0504a

Download Submit
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

Filesize
8KB

MD5
09aae104899153e2e8eef9dd7775bb95

SHA1
e190f44354fe606bf4323dea7e43f162b17bbf0b

SHA256
75584aaae81c40d7735bb584bc42175e0a1410d6f0d1f05a9de4edfeeb84ca6b

SHA512
c337506aa1e53b4b2f7e5edca4d0379548f19ec72850df8b64776e80bc0268e51c1c6220e2cf51bb043ea6da263c7c6189d64d80c3fc1fbaca04ce19496aa778

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\.vscode\argv.json

Filesize
798B

MD5
cda21890352bd06aa292e4b34c0b75c7

SHA1
c07018d66d1fc73c79b12dd27e937e47a04e387d

SHA256
2165b4cf01f57171dffe580b0952056aacd64accd1a548aef9203d4ebf6c4ead

SHA512
29c75070606a61871965d8c28a0e8c39b0d3c5c6940e7aad68914710ee0480c357a3403fd174c4c01d0fa03fdbed9ce188f6291fefdcf7b86c23d3b869327e26

Download Submit
C:\Users\Admin\.vscode\extensions\.00d54928-2cd1-45a2-a9f0-8c9da0c93444\package.json

Filesize
17KB

MD5
b870dc81d260ec796a3319a3e5181ff8

SHA1
a846a38c212d2a769b3abe45c43aa35fc0939f67

SHA256
39f786eff9da81d89c8dbeb0c222a9f141bae1e19c0ddab44ff66ebdd2c80e42

SHA512
48fe6c1bcd3df4aa717106efaa8f9d47e105eef3b5a9e8c24543affa3213caecd1da69f5c01dc77bb3c1d50e88080c176875015aff23ece3620daf6b2c7b19a9

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\bundled\stubs\django-stubs\contrib\sitemaps\management\commands\ping_google.pyi

Filesize
85B

MD5
6b8cad3305cef8186496283d80f5ea37

SHA1
418009700ba673f4aebf49db46d1f44384d4f8f8

SHA256
1a4fa10dd76be871ebe4f02bc9ccf70eaa1e178efa5291aa6aff471a9fcdb272

SHA512
e06ba45ea1bd65681f3be4a85118d4bc75c961e82dc6d319c6a2b1a7a39533732fe7c5d152ea978e0dd62c1ea520eb62c9322eaed82ca5588495fa1465f71555

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\bundled\stubs\django-stubs\core\mail\backends\console.pyi

Filesize
103B

MD5
7f6526c1bbcb2aa7ba6a8cde268765bc

SHA1
cfc87c1fd110239d47886e0c5ebcad54bd453bbe

SHA256
ae9de027f591acfedc0ba387099c4398c0841a9c126535d313ffbdb18184eea0

SHA512
3c6f26b5f0ab2bc22e72e116ffe28624e5d971a86b9d85e5f733844827e784b8349c46fa46ca5390bc972607b7fb5b37a6fb47b410e105f02b147dfe77a737c7

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\bundled\stubs\matplotlib\blocking_input.pyi

Filesize
77B

MD5
0244548e1dba18ff5c58d98bcc50b931

SHA1
37494fb84b8b2a811e2cfa2be49477ce29138af7

SHA256
c08fdebb51bcc9a6aab911e667d9984608f2e3334d8490b7f394e348ca1a9918

SHA512
a88c7f3fad1047e18794184f33787b68e9c3260d47d68e6f519d99143b928aa97fcd1ebcc3b730f0c23eabb303352ba3cf9263b16e7c9f276f9108ed616a567c

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\bundled\stubs\skimage\transform\setup.pyi

Filesize
108B

MD5
cabf15f3f576ebb031e97ef8a1ec4d0e

SHA1
11e9b9ca4979f779e410b90c424af4ee2b7c9487

SHA256
9faa832387d286d3806532e2ddca1fb31b2b14d2afe92b610996d81bad23be79

SHA512
42a56b420aac907e282af7997c645cba6e931a39ef7add467c5000c9f76a8c24473b3d778c7ac98d3b654540a673d544ab40502af8229d385918d4fa57a8be6f

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\typeshed-fallback\stubs\docutils\docutils\parsers\rst\directives\body.pyi

Filesize
80B

MD5
351656881bfa887b49520e1bd545c055

SHA1
ab3c476b90b61282008598465c5d764c74433e2b

SHA256
630fcdb0a471bf07776799829908a80ce00c936498051f22c91dd9cfc66ee202

SHA512
a34181e612eb2e88bbf2233c1953d10ccf41346124e69fa692c38da4086d916d83bdac02e77d2fff89955b14d2cba3281b8696a97c60340f308ec2b81f99d420

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\typeshed-fallback\stubs\protobuf\google\protobuf\__init__.pyi

Filesize
17B

MD5
3cfcd308f6cee078df2a3b8453aa210b

SHA1
24063dd2fd1ad006b8e74517b956ff3fd0bb0b71

SHA256
636e67e38a72137be9f763220012ab70adc8591c90d491b5ad9e147eacb69c2d

SHA512
91e11dc2417a60fb9b157ad529406ec7d420488846fb34ef343a50e06de35f052a58b0bfd2e4b604ccc2e2f60d21778c5ec6b1d6bf7952521e05723e575db53b

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\typeshed-fallback\stubs\reportlab\reportlab\pdfbase\__init__.pyi

Filesize
50B

MD5
2e0a8f4a89631f160794c3be3eceea9b

SHA1
8c65677e5de8ab21145fdd21a8e80812bb9fc390

SHA256
1bc0f1ada46ee63106faf7b4ea6b29f57a07a90c2d9c512356d0922deeef693c

SHA512
50822084e85dd25c6cbd88f09744199005d0b4fec3f1496572d7bcb89fb99a9bcff3b11fb2f069dd00fee6098313a901476f3af6a6f5ca2e9464e3682b9c1673

Download Submit
C:\Users\Admin\.vscode\extensions\.c4259e39-bebe-4518-9347-00a6b855db56\dist\typeshed-fallback\stubs\six\six\moves\CGIHTTPServer.pyi

Filesize
26B

MD5
59c113ba8da07ed8b8cf1d9fa0cb0a08

SHA1
b29c918fa7f8eb1f29f0a940f7bc3473d1f5d5e1

SHA256
bed05425469b4eb2152bdec29f43212d48474a56e61c1f10810956c1a747fbac

SHA512
98a1b860fb715c34568ec9247df52f480fd5fa72eac8c3b34954bfc2b35fb4b0bf73ea421950a9c027a20fc364207bf930edff3033490acf4011098afbe098e1

Download Submit
C:\Users\Admin\.vscode\extensions\.cfb94ec9-5700-4551-ae25-ade6d84782b6\package.json

Filesize
38KB

MD5
b6d01729caca621626fa04e3ceb49b4d

SHA1
318b0ab0eb57e7c87c63d645c3f1f8167573c465

SHA256
9797a70ebfec733eb1e2dd9ee42be7fd16a20169ef538c77ba7020415519b332

SHA512
0a140a96aedfece397aebec4a8988dbc037ce1682213c2dd6a54e6ff15402ab84ba2f2b8b33abe011ecec690aa9b5a71627bffe6e634c8811bc84bead21e8e06

Download Submit
C:\Users\Admin\.vscode\extensions\.cfb94ec9-5700-4551-ae25-ade6d84782b6\python_files\lib\jedilsp\exceptiongroup-1.1.3.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\.vscode\extensions\.cfb94ec9-5700-4551-ae25-ade6d84782b6\python_files\lib\jedilsp\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi

Filesize
63B

MD5
84a27291937d76e46b277653002601f2

SHA1
fe60efb40aeeee2998bb07245d4f9571ad08825f

SHA256
ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe

SHA512
e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be

Download Submit
C:\Users\Admin\.vscode\extensions\.cfb94ec9-5700-4551-ae25-ade6d84782b6\python_files\lib\python\packaging-24.1.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Users\Admin\.vscode\extensions\extensions.json

Filesize
793B

MD5
ea1fe4ea408efd6d5291f84f5c8d5ec7

SHA1
2a745753c96139b15b2e873c1d6a9974539fd6ac

SHA256
26f39e29bda825dc98ff9da0d16c194ef78c63a5b69ab53ee2b6f1c9f80c4a6d

SHA512
c650a3e2a722343c8f2fdb5ce1b122e2d98c27f7c925a56315237796375689c45b6439b4f2cc9e0ea918338e76183fec5a7e58299336564e95788774ceec4c5d

Download Submit
C:\Users\Admin\.vscode\extensions\extensions.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\.vscode\extensions\ms-python.debugpy-2024.8.0-win32-x64\package.nls.json

Filesize
478B

MD5
5b97498ac407515da17cf75d0fb39422

SHA1
c2705a12eaa1c897d4c60263237868c2167454c8

SHA256
2353133f72f94d5c603dc53ce4a0de7cdda09e3f44a3b14e7d7a32b9ad30d0aa

SHA512
1feddf75596f2b77ca4ca00722df98372028cc91113377c73f7bcdb48a535554db4e6df0640524ae7d5a24c7b73fed4a3170aac7467cfb6f2becd622eae288aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
419cb87eea0a14990a3be016793cb112

SHA1
2e35de87be431bd96dd5ccf4250b6b1f42e7413e

SHA256
87af132c8cb0c13cd8bacafbd5e279f5325fe969977b91b5586a87d447aec484

SHA512
af5d4e9887ee8b64b4cd5d098512699206c0484ded49c605ea14c15bb605713448bdafd5599ce6e253fd4af73b627169f48b86fc779d45cda4971d917a79694c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2f212565b1b88217_0

Filesize
280B

MD5
bf65869f5ee9e573bea16dd4c5190303

SHA1
974671ae5f11ba8fe0c385df293170b3f3842764

SHA256
4646da72501beca948635b1e989d429b016743dafe0c36aba92f3f894c3f9c7c

SHA512
682878afd5518d178894227655308e9b327efe894188475d04deb862832152bb9a672f8172dc0f4c42776699535c609a22f80260cc1f39273cd45860be6ec235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bdfcc94d45c8c8eb_0

Filesize
19KB

MD5
08b916f38734daa66bab9826ee9ef0f1

SHA1
34725e3e1b7972acca4bd1f7202f703bf92a4c17

SHA256
630d3202f18c0cf62760624560a70bb5ab362e862afe1a866772c415a1f93766

SHA512
e6825991a13310c752cd01d7586fce19a767e84336bfc0db31ac1cb22f6c524f6e94aa7f159e23aa0584750f162f0b30094ccaff4b587ab1ffa34cafb6cf977c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
45ea63f8ada4d3c6eac84e148fa6749a

SHA1
3b2d7f40e9b2f39152a22855428588ff26daec75

SHA256
fadb6611cfe11aa4dacb2f46e05823b4d046f13086892c8d787694118bdd7c5a

SHA512
fa2e5e193dcd8f2a81f24c6bb21b92a0e4058503bb340cfed7581bfa305258533d7bfa362deca761a74f194f9fd6f323458236ee48547fa4e89e66e56057b2b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
884c55659f465ee4707173d18ece3fdd

SHA1
9fdca2a009786eff7fd124ab17f1f925765355e9

SHA256
b95d65523290e80320a1311e15e44a5044f125c57521882607730e58c3c5bd70

SHA512
90bc13a460049a3bdebb4071bacc1a9521d6dcd60308b3b23f8392143cbf9554f495c506aee9de14a885857b56370aad4cb5493556ee397355fb5165dcce98b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
faeff187d0491fd992cf83fa7e0552de

SHA1
26ad59726a50c7f24631cdded2f311f7e71d82d1

SHA256
0b13828afcb4b361587bed117ff5a172ae4dee330151f29bf465025d2cf91711

SHA512
5fa2294c6b6ce07909b23e13ed0143ba2ec6173fc1a116c3ef04ebfcc7f460bc35d9e46aa9c27659afdfa710c6232ffde4dea971dba9b50c5baf0ff41e4b6cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b8eb43d8c6e1ae551776c57c587c8590

SHA1
b607bc057a702b5ec244748382c9db8c0e8c2301

SHA256
ed26d5973abed1fa3b8f7422583856099b9f9d167f2b156fb3023201326ab80e

SHA512
df1ef5ce35029669bb1c463d527060ca44add55f7c9447d5e269d8e2203f482193083733da972b9b716d87e4a630366cf8cbca0c2e3dccae160c35b5c9542d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a3a56aee80f6499d58ede47c6c38cef0

SHA1
d104f5a44265d8ebb205a78c73c95af4671bc543

SHA256
5c565a65cc921f03d93b3fb49daf9fe3718a6380993000b70288e320c139fe44

SHA512
5b0e48f4bc90d62572db8aa6a36ea7f05f9a7fbb7e80f2dc533d9730250a035d1f29cd49b68e2616796499cd482afe488a273e5fa523e3c78a751917eb57b398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5ba442163658f1f8a93ba5f823d6e8a4

SHA1
e82e07968cd769c9ecd24b9b6d99dd668a1a0b2e

SHA256
490cdc5bd185ecdf9afd5c912dcc9311993da04fee941b0e7238d91c6eed255b

SHA512
5a90ba777027c933abc59f670e2adce75d6c8cef35c06c2bfb88d2ff11c1928d059cca91120acf2777cc9964f35c64aae689d965b794c25efe6a6b1bb1d82fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
d25bff2bbcd0b2497bdcd2ef8cccccac

SHA1
435fa9f5e20958c7fd64f532b5b2db6c04d16486

SHA256
b14cc69f4e451d6f54dbc5af7a72cc61694d350208d73997de821bc393d2e9df

SHA512
6d3bb441757a78d82a725f250c02138c012daa37b0d2f9c301908c0a9e490f720030bbac587e017e684053745c3f2f069a9b589e44a60c395a8538fe7875625e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
751B

MD5
e9748afa1970388484140ff481cd4eea

SHA1
750959d105f8c0009d1b7df8d41b5d623723c1dc

SHA256
ba9c161eb2f8ee288659fedd9031ed633da4b6cf5b1b961c267ed6c2d8123ae7

SHA512
377d064108e4dd254bd608af8769d856bc5217d91f2a76ac6ab2c9fd3d7938a46fe090c1797157db04f65ea2e2bcd3fb95ab1c691a18b5d1156cf9d98391fe40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c509d8e9a0c3d51f5b4e34114c09b286

SHA1
b79b4ea999b2c73885ba0595f130c988b9281fee

SHA256
4cf16d056a125c68eca70405effd530d7f9ba63e3f8853642c76f57935cc62c1

SHA512
da9255e12c6b726fb0da2e98fc391ac07088afb3403ed8b20e8644ec807128e3c9d90e0eb3d8ab0ffceb0898431c463ebd3c9fc8e858bc23da905a75d89e55e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1373a16847b4c7b295efe3031d3a225a

SHA1
64fe97f69ba077f492a63fbadbceb9ff018d0d03

SHA256
f345af5ada2f5c9409fee90c92bc753c994f3256afec0f0b211829952d231277

SHA512
8f95d2b09a3979cf57b1851707f6d4a94d92bb69e10f92590de0fdae36bb1b980e9a55c8c8e12097466813bba0235ffb27784e6498b72e7c324d6e3384d28d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dec3ee68797c53499a140f5b870d2d35

SHA1
54afc97d42facfe47f9ebf5b15c5f01668e32432

SHA256
63ef1dd4aa36940e6b7ad7e4da44b2d13ed23f18ac7ae0d86a9bf00e7cbe5a43

SHA512
8ba4ea9384b4662589a24b891fa6f600141c39fe35cb420e5da9108d038fd2a40b4ad8f09ed70e3327194ee09379c145065849cd2a0ecb9d4ae4284e6dd7fd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c1fc62c03f378cea5a6ed59b00019e98

SHA1
51d194d754477a7f4e954205a1f5072f9c727625

SHA256
854279bcc800ac8b24dc1608f25e345fb706afb544909c14c8b8ccf8ae49bd9b

SHA512
3df3c0acc42e3408ec75b88260a25baf3daa4cd134d237db22f7bf0277dad514b3c5669750411b5bd74b43659c45fbcb12b3fd181a352c2340f015e37349102e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
01f45847cedb1309b735ae19217ba699

SHA1
207e4c23fe2fbc589a6a5916ac6a6d2f021f65a6

SHA256
f3ed88b3e34c11c3d8339390c5b7cde49085d334475fe51874f47b231af88b29

SHA512
489e62d70c3aefc5d2c8e77cfb018c3624ee3a5c997dce78e0bb0c1ac34861f573747a5469cfbd955d63dd7ce5078614304a778020bba8eccd7fba4b787b3130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
fa5f7df6cf8d7f5eacbe773812ec6985

SHA1
fe7c4a19db8f023fb65a2c9ec9f770198499068f

SHA256
b27ccf07a3f1f57589415a080e8172366b6043b1f7ae092ef7863c922c81d4fd

SHA512
9a2467882115f31b68ac9db17d282003650a854d11d4c80430dfaf662befd99f4f43edac8c32b0acbdc7d754cc57b0a028b76cdf45cacb6c6be7001dc66545e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
77aa316540fa8b4a41eb288b27502a85

SHA1
12a422351e6eef419ba3fbc597e64b9a277884f0

SHA256
00c4c41daf72daf2cb7323321d1d26345e0eee9d453d9c3b92688cff2084f79e

SHA512
4cd3771b560ddd361e92e9a9b21f72889f2f39bb8777413b5bacc706a66767755c5019d04afbaf32df83d57c56c7b0599456fbe926db73f9aebbfb6c0ec5bf43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d2700f476b6000cff312f737bc4b1a3c

SHA1
ad2ba30b0a9717113d78ce3b15eb5e05baff46bd

SHA256
0de6357b3ce799216b61ef8064244a2d513dcedcaad9b2ed3ab9a269432bf915

SHA512
eb556a04151a415bfe56439b939d2c581802aded0cd075943609d7b17c32227467cd835d38deecc64eb610f2272cbea2c493c35603e58fbab3a7f3f25ee8d630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
279326e96b647439f14f935961adc25d

SHA1
2ab72ef2e053f91d4d94a7e4699b23b6b80b3025

SHA256
1486510f1c8049056f4cefe3d4bf59a7a574a6095f8d3bf639c408de1b123305

SHA512
dabed7f9cad4855bf229823d82d493a48a489bfea39fd413ce7e70920d643d414448b19fb2d68538272700089edb56ce68867cd2a0563d30b5b49fb4cd8dccc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ded794533ec9475bded27f1827ecefa8

SHA1
27d07092f825d101cc02504b624203e1bc065628

SHA256
9dbad8495bf593da3516247e187db753831302540ffc38fd4b6e8bab918b8539

SHA512
a32d0b0146659f281e3ea6a8c5d8f158b5bf10324db078d056f70d7a60d136943803bf856cf7cc079f2a1605507ab574b0020597976749d12dce9642252e67c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0cf4eabb0d9eb7118e23c32dbfafd196

SHA1
f75f1b53d723bacd050bb5a328b2baeed1e1bf7c

SHA256
461e31f02878b977396df56469f444ccd805e048a2ac59fe5529ba19024c2114

SHA512
442391ccc3269362e8e667eeb842dfce9b571706cbc02c2a975ea2f5ec0b72ce3f58acd0c7913ededcc2f522fb1485be1dceec67ef0f623b3dd501700d8a0c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
40816f26526a988785e6b194de0efd12

SHA1
af3a8a5685d7aea42b5b519d141301057afde175

SHA256
544041523b6d0293a05d5d044d8fb063f1142ab34938d8e4b785b9cfc1a8f808

SHA512
2a92926730eadd4296fcfd9f59f3c171c3b04ab70f7a4b622ac2d105f2002fcc361b6a7794066d7ea553f6e8755804be2077852c7ab5e047d20e8d32b98e0626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ff50fc75041a3600ff0e72d95c33475

SHA1
017a4dc4cc48345671749b53fd6958c6be910088

SHA256
d922e6c57a4c8de0ff55fe6de198c1a1fc1f3055a56513b50cb38aff8e698660

SHA512
ea20e5c19024a1b3d33983deb243214af356ccb92e35eab561d78b9262e07aa4a4c660f9868e753b836e731fbee7600da728494c04111356e7915afa618ed790

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f79f17a40cb7ff60dd3a0927a8f51937

SHA1
3631987ff80adbe4db93d4cf49bea1f5c22fe699

SHA256
7c0d4eb7826972e8614020a6dcf2059a1c33dc5cb1aadc381d1370d5150f94b1

SHA512
00c19e29ee98502792fc0e208376f0d00ae9a8496fa9f86c18546bcb0d0165a090f77ce7b1de1d85c80400eb4c509030b6e24d5447e4cff3c6c58fd9e65cd503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8696de6b7cdedf75838d7f99b2f745de

SHA1
4381567753763607e50fc64bc6759fb8108e90c4

SHA256
2c0c74732b62c9ace54124261c0179c1425f6020c834b4fb3b3cf4a617fbfa09

SHA512
c658d56d16b5356eb0c4a2f5a6c04adcc3de39cb3d38094fca8eaceb597effa98d1457c33cac7c9982009a0bed60e034d72012bb4406e3b58d5a0a8d858ca2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
899c2b78796ef8e01044f2eae4727211

SHA1
5c801e68f7e2c9c4b1b2226920cc14f4267910b8

SHA256
026be99ebc961b3149fdca0b71884db6718eaa0fa9dc8e4064dd22a78b0888a3

SHA512
27e19e031acf9a9750454294ef83d701c88270216ad15ea4c3361c78fb5059c4eeb721cc92402d2c89badcde171734af9e8cc510f1d90b6c7c0b8e302af49ca6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bed9a77a-f56f-4c44-9a64-ffacaf01df1b.tmp

Filesize
6KB

MD5
d1e40cf8af002c5df61fe77626b52743

SHA1
cdd24d95c6f4cd65aba31d27817241bf67e318b4

SHA256
2c09e82b0113256f930a24ffa5f677f00e5f71e741b6dd9886cf977286bc7f0d

SHA512
5a8010981005a31cbd2c2a5178c6d90cd235a684d11d0b18a2f088506df2bb998384c5eb855ab3b1a8a334ae9433d384dbe74f50d6c7427db897ae33d17709eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
288KB

MD5
23460d75327119bce5f2b5272c9c5484

SHA1
00e1974107b048e454bf7b1bf7543e94587afc64

SHA256
ab3d185cce10293733a579970549088fc87699b31079ff2255e3b5fd323bb453

SHA512
4e7deb2cd960bedc6dd2b59c4adbe1b69be52157fcdf55f92e23be0183959f8f13a889d699e6b891c8b50fea9ae9cb5fc58c943e4d1081fcc987d735ca21a48c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
9c8878c9a8852067f11523c70809152f

SHA1
24866fa695b8865b6fe118ee3b8edd08a233f8a8

SHA256
0aac8bceb6a7967041ddf4ee8c685a7d4afd254c647030aeeaca98c8a28b2a8d

SHA512
e7e90eb260688c49297ed82894e8d6d133a3939bb1d6706b9aa9f67cda5d63c9b72fee49941d0179fb1852fb1f452f665b6d2435a93281db9cb2b7fd410d3c95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
288KB

MD5
e50f236009f133073737392fd2b21b2d

SHA1
e6ff5ffa8a0b0cd3981451d8dfa09514863c41b2

SHA256
27a9ba22c14a089c8bf5d72e454372b20b08b86d911f2db6fd46f0b1a863474f

SHA512
c0b3e655a4f538a40421f2850638b5310cf41b2e16831c3f6d5f2b9d42d15992f22f08430d90bf69976a585188756a16b574a179dadae2da809aff326b3037c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ec70c19c3475ad7e2708aa4ef9338e85

SHA1
abeedc64298e22ef8d0eb0fb9143362ed114b84d

SHA256
b941744b54746c58528b0f9536e7cd6fac7dbbe89381546e67146c01977e4c86

SHA512
32681f6fdfc3644d85b6c95736b9f9f13c018ea2e62e58c0806813aaa7619117ae35036e3dfbf23292efc8eb79caf83f79c14757a47750093b7952454fb1c087

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
73637b94407b5a2bfd9a8894e93f4dc4

SHA1
a64bdc74b0a035817a5ffc8e075cf73f75aac4e7

SHA256
ff3f0b095b2b05378c25509d5cb20cb5e7945a257361a3462257f1a59bfc8173

SHA512
53be37bad30f24a0ac57d0c4cc798a53f4a0a012c4e1a0cb86c63bda3ed51c8ef1ab440fde8e4072b3c405de0563e3b816446557421e17ddb706f8f81ed95c0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\cache2\doomed\19174

Filesize
7KB

MD5
0ae41feb5fedc70099a754fb793baab3

SHA1
535ef0844731c85c7ae98584478bcb24c208f5ef

SHA256
96c6ce1b805a513f22721bfc1ed361fca1cfadbe370ed5bfc57d95fd4e5c54cb

SHA512
860b2c332206e63d082659301ab5176ab22fd8c5d1a95d3171183f5851dffc619de289587712bdbfd37549b4f8a51a92eec46bf238332bfe60d5fec3e71bc0e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
87adb101154fb316908184fa9d76c140

SHA1
6084b58b85e49c055acf0909132a7362dcc325fc

SHA256
87864715948feb400226e550575b9f574cae549e8e8ab47e7dc841ead7a9dd5a

SHA512
94efd9f8cda72cd8860e3a0abd18d8b83405ab9d9c445b929473ba33657fb4a58b5630df5b81872149646c8d62d659bfb29f3355429ccc45bb96535c2cb99f0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
906cc91a5892fbf2b9868c88deb7ea0c

SHA1
25b5498a75f92eae47470d9c4340266c6010dfa2

SHA256
59820d64741cdedc4fc518dc37413a0f423d4f1168fdb7c52f164f14e61ddbe4

SHA512
d72a6e796918b5d9a238372a8839abaeb708f4380b2581df3d06e58dec34d9cca83c7954674b280983ab3fa9003fa1d0c80b7191a52d6a03f6a594cccc2b881c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\cache2\entries\AA136E647BFAA27F9988A196E49455CBE737AB78

Filesize
50KB

MD5
f1b2d99a415e14f64a385d16ed0bc1af

SHA1
d687cda5386279318a83edb4a39e40e15ded617c

SHA256
d662dbbf4454cced55f8a99ea092f80e0a8acb64c97d7d255b24df6439f11ee1

SHA512
32a39334c949d8dc26e33ed0a4ddc7614ba459c210ae33e36f240dc883766e70182d4ddcd17fb8046d0591f0a3d959078e445c977fa94b826bf2736b335320ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\cache2\entries\F334FA30C21169644B483FB89A342D6F58180ADE

Filesize
190KB

MD5
c34309ad1c0e5554fd9ff6a370a523bf

SHA1
d1df382da711989dc3d2b2a18fa5de56ad06cc66

SHA256
8725bd9b36baf7614e6db4b10ba23400b0fecdf0d20d084b38b6d394dce9b3fa

SHA512
653ec08fb95591b15c549b640b2ec7b4e8fb84b36ea1f7b298602df79bf8ca77f45f5f01d9bdda9ebfa1ad648f6ff92d11bef13b153d1a4a6dadd9f505c55a31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
8f10daf5527f0bef98a6790e463fc727

SHA1
7311e9058b86b6a45e5f3f4e21a6aba3d06173bf

SHA256
d62b4fa2b33b7a52ceea17d3dc81285678c8f4e8589cda6f486c8f931b194f57

SHA512
2e602d715060bf41a0b55c649d342629c87d490bdc5534bf072e54c13a002563f3a92eca7459c29affe26222fecc4b745798a3a51d7f1f84bff1e01676b88ba5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
0b0fbd0e8a0ee1a0f7ae1f1fb5e91754

SHA1
89a616f2a11e162db448eaa858d6b69ac7b2457b

SHA256
476b08f90deeb77f56977ecba4772dd0927c09a660b6986f553dafd2efc99ae5

SHA512
af062fa44bd1de485471159e0d5cfa9ce3ad44183e7d7be9b2be532fbdb46a2a3ad186f06dbb1b13978416a917bb8129f78eeab162f1d9a53b5b1bbaa47ef399

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
099645013543a6a4a64927239b62e141

SHA1
9f27e0ef22f88ec0e277d25d8980084f39fdce19

SHA256
bd93111df493041e0eb23a0ff9598be8262a9f8f91e83a06d689e1a8918a0695

SHA512
41d1015dcc5e1700507a2477b7ec8fa3407f3fd6f0a67bb6e3f6d00d9076ade94ec136e2665a14a9447aa07523ebe99712989bc4c416105757bc3821ba009e3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_aaj33has.gfi.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Cache\Cache_Data\f_000005

Filesize
44KB

MD5
faf759efd780c5f06bdedc38aa902b04

SHA1
a77b1078ef3837fd5620288f1c7ed9457ecc4939

SHA256
5e0039e303461709f5b50501cb40591e7d6ac977f34abb967b653141de90ddfe

SHA512
52d1011f1c24f258cd3f55ef31fd3ec15e2129057cc29c7295e65857831283ddfaaa62d6b11741a516f5f1bfcf9bd4bd94d8a51e9d55fd01918016208a7a9360

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Cache\Cache_Data\f_000011

Filesize
112KB

MD5
0e11c24818e575a4768efec0b1eeb5b4

SHA1
54c0f2ea9d67de0c53a06d8d5897b0c303f80a89

SHA256
04404cc80033fe830769edac31b7e83dfaa66c76c8ae413e9b046dd0b11c901a

SHA512
2a556ebbe39d0a31667a0039eed814f0b046f5336b2b3bc3dcb678c8d203350b250bf561832ade4e60de7472d630db713ca110fa70ea7b76677cccbc78d3a9e6

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\f1e16e1e6214d7c44d078b1f0607b2388f29d729\chrome\js\index-dir\temp-index

Filesize
48B

MD5
3dd4586cc471a73bcb088f277370b736

SHA1
9df93ef8de8d2cc4a62fe2b69bbe53334e84cf39

SHA256
ef63051cef0966e4b61fd555cf5ed9f221447efe9f014fefb973628d6317fae7

SHA512
1581cf0f0ea364d0b45a4aba111ac59a3fe17e140fda012077a8323abd0904cfdcaddec46a541534d8d5fc1b0eca9c3bcfed1c16071e013c932cffbe0b6c45cd

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\f1e16e1e6214d7c44d078b1f0607b2388f29d729\chrome\js\index-dir\the-real-index

Filesize
216B

MD5
1262015655c2cf025e83e8720b6dc36f

SHA1
4d4385b4f8ef1c39cac0355e5d65417b5aa32e6d

SHA256
1f63df001301bfe3beff0ee44ebfe53ca2fb3fdc155e26ebf7e9098943946749

SHA512
7d8a5cd6f44e00ceb4c7ac5870400a3609059f9730f093e4ca99113ad633f7eb2364848efd8fc68b48958413dad4915efee3720f7f904c8424b8002f606ad5c3

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedData\f1e16e1e6214d7c44d078b1f0607b2388f29d729\chrome\js\index-dir\the-real-index

Filesize
216B

MD5
98518a3c9f92c2dc099c85f627e9d6ea

SHA1
6b7ccb809ba2735564c5253925a3445e4dd4d0a0

SHA256
e041d5df606ffbb3febf60efcc7d3e1cd9e0a3bc8261b504caccbfe72c1e82b7

SHA512
b67c7dc4a113ba97026bcd20de26af8da7376f70cd11d8b108aa76ae064037c6f20e29023bfe2169515025653722803be58838c50b2cb552503de7897a9e04dc

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\.0b230ec1-c99b-458f-82a5-0cce850367fb

Filesize
344KB

MD5
5c51d554ca76736d3b0332b3f32c15f1

SHA1
e4f0d0d2a8ea5f22a2655e174ecc9f9756e98720

SHA256
7b12b27e00a74081bb241996453c01b88d45815bd58bc79c1a9ee15adee41cb4

SHA512
2aa636c1a8f7ba1037ccc8617b533caef7570e3bd4751250d739e9f12ee93635db2f7df57e6d43e05205b5890135f2cada7b73822a0f1dc8ff1003bafeea1fd7

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\.43bfe7aa-87b9-46d9-a6ef-b459d0ea0208

Filesize
27KB

MD5
de99267e3ec9656a30970d0470f749d6

SHA1
d27054bdf69feaff1444c309e0f05f7204478cb0

SHA256
3866abf9d97e7fae92bfe6805db1241e45a86b6dad98dada2e56a0d205941bb4

SHA512
73e124df1ff484a2f71eebcff55d159b066e71bdd0ab7d7309ba3c1bfab5217e5bc6147ce531bc0e70e80dee5b486da398eb97f6a39f9cbc7b565bcb5f025302

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-python.debugpy-2024.8.0-win32-x64

Filesize
6.1MB

MD5
7449bdfbe876ad28d56c13d25caef561

SHA1
66d18b50d4fff3dba22755b254b359f63ed6bda3

SHA256
e54f494da650c609f02690bad38c74c390735a54ae3ace30f371ecee750ec9fb

SHA512
cabc1839713843e6ba921a8bf73d03249290bf33d70e4ca5cc96c66ca88adccf42a3efd9761966d4d32cbfacbbb5a7dfc8c41ad2f6bdce9255dc8662ec4caf3f

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-python.python-2024.10.0-win32-x64

Filesize
9.6MB

MD5
bbc604054fa70cc6141ebf961980130b

SHA1
7516a91c753bdb814b2fc8b7ee922b5ad050cb11

SHA256
37a7ccc26b6d3af3db380b5d9d375767dc12ec49d07aa2c4240a945572be7bae

SHA512
b3f9cba893312d20ed80fa239f4454760c4a331a538c1d0264602fe5d51404524626503f1118be0967e583850501a5eadbd68cbf8bb3b5e822e5c15b047c39bb

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedExtensionVSIXs\ms-python.vscode-pylance-2024.7.1

Filesize
15.7MB

MD5
0425af71599156d0adbfb8f346258313

SHA1
6b75b33ed6fa0c24dddf90c9e6a70f5186735cd6

SHA256
8617aebf84b7f7d2a7fc736f68567cca76d1f74791e19f8dc4d79fd13f6b1aad

SHA512
32cfae6889901fc630e0a5629fc82b03e78bb4b1aaeab28e455234e0a1f9bef682d8b3e339e6537b7ae97f191d28872d422b50aaf2d2626de6608d596b909ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Code\CachedProfilesData\__default__profile__\extensions.builtin.cache

Filesize
764KB

MD5
481504285337c618a49dcd7cc40eaf5b

SHA1
a023444936c2920c8efa8e48e55c53e51ccefc30

SHA256
ae0413aeee5ac5ae71c1a0185a645514ece3d03aa2692f60c766bff3e8ac91ae

SHA512
2b5b89421aa4e09b13468649ee18b30b36cfaf3cf3a3410a5550d9d10d4c5a44f6037151c193a72f7402a212655f171a11b7a0510b1f25728ae6ddf3188cb0fd

Download Submit
C:\Users\Admin\AppData\Roaming\Code\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Code\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State

Filesize
1KB

MD5
1aab46d958fa15773f6631f2b77b9025

SHA1
4f7717e054fd71be7ac78780505e743f66de78c8

SHA256
c2ff94bd90557c83e1d7048b377dcda8635e6b2e85f9ec054cba4236ce818294

SHA512
bf10b66a4d94e259693c8c06488a1396ff905b03cecad47cf9c7a54a50a5eaa3df0e44701047a379850ba69dd61d8738007824421e3fbd6a942e6f2538b0074b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State

Filesize
1KB

MD5
ad585dfef589c6c6243826bb4ed3fcf0

SHA1
fe4c0daedfa341e727fbbb20574c9bbdf88abb91

SHA256
31c05ff85efecf2d8294063d7cd2500e99ee047497426e60d30aace616cbeb2d

SHA512
c937a1b6aa26611c66ab8d038a7b0271cf7d79eac0279283779d87d56ffdd6da724237be297e61c1d4eeec1a589a46c005c2c6e3101a994ee72a6f4d28a170ca

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State

Filesize
1KB

MD5
46f35d694e5f689d9207b7dec7e72326

SHA1
9d683037289526f3acd98b5243b66ad673349764

SHA256
156c5114a8b888674829948adf0721d0cac0ecfdf20f919be5a3134e0a38df7a

SHA512
cfd95b6dd473dc0db9ef053adfa74b868fcd618dac8cf0f715a8c2685b6641862b489321409fe488af80d0e4d87edfe9cd9620872d0d010971f44e8627167c9e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\Network Persistent State~RFe6898d2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
1KB

MD5
b3e79e17d3be2d1a9b21edf66e7368f6

SHA1
0f681b71c723e74655386a4794ccd30e2401013e

SHA256
e18f26135d00798d9546ec5d4d13d2dcd776a0bfed26cc585aefc6f080f374f5

SHA512
a8d6ab51dba2e28c8d30b841d4e885a8a0b68030fe72c0ca0f5a4bff623a45be4fdb0fd4d007a487ea2afc8b3e9d08c86c0ac8e6296a1fdaf11afe7ebae8b2ff

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
1KB

MD5
ac49f1e5638e7a2e1edb6600fad522e6

SHA1
ad26228a5fe556658d96ab04c70da2597430820b

SHA256
a4eabe311469f9cd37d8d2b43326e4969c1e23e810012309ed5957ddc41195fe

SHA512
d2ce5786d0291059565ed341fa705187fd6d595d4fbb545e03583231a705ac0c5bb63a5a133ddffb75fcdea5f23828c1ca3c86a849793b7088f9290b57d741bd

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
692B

MD5
73509bab005827bd5b028e8bcb9356bb

SHA1
bb6146fe6a2e5adae49a9bef40c6839483032a22

SHA256
858b3a38f4b7a8aff2fb2f4ab3e31639174590937b92eeba68f6f6f86cf46411

SHA512
0c449392f29940682bd40cb3d856b61e4841d66827d080762481faec0c01c0be33c7a4a2f01906ce1481b948a6a5633a88991bfe71cc5a340bdfb7cb02c96ff0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
1KB

MD5
8cc2340c67007f14198056cf8ac36d25

SHA1
42b8631751e6e30c27dabfa7214c1d07c5b021a8

SHA256
c86578c8ce003d00ee73ad777d195be81a788cbff8b23c8c60ceee2aaa9d5b5e

SHA512
27b10714cf014e8c67d9c9573f4b9e5904d19c2bf46ef7a7e4eed977ebf0ff131e2309c9d072627a8db5626a26aa7f89d79b06a1e3e74221c1d67e2077ce6ed8

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity

Filesize
1018B

MD5
318471175cfa184005b43bc8bbe4ffe3

SHA1
056b8d1beb647e38c8faee7202f50725e00bac94

SHA256
30f02a4d933f5432dfadc3c00bb7b2001aa91f0c02c3be18be14f8c06a7afcf4

SHA512
58033647664cf0e433af5b306300f1afabafb352383f3762425186eaa3661a31ff9f527c8af2a3bfed19e15d7b41396b751d2db55b0ed6c30617a7dbd39718d0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Network\TransportSecurity~RFe680bc5.TMP

Filesize
524B

MD5
f1131b7f8864473590aed9487e64a4c0

SHA1
81ca8a58e6d74188c0e2469e73071e059b7ab37e

SHA256
a098d3f545c1ad3b8cc9591a6e84db658d3ee54f942a0c705f2afb54d35c4567

SHA512
f1fa2099a892fec65b53c863c2079dda2fcca42f2feb5ba6053478d3fad204909811487706a791a5cdb65b2e1b1c7cd1cab2ad01515df7e76f565f7025cf235b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
541cb6eb2c956b380047a025358a242c

SHA1
bbd7e125d5d450f0d77d7a0d398c141965333ca7

SHA256
2bb97b69329c75bb88786283db526a9d5a6b8c86b6994ae7d76523ad847397f9

SHA512
626ac9c671918c14eaba791a83106457abf86c597ecbd7459faf562f5e6fa5bbccf83621435a6cb407ae143df3d6d21c9a86b9518efeb95d03f1b834b1b1b68e

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Service Worker\ScriptCache\index-dir\the-real-index~RFe67d7a5.TMP

Filesize
72B

MD5
75a6dcee1d90d24640438e63b9c50927

SHA1
ad5cad7fbb4c7a3fb8b06223493537da7eb1b7c3

SHA256
ad207f3a5d02ff1ca9d721bce2a290d08326b7fb4ee22c78130344d5ed9a7017

SHA512
fa50b50e5ac9a39e0dad18f15427336bb58859fd7730e6ff7fb8fa32bb1d68da91df92a392f90f7337877e050445cd34e9313055c401b09b401078451796b1b9

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Code\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\state.vscdb.backup

Filesize
148KB

MD5
fac28516360111f24e1cff9c7971c28e

SHA1
0df5c839adb8fc8097a71e1c206854677f040b31

SHA256
ed7ba9c1f62948704236c28c371c275df8275eb60455121737c9486f7b423163

SHA512
40e84c851d6f817f295d5ddbe6904ae39290fe2ca4109b092f71af0f01aee37594a1d5d3e2efa1a508dc9aee500cc478735cc1bb3009be5f4cb2eb82830c9ca3

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json

Filesize
687B

MD5
f9030308988f9d223b474ba2f2423280

SHA1
3d214c6ce24f3dc0406750efe688261f7fe1a8bb

SHA256
9da7e87547a80aa2c8fffb800687686b787ea5ca87473852fce384b966a4d777

SHA512
2c9ee77ae091fec152469be06f417bbc7040db739eb66da63a9dd1ec59eaa9c6d6aa8fb20e399617a4ef3283f9551d55b5aaf4a3ae67e7ab6703d1adcb6621f1

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
f8f9ea3956c133aa67c1047440997445

SHA1
3b926b901579d7f3d0ff99f0e7e76587117b51cd

SHA256
22e95f38d9912595571e32db826b4274ce8250e4c119af0565320af3df171ea9

SHA512
8b4c31f535aa40136b3ffebc44bdf3bd880381c8f2b85dd0501f193745b704051e8747f34b62fdf8407bbbc94c959c9097879e4a23a194c064c9a6c143ae6407

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
1cb3ee10a223884905b73be0f8366288

SHA1
b41df737e600b139de57ad1452a90dc383971ef0

SHA256
f4ad173a5a82f612fc93a93b135dd336d4c4cdb66b6cad25f5da4a14ff0b7a16

SHA512
10a6b44b2145a76ce94994da446d5ee61acb6962f40bb235448118986e0a910ec840fb42a78f223d82a3be94eb87bef4276adb919635414c7c60537a1d1ad2e5

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\globalStorage\storage.json.vsctmp

Filesize
1KB

MD5
aa455d37bc66d130bb4789c824df1571

SHA1
d22b488bad057885e4362472be4c25e0db443a55

SHA256
c56097e40259fa9589993f09222af37ced166d671eec61d33e2b5e5604341cb6

SHA512
4075bf703c1a80528b38b52b89a273c7d95916c6f8c440bf50b89f48172c29323fcbaff323b9bb0cb6c963b01f82b83b937a970f741f004d44b033f3c5ad4c93

Download Submit
C:\Users\Admin\AppData\Roaming\Code\User\workspaceStorage\1720877861544\state.vscdb.backup

Filesize
24KB

MD5
94cc5ac2ea785e14a34390b34e627b61

SHA1
21bbb6d764e588d6978b61c5820b2b21a4d8517d

SHA256
8c5c7ea39cf816f18376021c6efc09871b705af5efb20c5e6ca524a8daf90589

SHA512
0f22952c27ac233beae0af50e368ac8e5deb85bc3413c5c275a4a57824503133011238128301aa91237b31d09d7c6fe17f1e1bde3551d7ecd70c5f3912cd9ac5

Download Submit
C:\Users\Admin\AppData\Roaming\Code\WebStorage\1\CacheStorage\5da7b126-2140-4ff5-a9f4-6dfbc6281a15\index-dir\the-real-index

Filesize
144B

MD5
a5fbaaf9593f60e2aba4dcbe13ab01ea

SHA1
0c91660746fb45cf07c40fec4c48782cea5e1735

SHA256
54851bcc6507f254578ec552bd574ad78ea2c7aad0f2678432a3c38b1cdd3985

SHA512
eee9818f5110f012cace102b300139a24216d7427295f07cadb535aeb0694cd06586ad55e2209e8b6a76679939951b3d3e847fa13d7544549840ae67ad9878b1

Download Submit
C:\Users\Admin\AppData\Roaming\Code\WebStorage\1\CacheStorage\5da7b126-2140-4ff5-a9f4-6dfbc6281a15\index-dir\the-real-index~RFe67d851.TMP

Filesize
48B

MD5
1e52dba9cd26b9bf3dc81091ff26b6d9

SHA1
5b2bb448b5db47d8899515091ffe36f2edf0c5e9

SHA256
da4a10797924a762412bc6427eafcb2536a3fe1296cf9d8fd416795e3bcedbc5

SHA512
e8e0dadb813496a00baaca7a02b991ee5925751407cdbe171e18eae0ce75f38ad5957803df072c45e973ad174e9775a31c780e0c74b4b998462e5be1a7b1b39c

Download Submit
C:\Users\Admin\AppData\Roaming\Code\WebStorage\1\CacheStorage\index.txt

Filesize
247B

MD5
9550bfd76b0f29793185e99c3a9a3fa9

SHA1
4958bd3e08ac93ba4b2c06f8498d3eaac4a99374

SHA256
d47b0c781e41293517117d981336789c87f3e9a347ef9cd477eb3b19d9bd8759

SHA512
b92ae6b3f05234a1af9245643055f9d6eb1ecf8543dd6666023a36f42353c718cbede75e639b9c80d0198a3e520db5bea3287f052ba60c7e7cd230ef2d3477eb

Download Submit
C:\Users\Admin\AppData\Roaming\Code\WebStorage\1\CacheStorage\index.txt~RFe67d88f.TMP

Filesize
252B

MD5
dd9b68743666af69b3bf6bb13827ccc4

SHA1
0eb4f07bf9a6770844078d91983ba9eead2f5ab1

SHA256
e4a56e941a4864caad1ed1ad6d3af935d237c1fa5d1dc838f09c5bd7f0c12286

SHA512
8bd0e8b253b40e3b1bb1a2da26013ec67561bce8a5e4aa7913de649b45d6be89a4df0c5d19ba144276a0045d24191acdeaf5c2329b1a4a3635d7e75797958ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Code\aa412ed8-8e59-4e3f-ba2a-a5631828f56e.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1ced32d74a95c7bc.customDestinations-ms

Filesize
1KB

MD5
d5dffb3b369aec132a48da7577596dd9

SHA1
721e5e3e2a666da739760c6d9737e264cf33c42b

SHA256
2a14b74601f10c802b36bf4d202a433fdb31316e91902fd4b48a964dff392846

SHA512
a30dccc261b07aaf5ad22a8aa5a25a06b281a320f0857ecc93534355229f17dcb7735f49b2e2c86c9c9fe2f64657049da84ce3c47eb7ff0b3faf03919b20f239

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
fa664796c4adb49cd5b88d186210325b

SHA1
efe522a037da50a5e3b4b76d7d553ebe91c94d7f

SHA256
be601669e488cb167e636782216634cacbd3a660444f982092ef11ce2376cea7

SHA512
f1e88e7d7f9942d280f062f0b728ec15d6818136ae3dd1f2cf66a96ca167c9da7acbfade9d1391702f9337bbba9b1296244788e96511d84c17c635d6ed5115c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\containers.json

Filesize
939B

MD5
94a3843fad8c45c48b0e07342df3dfdc

SHA1
d55b650208bda884d573afebd90830a3f4d7c201

SHA256
854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72

SHA512
4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\cookies.sqlite

Filesize
512KB

MD5
1f27d68734833ac74629db1b1578ab16

SHA1
c615cfcbb7eb49fbdce68ada83b09b0d414ee074

SHA256
3b69713faec24fe0b8c410f7eda1a2a3319fe44392679237cb4a011c5622a201

SHA512
60b9aebe7aa0bb58965240ccdadcc8082822700c91430a274c2c8b6f4631c0a4d133d60a24e011b20c666915c053f3abdf3a461e8f587d20a98709b8ffb4bc78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
6b1ddf278c37c32037fc041a01f5b5f4

SHA1
ff760e6c9cd329ea69779022993c3d68d7e71e2e

SHA256
08606567716660a3a17b77bbc6b8e14e32a1c04fabed3186ad38089e8fdf704e

SHA512
cd75a8ac8d505bd7124c18bb781c952602976299d0480167d4f9802c84710897e642e193100641f7095e0580795a4506a1158c49af2c6f044a2d4ea52a8b3c9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b7c12aebe504fee15a9c016d8995d57f

SHA1
5069f986223b7850624df405500ccc814daa5194

SHA256
415d60fcb681936fb64bbbf2746177fb85053933d32f0f6e7b878304ab628d0e

SHA512
1451aa1d259b3aa5a0c9df4c8c44e31dff6679d790ca01db2f090d09246669a4fce78ff9ddbb326568c19141a87b3c14bb4366410c4cf36245fc2c62f8929b37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\datareporting\glean\pending_pings\0d42c324-f23f-4027-8545-eb71c019dc0f

Filesize
656B

MD5
e0bf7bfc1cc209a9a47aaef1fd6417cb

SHA1
494e649bca1294e2c8ea35dd92563985daee8b24

SHA256
e0e18e375e465efc1e19c2a5ba912c2022142dc9a837b01e67c45de33e85f9d2

SHA512
067e62e06140e55659afcb8a231df2594b783f80caf07ae4ed01793c7949a5959ca1bd46b6b76b2c398c319e28cf2b756abb9e187d08ebdb9c010dfdad1a15ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\datareporting\glean\pending_pings\8b638af4-caaa-4db3-9d68-f3c2096f74df

Filesize
791B

MD5
6bbc2e00bc71b547030f48f98931cb9c

SHA1
b56d202c40e766ebe745c333521b961c57411cdb

SHA256
154e46231db7859f961904db7b6180eac78c6cc4f2ce7901b921ba595d9c0edf

SHA512
a99eed73f92774b2b676eed5a421c9017ce6e7a786e453c50561712c8707dd2698ef165f8946784dd184d8da2a8dcadaeaf015b4fdcc7e5de62db1cbed456f2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\datareporting\glean\pending_pings\8bc2a239-602e-477d-a6ea-b8084b727172

Filesize
587B

MD5
14b27a2b8359f695fb1fdca1a3990bc5

SHA1
f0702fcb2c170d8652061a9802c5a6fc97315fbc

SHA256
72af98115551f42d6aa89363a692f9213d376e6c129f3e81f530005910df0a9d

SHA512
fab2f764f9781b2b675feb508dce640dc7090085240d91031af1f5684addf83ead5a46ab7502d7eb025e17c02b3c409b8e8c8c06b2e709d781baca6d7bd462ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\datareporting\glean\pending_pings\ffb99111-fcfa-47c7-a2a3-5d766f555276

Filesize
1KB

MD5
f1b214cab3496ffec6875cf5841982e3

SHA1
0028cb440f342a3655a7378aa813f76083442896

SHA256
5b6f71135957d6a3aec66e0cc733b6927b2f9248b6a4b7ec4e206d1b5f80a6ea

SHA512
8f835a2c3bf4994191d955542cd0d340f79479d6fc7e1330cd7acb88f6ebe5da1a4d9c3ff3b98c8d6d2197db43544f3236200ce8fc59a415fc143d23d98fb07d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\extensions.json.tmp

Filesize
36KB

MD5
3d92edf46c52ec29d0636354a247bd07

SHA1
6c856e88625b6072e945e318868bce79da516b3f

SHA256
f0b0a5d2cd154901062aaff107bf70cbb453168cce5a93255eff0a91c6005f43

SHA512
db0b24b4c7b24e8c63869e0d560ff71733d2bfe123c4ae471b7acf8aaf7856263e33ce3e3b3f34044c0cb878aa2423102b597edd9ca84af8e0f92c7a1a424daa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\favicons.sqlite

Filesize
5.0MB

MD5
fb93dbba8b2abbae04322bbe5f179a7e

SHA1
6bed2b36654317e0ae4c1d3f6d773a09a8c15183

SHA256
a491d6f3aaa27096acb85208d4c1c7baabcdd04273d561a9b0e334dfcb79c19b

SHA512
3308143d4e26a0315ace9d289e0b4fdd91f0172b1cac3829c0981a184ab1789f28fd20b58e66502bd3ec71517303353b15fe1f0e50d609194f18b20db007e5ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\handlers.json

Filesize
410B

MD5
e7a65c5ead519a7b802f991353c26d3d

SHA1
34cc3c1cf9bd4912dba5fa422010934e46419fa3

SHA256
0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

SHA512
2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\key4.db

Filesize
288KB

MD5
86eb4121a56fadedbe8315fa21358b90

SHA1
fcfa3bc1e2e13b700b27a502c95c6b23c91cf232

SHA256
8b77f9de40644bcb81b6834ef8355391d36086f2a62adff2db46377fa95c10ad

SHA512
a55deb825a38d803354c00301c6355c2ece0981e017eef53e38051213ca5341a6815940a1722f3d10ba88bc5bab315347263c5b8bda8fd5af741ef0be2f7faa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\places.sqlite

Filesize
5.0MB

MD5
91801aa88d8fdab95b7a8a80da0d1156

SHA1
9973d3869e4eda9983c3c48860794a1256801815

SHA256
025eb942bf3fa9919248d046de820e4091b2d7e7ca3bee441b136fdaae8a6e3c

SHA512
f34420c0a722811db177c4d3f75178666ec712aa72dd00ee3cb6619f3f19ec7dd7badf27aab08db074a2969d0c71b32fb42f1993a1ea3f1e325fa31733038de2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs-1.js

Filesize
6KB

MD5
4db0fc88f712de22104820c00cc1746d

SHA1
d04252125cf08d597ebe7d747ac9ddd872f74e39

SHA256
dd63bb8d7323e3e6f840c17909852bc67c78299e25e2a86c364f173c4cd8397a

SHA512
978cbb3cedd243b15a6d91f1250bb62a1b2b6a8f37a0ef72383b84160fed6c357b2b77f63ade2a5311b70855d767fc156eca7efe5dab358d3280e187b39770ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs-1.js

Filesize
6KB

MD5
c8409a6ea7ac4f6a07f98576f25bde5e

SHA1
60be93a436f7dd64a60b1ec870a905a8ccc219c2

SHA256
009dcfda6be808f3dec51a3d3d9c2b66efa5b620366170cf953acebc2b18b867

SHA512
c10a9ebb7961386f2866918884d0eec7fb9dafcc014617d38a458fd0b7cc2d991b35f95e83ba49d44f3942794c6915f35b9980dc22b15b3a51618e9e81e7528b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs-1.js

Filesize
7KB

MD5
5719b5a18cb029ed2f082ca61451b0f9

SHA1
2a22e02f9f8a38a9f14ae5b7c8fc7f1a6055300b

SHA256
331df5f0c701cdd92fb449d3737494bd2b665e6522ec365095fe4ee7aef5fad7

SHA512
187645e552f34659d0c6d54fd57b14aa6c0c431029aba20cfb0bc5374444a4ffb797a8baaca0f3fa23de82e96dd92510dc41832b02ae839f4d9c5c315f2f9eca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs-1.js

Filesize
6KB

MD5
65c6a43a907fe9c9d9fdba5108505dfa

SHA1
b056e3c583729b2669287e12837da2df0145a493

SHA256
51d3266b7b1743dff1fab8ecaf4c00c3cfd746942fab7731d2d48df8f3773681

SHA512
9c30dab9508d37ac17c299f05b08f2e32c66a771448bdc3d280490246cb069c73106ca57395b696a1c8889ca12efdbbab7f204444b2d0b6d48ccd7ad1365f770

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs-1.js

Filesize
6KB

MD5
bac81865bf183a9c2da32ec000baa4d5

SHA1
3e6fb4e82356e9e0a45b318380b4efd7498fbb89

SHA256
842aad077de280d2418b7c25244c4116a0e269347071f8a466c827ba7df0607f

SHA512
c9edf3b1596620c95d270a5ff9a0e8f2e182b0aa7abace0862450e2faed67def212b26f857052fcc9eb63149058d1673bb5b256802d9690e6277ac277f0e0a49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs.js

Filesize
4KB

MD5
40b15bf020f9d1ed60e67b653e99d1f3

SHA1
b02064cdefa568c8af069b9b715c245781846862

SHA256
4590da8a0abfd3f557f9c67cff2ab2069955aa6b6df35ebc32a997b827daa55a

SHA512
946a00e9ef7e1a473e2b81d0611fa2f24d939bd823ad1d64c9b573cec23de332d1d0214b1298e25283a7da80d6d5f17a9112cfacf50259a92129da0c56601a89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs.js

Filesize
6KB

MD5
9dca68ff45e121db5c03f12ad0d3e2ec

SHA1
f70d4c7e9cb6e25929054af8e733797a9ed06f16

SHA256
d3d1b9eb59809def68c6c7f5b85de45b9a292e11412a37b423aa0675a06b959d

SHA512
d1ced32f4a97fd042d4f61ce191dbccf38c35401de01c0ccec26a298cb7b1c74d8cee5bde84ec6a02624d56f4a866b230590adfa35d888e2c8e678d50b2217e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\prefs.js

Filesize
579B

MD5
4975ad0a555ed22e5ad5aaaaf8100e86

SHA1
63ca75b845088fb227cc48f77ef940b3aafa479b

SHA256
191c36b735e89340fed0439669b8e6ddaaf1b531a08dd1d02245a5c648411c33

SHA512
4b529efb5a6f31b8830ee618e8858d94a1d5ed0e1452c49c578685ba7a3ff224752bb728196900a60cf10f0ed63a553a435fa597d22632af2136b1ba281c20a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\search.json.mozlz4

Filesize
280B

MD5
41d220d4783f67d2b57beec20c135229

SHA1
6e97765e77920b6010fac2cb4abf1e3cea106541

SHA256
5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc

SHA512
dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7f18b6602484820bd437e396f628cac6

SHA1
1798dd9507caab28a4cb5667ac8dac6c1602d435

SHA256
ab742d80fc921c3c722dc16d5a876e7cc5829a9d0abd7c85ef53bdb22332f611

SHA512
e812474c16349b20d7e5eb465cb15e27eb7f555c7470d299eae6c4317d5b1af95da523a587f8d72afc612feb0efdc8543e6006f2fe3d6be041c4073ab0329a49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
444468d81f14a22d9df76974b0cfd102

SHA1
361a28d77097b98959d0e966f0e78b8b112e02c4

SHA256
74a01503f98d15cfeff21f647452ba60946f6f0306a1d66cf7ae8d4b7100bcc8

SHA512
5979fdb02643d682a810036fea6e56152c70ae38587ca1cd1df05087483a15c08a2fd1a644e928caf2af36985f4e896bdad10d79794f88d3df691961c40c1378

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
f6f416cd3eafc37db1ab4d62519c72e6

SHA1
6a80fe8c12c3968235e796d14cca10068b0601e2

SHA256
83ff00dbf884ece686ffe4e33f1f948b8eedd46f626945a109e0ffcabec88043

SHA512
b788df76f6f4022f7193781e983bbe9ddd74d47dfc3314423beff106aef6ce5c3a149dc1a9a1054c10379949c4dcacb3d8952c8c518b7a01aed66e02e848352f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
794B

MD5
aca9c9dc118592200acb50c7a90ce345

SHA1
9210f68c1b8a45d7a32afa55e7763a3385cecb7d

SHA256
b08f08adaf9a3aa8d0aa7710f60787032cff1ceeb624215886422f017687d14c

SHA512
3dcc083fcaab01b9d759ebf16bb451c470a100bb412ef5a9b1298518ecd3e87856f754acb13b6c9bfd734a06d5ca77b3ea111ecfb7595b1d1ad033559a873c08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
7f96335dc2348587e653a055ed85cb42

SHA1
80b39a545fae2b3290401e0bd2a6675107e7c968

SHA256
66b7ce1807542f6a5e0ef3cbe1bf4422a68ad1ac6ee5ba996b7a84f385e61ecf

SHA512
e860526189a1bf34dd52eb94da3ba319e3865cce53594dd7c4c67ad94d2d4618f5a267d50685980a5810935b7d79dc05a6a79fdf66890c2b4b4d1e281adb5a9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e1192b4ea3efc52690c0974387a9a903

SHA1
a10b6e9a3a2c5ec122f60e9d25b95738cf9c1ddb

SHA256
e596c200825e2aac2b8bea974cb3aa32b5f1e78951f77ba73ca6b7bb707e9d51

SHA512
bf0614aac77e5af7e4bf2d754f6ce5c2b2263e897b3c6ce1fb8c345567217ad38e52ce40a4979dba5d1debb51f8546830e8b1f4f42f3995a92c28d0496b02a4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
47KB

MD5
642ec18f0b72fd9b0476737b0383bf6a

SHA1
67464f262aa3fbe6fafc1b20f89fba3e224be472

SHA256
6bb1ce264f3f24ed80f152d06ea99de1a2694d68e0953585dd6221722d244442

SHA512
2866ea83ea60c430623aed435faeee1b9cb4fa832121cbe9e0cd90d60169df5b852ad026e90ba3b3f5bd2c388266cd93698ed566ce596da06156151970c61604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
16bbbd5769bf456ab4ecdbe28bf9b6b9

SHA1
d1fff0c6de8c95171bf74ddab1c90c0ddfc5280c

SHA256
44421e340019b8c752831621a0716be243898c98109a572a20ecf7d97de33c69

SHA512
726016c35c83bd84da5505be442f0f9e32d6dc0b0fb1dcf8d01b073025ea78f14b2e670b358ec697187a1e6a7fe077a1f6fec0a90e5654ea24d21babe7e13d67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8755e94fc928eecd5d8907000007d848

SHA1
cbe2aa117da237ef3c48ceb7a6aaa2f6ef295f06

SHA256
e69f973d2226174f9ad81f69182729a41f3c8b0de06019be7f39f584ea79d499

SHA512
c549ff84a038ba1784f2ba97e039be72f51e2473020fed8430c622366ce228645b6988f4126ca5693a3b955ffb4c4218b5d1725316d0bd15f91017755bcebe00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore-backups\recovery.jsonlz4

Filesize
46KB

MD5
2ee838cccc6fb451cc02c2663bdee923

SHA1
387bdac2e8f21cf37d5c3021524d0d387698d24a

SHA256
211d4dba832404f3ef1541350d9211ec562b9d2f85879ce80587ae9ed54743b7

SHA512
81be2d273faa525984374ac43def9700c67fcdb4f6e074c68709d1119d56cfe427635f1d8810eb99d994a6b4dad1d497002b393c4276e542c6a4911594f57b12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore.jsonlz4

Filesize
48KB

MD5
6e211667a396a25f0e6cb65cfb246600

SHA1
bb03b5e30e6d9430b4e7a77dd77af08777f3a4d6

SHA256
0ee1fdcfabe1f1d95911f69c20c9e3839e657887b225705d6c611fe2680a9774

SHA512
5a7aa87895843e4008351c93c315f4a55378a98d39de720a44ae3207e70caa23544f61980bf28c7516ae79449f94b6a5b4ead6d03d27ed79e5b7dcea32f476d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\sessionstore.jsonlz4

Filesize
266B

MD5
4fdb7f9a51ba177262d07d38c0238915

SHA1
f12c5a74467bf624164ac77ab7af517ce46ace8d

SHA256
a641f5701e0ccb2fc22a9f4323c96d899db4397fc08c63fc5de852d9aadca9d7

SHA512
fd0e72672b280e9f362cd8ba4a81c795fd741163020cd2c62a104c3f8e006883ac592951db85f364f3fece2d9af386f635b93ced301e12b4418e1e0a7fdd9c09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\shield-preference-experiments.json

Filesize
18B

MD5
285cdefb3f582c224291f7a2530f3c4e

SHA1
f816c3e87aa007b6e6d31eb6a4618695a7d83439

SHA256
704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05

SHA512
8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\q0dsj08k.default-release-1720877501323\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-wal

Filesize
237KB

MD5
a315a88c9b3e1e28d1f0ebe4b899cb9b

SHA1
e9413df6234e7ac151ab48d968ccdec5d2120c92

SHA256
02d1bb2ae701867086bb5d1fc3f71b155ea2fc9e903d2454ab7be67a0cb01ef9

SHA512
4bb228c46186209d438d95109eef7ba3b6ed33e94520ce7dff6508843ad65fdb171d06cdc169a1c025efce39610f9285c360d08b750e7698f7800c1b0488a192

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\AlternateServices.txt

Filesize
163B

MD5
d83a38bc4dbc5748e159a7bd7d0c9d39

SHA1
a8d87cbc0e82c9f621fcb995374b54db80364d0d

SHA256
e37b1b925891038271f121ae9c3237a1d344a5c227b50e5b0d4e91a10ba4eb43

SHA512
9f43c84c848a2631859b524fb0d45a43a85d8a5740f7cfc3eeede2f6942517296664947cba7bb523b1a310d9dcba32d3baa72e8b38dc99b7e3aa549924cf6063

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\SiteSecurityServiceState.txt

Filesize
324B

MD5
32d2a915b1cf5faa556938a2e076ddb5

SHA1
019eb30f6b0438f07cc1ca454a5b48429991ba70

SHA256
d43f5b4f5be03aa682db03b4981805a9d4f1d25d2253a009b066a1b8c76487bd

SHA512
b5be29d6f3f5102d3819c97e6c0851cc23db2eb032abbc85b6e96734d32060c84d87a1c6e40f531927c0327979851b22a008434ef779eb76754f98cefdafa6ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cert9.db

Filesize
224KB

MD5
d39c20119ec67e65f41043ae0dd53bd2

SHA1
8ff0dc06344eba0322f60d086f6a743f557e927c

SHA256
be69d6a4bd14eb5e946a73137ba17b5c752104d325b52c85e662722390840997

SHA512
6e300639621a66a6179dd8d6bbe31b462fc7d1f90075ea90a9b8b5840aece2bd4967196842985fe2de8cb0fcca4c4e4830f793605c3a5b0724f50d8e405bbcc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
987378fbb09b2ba33b07ca1f9574894a

SHA1
f10c73057556dc8cf27b5163d446aa89de28e0e0

SHA256
ded6027100e354ff947164565c38841eebca1ba3e515694354c13c16ddb34faa

SHA512
6b85c3ea15d9bc9d01cd15532f41a3c913e36a5a1de1f93099a41e5d8805c46e239968ee2803c71a2f6cb09beac6dc254082822b112ac41dc4b735a4851ab74a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
4KB

MD5
1e23a1c3c4e72d3b89ea181594f5fd72

SHA1
5de912960f12f4eb9fc465287bb03767cb721bfa

SHA256
fcb99ba166cb69057f672e542facc17338e078c565c2b4c0d25736a890cf1028

SHA512
9ffee87b4a47e2684ffb490870feabe834238fe675f7271906ca74fa16ae1592f354200200fab314ea1a79f9cec282f787cdb168fb5c6c438faa18cb5bdbb503

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\1d5721a6-b15a-46c2-a628-1610c1595a76

Filesize
746B

MD5
dff55b550b57c8ee6f00afb52accf507

SHA1
ce782633c4fc9dcb701fbcbd449d31088cd0032a

SHA256
49df1d510971008e1c838e62b2d808890013b56307fea7257d1a1409a2f638a8

SHA512
eb6df7415f90e5fd3a7c2168f9dbbce42d28d172f9c541a51a3342f1702028e7bb105ca0b32899ac81696c5b4edf7368fcb6d6bf79901c0d4d8ef3bf5cc55bcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\3e2bbe78-49bc-4640-a85e-0b8a7a84538a

Filesize
10KB

MD5
81fcf54526f6d439d017a0d2d73b7823

SHA1
2d9e15f5a05b2abc97cb72d964f06521e21b25e4

SHA256
ba27371b2f1f8b950ce961e43d0eedf62e380ca3338fa3bdce76937ef8a0b47e

SHA512
4c1f6675395935689b4ac449e6098d854e0ba1f1d85c68d42078266c2b3436266ae90a1507d823bf82119453961568b08e185ba99666bdb9ec8f709a478abeb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
182450b469ed3297fb214f2b4666fbfa

SHA1
99edaa81e38dd60dfb5ea1929ec9f950c1b3134f

SHA256
c406e19149c103f88416c9191df4642e41777bdac55d08eb7ca92f1716e1dd10

SHA512
c34fa3228cb2efaa20cb8f71d33b5b9beb2ec819c1b65c9c7bc221a1c19f8e8315a9388d8327e70be51d21785a32131d1da2aee7a1a62281ee54a4dceb91ab2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
451fe3e0a354384e4b0bc4137f3d433a

SHA1
8f66a7d10df152c084845d64dd207b10e9900e1d

SHA256
ba6370947eb8d4c23b26d25b6a25500fddf6c75ac0f409645266e3764c1c9840

SHA512
50886cb7ad8c48105d553c39c91c49c2cd6a92065a20f87e11a5077bd03cc90ed135a2e759c9a2b55c3efc162a56706adb487b92b925bce0896a37a5b46ede9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
ec08f4dddf75ceeb2e5056c5e34494c3

SHA1
ef4e836a4b3cea0d8004141746e72ac7a8662018

SHA256
2480a02b8ab07413937fb76875ed0cc13963abfdb393d0c4695349fb182d6556

SHA512
e25df301cb776249ff7a99b37010e861b7cfc74b1db6adb2391b239761e992ff410b2ff23a668d1c06c865effbe95453b8fba27607287d143f6f62646b82d147

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
5cc5452162ad1aa8ecd2021ce80a4bc7

SHA1
fce659a188ecace76bce4c618ab229635ad2c8b4

SHA256
6a97836498f1ddfa1a8f025da6781585e5e7be348a7a2df1dd6f0db860b23312

SHA512
3ed9920d5f33656dc7894609df14a621c782d7ecc62a3da457f4d73ecda2fbd0129b603020faecbfdf7761abd3593ed404a60a0e0221d4a8c9117a2e57834f06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
C:\Users\Admin\Desktop\CompleteWatch.contact

Filesize
832KB

MD5
216d309cbac6d978250ba568268d9edd

SHA1
97b8c34f0761b864b17c726cd9ae595157e55e60

SHA256
6ad7b8cd3d08bf0ae83c6f79ac0319fa1fe44bed545888464556c4b2a9a8e738

SHA512
ff62e8972aa0a7fcd20137f0f5322a2693126317f6ffda04332777af47502e711a704b0d450527593c4b309291078cc73c2ae48d0f7d47f224a3b9f0b1a64157

Download Submit
C:\Users\Admin\Desktop\CompressMeasure.vssx

Filesize
416KB

MD5
aa3e0276b181d5c4ce66ffddb035476b

SHA1
d5c11ac8df6c0da11f1398f971d3f6ad2b9cd244

SHA256
4d874f0d71cca53768bf02bf910d612983ba81d40076cef79f9cc16586498cd0

SHA512
dc6928d3eda162acf8725fc6f0030c67d7cb436fd3f76115ae8cd98351e34e7087999a97ba1a7e7bc4c3cd9e8d6b40f0f1802a2dc62043faa716f65ec20da023

Download Submit
C:\Users\Admin\Desktop\ConfirmEnter.gif

Filesize
226KB

MD5
c2054ac5e8b51d3a0a1e850a885690f5

SHA1
5b80f691295ee6b9d96a50dfe8ffa32c70732224

SHA256
7a2eaca188a2b4b04154c9c9027d4117db845bf4d799f8f5cb5387ee2018b6ac

SHA512
58f4e6ef013124add59debb6e644cfe50e059155531e629b9aa9cd47dedb397c29bd78c4e0d1bc1ce9abda7f0d8465f77096edd202044a2a7698b969431d11ec

Download Submit
C:\Users\Admin\Desktop\ConvertBackup.exe

Filesize
562KB

MD5
a0c2239d34f39777a3d96b818bda9274

SHA1
a336a6fe915b3e32c3317734f01845f3b0312f70

SHA256
5a3d8b69bae51257c4a21a87dede051940924fb050b8208daf3eda162b52b4e2

SHA512
2f68d719d6c3d32cd35464afbc8c3d8ee5e5d6bbf360fcb2f8abf96a2e044f0e8c7f8df1fb50a583abf0ce1b88cec845e346a231ec58632d1fcbaabf3f66c91f

Download Submit
C:\Users\Admin\Desktop\CopyConvertTo.ico

Filesize
533KB

MD5
83f55ad7d602fbf4133bab6a9a725dc5

SHA1
983c17c0f6aaa4e93a2aa71221192699519f5d48

SHA256
894b39770987c8aa773590ed55501c8843a203e2a9466ad7681951181e376b12

SHA512
dab4fdb77d546c8991805ff4885a895801dd6c0d6f6f4dfcbed2fd82a160feac40623f4da218810e257c21b174d1f9490438e02531364acf3ac4be9fc47e07a8

Download Submit
C:\Users\Admin\Desktop\CopyRequest.3g2

Filesize
357KB

MD5
dd05097f2c5294ecc88c7ee53c2fb037

SHA1
bb6f5eb2e056fddc69818e9b3663432e3e29e20a

SHA256
baaafcc6d365a3c7206fea075884700ad5e0b5046a278e3d4a53d387300da3c8

SHA512
c5d79c1d017a8141b23d7a26413ef4b3dc0ef1014ae0f3b3077ac8293618c60ec9ae084c9c1e32a3557314a79f423af67f3f538f5159fce84fe218cc51fc4c52

Download Submit
C:\Users\Admin\Desktop\DisableConnect.rtf

Filesize
577KB

MD5
45d3999643974e187b0ecd7e2115ddb0

SHA1
11708ab284ff6b381a4a287709e0f39bcb47e92b

SHA256
3c2fd43ea4d618425c2b26e9d5b45fd4537a0e94841fb8053ee67bb5f65bea64

SHA512
5bdc9871dda6ba620054467cb8c1a89676cab4655e1f6805af54cb3825718078bdf67f86a509b8ed54bbdcd60a574cb94768b9dbb24b3b903de5de190d9e493d

Download Submit
C:\Users\Admin\Desktop\DisableSave.midi

Filesize
241KB

MD5
16dd0efb31fb22a2b6039f432064ee90

SHA1
0ce82c53d33c5989cef15e376c56117895da8e73

SHA256
49c4684fa759764a36e291da985725c86c90cce85d517d656a5f507902f7278c

SHA512
1e86ccba7c4f43ffc4b88ecc59222c7141a4b41f506d6b13bcfc88f9ba6128519cf45703df89cc3371fb15a9f19d74f395fd71351101f43da5bd1baf4a421463

Download Submit
C:\Users\Admin\Desktop\DisconnectPop.crw

Filesize
606KB

MD5
c425c164f1f13828e7d7232a9dbc4daf

SHA1
005a53805cc677bd49344c81c8cb7241827dff74

SHA256
5bba36a1779c9b433e0b0af6365573e6464de896bcb06c4adbd3b1139d34d6d1

SHA512
b0a0eac7db7623281fcbcfd0ecf09c90d26a7cfc1f12726f1e8f64de9005aa20ae36723938dc530f0017253a4b08f56ab492600b5775c0aaee0d85814a820e29

Download Submit
C:\Users\Admin\Desktop\EnterEdit.htm

Filesize
255KB

MD5
a18e20227f13e2a2078bb640a90e33fa

SHA1
780a9bf12f6a47c3d0d872b78d06ce9637cfe229

SHA256
a0503a90da386312627043dd2f3e25169e65caaf6ea378157895ba0d946c55a6

SHA512
dc2e8161911ec82bc51089a4aca2f3f8cccb6f326aa307a7474375956f60fa5bda225a5ad55399fde03dc4d93cdf6d135efd7da12aeded27d52980eb843e5804

Download Submit
C:\Users\Admin\Desktop\GrantReset.ogg

Filesize
328KB

MD5
9155cd821b207a0a68b6f97e0844299b

SHA1
01068a1f0eaccf04c567ce2169b755ca57737728

SHA256
38faffb089d2fce34d0d738c77ebae524bb699bd57ccb1e526cc8ff09be922c9

SHA512
3cb8f17b3f90a22e25680e032bc201ec4b36fadf726d4b1a313f5b4d304f77a7ba1c521a7f25338f374c49fc12577aa0ec74c3f3353ab19726de902ebdca000e

Download Submit
C:\Users\Admin\Desktop\ImportProtect.wmf

Filesize
547KB

MD5
be5ce10fd48f160851f52ecda13bec21

SHA1
8e945151ec1ac42e39c90f4d5048184c7a99cde3

SHA256
6e3b8d0e182229b7672726c632e024950d80f7364aee9329ff3fc7995e1df0ae

SHA512
7e066643deb188d2bc36d18bfb5426e51c5fcf34f3acdf46e9e25a94278361f0e9a5466eef126969cce766e83abf509d900c4c76c7b6de0ae3e8ecdede242c08

Download Submit
C:\Users\Admin\Desktop\InitializeRequest.mp3

Filesize
445KB

MD5
14f2ca22f8cf721a43ffd78a5ed2f503

SHA1
b64bbb6bcfead86264f467248b87c85f89e5929d

SHA256
c69b1da0fec526590904c2abc6c8c722e7fbda737f59de3c838833244b40f3eb

SHA512
e5f3f412cd789b0ec46f625c8b0b319a09a762486ccad7280bf56389994a07486e8e99303e49727ee1c8775abd0d516780d7dbb8500a94c1378c5773963de4a9

Download Submit
C:\Users\Admin\Desktop\InvokeConfirm.3gp2

Filesize
401KB

MD5
7e98a1eab7f5cfb014230e8fac6e2683

SHA1
071bec08f5269495aa687ab25602996d8865ac6c

SHA256
6ec283c422d4f6c24957a7bc728b3710e07d81ccd6bcef6a73066c7b7e731195

SHA512
02cd7c9a3bc284c9cc6ea89973163573b6381b407886ea58cc9c87578cf34c8adbbc7a9e0dc683e8384b925f17e1fe116cf7b531418d4a1c4e200190d71a4516

Download Submit
C:\Users\Admin\Desktop\LockConvert.cab

Filesize
387KB

MD5
97e01dfdc677173404e92bee348462b4

SHA1
098ed07a653dd06d4f846194859e27a7964a4cbd

SHA256
3fa6fe30e3eb0fae3d868121315d8d616460921878412b404f9dcc79ef9b3e88

SHA512
454642f37a4c1011ae51dcb481c876e887231fb29b522c430094d3ef89c222050693da1c0556d90f66d0db0c1815f3f47e227cf88720b9869a7baa7143529466

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\wtg1s5j6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
36038086a748fdd5c3341c93705e42a5

SHA1
0bbcff1852706b32fe66fc9a946a67d7028b0ef3

SHA256
123e4dae634bba98ff93ba869f11b54d098e7edbf4c0a93cfdfd6bb883952e07

SHA512
9d8f48bf0003f7fa683d566e991aaa668bdca74da20db6b6e4a59e5b10a1022bb0110a5bf5c0ae57d9396abe4d8f433c3e2220baea81df14aa37a79f520dc6a8

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\wtg1s5j6.default-release\targeting.snapshot.json

Filesize
3KB

MD5
940acb65c75d9ee8b9f7e75eb267539e

SHA1
32e9e6d3c65c732ff7757e7d4f91d17b06995913

SHA256
b1a69b28ddd2414aef2d11dc25286abc880aa1f87971bb236804e1ae71d49d71

SHA512
f468726a55fcb900e830a89e3f60f2a386a82e636b59adb13f2f1a1257acf2770623ba6cf7024866737e468c9aaa31545d7b1cef6d7bcbafb45b5dc000482a7e

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\wtg1s5j6.default-release\xulstore.json

Filesize
120B

MD5
05e1ddb4298be4c948c3ae839859c3e9

SHA1
ea9195602eeed8d06644026809e07b3ad29335e5

SHA256
1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be

SHA512
3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

Download Submit
C:\Users\Admin\Desktop\ReceiveConfirm.mov

Filesize
591KB

MD5
50930764f23b3542ffd2d5a2f2ea48b5

SHA1
b2c03aa9b617228bd1c6b3f48bfe0294804f0dde

SHA256
2a3a758084d64e0a62f2d0f250f99a0ab6ffc4ef066a61fb955b0f6af37df693

SHA512
805ff6e6ee06f272ade564371623493b84b018ee001c768c05fdceb6d8f8da25ae13bc2311f811b496962dcd0b8dc0c22d9cb3719235a984f90879bfea00f8c9

Download Submit
C:\Users\Admin\Desktop\RemoveClear.wax

Filesize
299KB

MD5
6c08bf3619ec4ce6f566bf8d3798d193

SHA1
ccfc4f17aa7e71e2aac16c9dc302cac5ecb0d7d2

SHA256
043f9007403223fac6a2015dc682bb374e2f17aa81ab3888ef2b4ef4fa99a1ec

SHA512
b1fb26b218d417ad5c412eb6f56c93a5f2ac0a16025dfab66a21210b1ed2f3eed81be6019e828073a5932f4cf41ba7ee4230279611fe0ce6654058777b9206ae

Download Submit
C:\Users\Admin\Desktop\SelectUnpublish.iso

Filesize
314KB

MD5
51a3784d1ce0deea031c42d80ee7f2ef

SHA1
d3dd663bdc3ee7c489fce437fb449ecae9800bbb

SHA256
476c742134c6fb40025fe0cfe04a210c125f4d03cbcdf0aebbf108953c421c20

SHA512
aebd4a1e0060cd9e675278e6d5da82d7d07a8ec83abe921ab9282e39a1a3fc7835879bfbda517de7afd82dfd3629c19da6d4365e59dd6ddbd9c8dc2d09ad74ac

Download Submit
C:\Users\Admin\Desktop\StartConvertFrom.xsl

Filesize
489KB

MD5
462cd7fb6c1306a535c26d77664948e6

SHA1
b6dcf44304a77228c11ee65f9104ba67b8d6d7ab

SHA256
adfff8ee8348af915417e974804778f4481e3292dd48b015f79f8b8e758f5bcf

SHA512
b614a30b470575434b5a0de987c907b64f892baf99ccf98aa87cbcc9a93f4a9e1db38f2549fd12bc56276592d2c3ec03e0e39408ac72211aeca9be68ca0a3b20

Download Submit
C:\Users\Admin\Desktop\StartMount.wvx

Filesize
270KB

MD5
d496995ea450e7d89dff3803f9933347

SHA1
ad71b56ae939d035cdb339bcc3bdacad9102ca9c

SHA256
4a31bf23488bd85db9dd946699cbed6dbfd32764c277f941974d61430e49722a

SHA512
7cc7fd5c6fdfdb29565cf71b551979420ad4fc52f387d22606b8b9b41b88f5a9087c8216b2520c2fba00a4720bddc38dceaa7c3ef50b4316e56e604be96d2db0

Download Submit
C:\Users\Admin\Desktop\StepSelect.m4v

Filesize
211KB

MD5
70baa560db7a977ccaf58be07ee7e401

SHA1
4edec5d6402c00ba13924bf3488d1c5937afcfe4

SHA256
5d872034948b9463fa35dd9271a7ee1a41c0c2b5448722f99e39d4696dc1dfb7

SHA512
a989ea9e032af08887832d640ccfd27489a2ba7f8fb31ac28ee0a64160563894873bbfb52c517cc7414ad7c935743abf5e90ca2a5a4f615cf657da98d0a2c861

Download Submit
C:\Users\Admin\Desktop\SubmitNew.txt

Filesize
504KB

MD5
c2ba2693aa9ea02c9aa9a3878730f4b2

SHA1
ce8bdfc70b536227c6ae5e96ee4995c691fb31f8

SHA256
e2229cb47ef717b9624e7a9ec60a1b7a45c0f6b5699f0f77c37deabdf6266782

SHA512
486bbc421d22c550f6496b4422467cd29a77c76dc12816feb5f1e600b70618acdeea63d96fa045618981cb2e969d1c72700f070128be4847145eaf97c049866d

Download Submit
C:\Users\Admin\Desktop\SubmitSwitch.wmv

Filesize
460KB

MD5
8444ea417999c00cdfc63faed6df0eff

SHA1
fb404cd7481367beda4730f1d5757e6799a2dfa2

SHA256
ee04eba9e1fbe356ce22a1e7c73d8d22d62069e46881a0e52cb3baabc32c9aad

SHA512
77ec9a9bf73a6e41fcbb530c848cc4d745f693032b54238fd71c11020a8d2e921293cbdfdb519891d13a4bdb2c9c5d0b5585cda3a4642167a6d0602ecb92a0d4

Download Submit
C:\Users\Admin\Desktop\SwitchGet.asp

Filesize
431KB

MD5
ed43888af69bf8ce62de9c4ff84083fe

SHA1
ac2b9fdda300907abd903d62e5245212eb691249

SHA256
2dda23e385c5f7f3f3034e0e47b3b460f86e713eb53a2f5a49819787bd6fd49a

SHA512
09b4172ce2dc41baf1b40010412d0bd547be8df696e70f6f54de09e8d4e789d2b9259208774517bedf7b00f2cd5db9a2b69495119a8ef0ad37c21a9487676664

Download Submit
C:\Users\Admin\Desktop\TestComplete.nfo

Filesize
343KB

MD5
183ab5ce029f91ed83bcb8d694238fce

SHA1
92dd151a4a827ed721d828e6a54a7dfe254e9a51

SHA256
163683a91fd567876e97e0a84de8c21176591bce066584c4855f1df533b52d1c

SHA512
a0cad698e7f3ba03b9df0a619142f482f9db52b2081f0a2901e3e42f7764f150975d0068d98980ee0fb0861892b1c0ebbd1c4fff3387a9ed69c818770384d83d

Download Submit
C:\Users\Admin\Desktop\UndoSave.wmf

Filesize
372KB

MD5
fa5b13688b0a59c49dc660731f20b6bd

SHA1
d43328e97211a5bc48aeb3b87bc4deb5f8ea44bc

SHA256
be7d838e91c1b8e4e30e8228d6151bc684f0ac30ca202e12a58e387d2426eb7e

SHA512
3b311070ef918a4fe4ce906298dd5049f38bc75267c2e0e75273810501c6139400ec8f444606cf9f0ca690bfa0fee3a209008d6cac8c8b85bc6051cd3ce50083

Download Submit
C:\Users\Admin\Desktop\UnlockRead.m3u

Filesize
474KB

MD5
0d067f30a1132110b5ff1a635dc88cb6

SHA1
ee03a9f6595f81741cf236e663660b1f0871e606

SHA256
4381a9e5580c6c562ac338086c51396669cbbbf33c7751cbee4a82a9bd37e563

SHA512
ab0f4c747ee60a23fffcef35f0eb6843bca3737b05d1bf2e9b94286ab82c2853c4895b5a98a0ce2e8331f17621ed4f1037952654737d50928d53aca37863f965

Download Submit
C:\Users\Admin\Desktop\UpdateResize.mov

Filesize
518KB

MD5
9ee4d3704d5bfa82de053052004fc682

SHA1
b597b8c8db03a1a42bfbfda446388ad9c065330a

SHA256
22474f44e2e1e673ef608bf3bf6d59496685b3f5b08164bdce574dc3a8c18a5f

SHA512
2ad0d555a5bb625fc4153044c54ca0ed7826a9754c6bbda629061b4a97099d974b72a11fd38d68173f45ac4ea8a031cb55107353673f120f42047c07fb75ab08

Download Submit
C:\Users\Admin\Desktop\WaitUnlock.docx

Filesize
284KB

MD5
784ea12835ba36aa9e28020b59bea40f

SHA1
aee09dfdeeb03e5ac8d34928d8b4698dc1c07c58

SHA256
5bad0649c9a5274e6e7e74b882233f1d31755556b483b269621757f16c449859

SHA512
0d350af92367f120a74b0ef984f905f06e97f7ff7f8c4dff87e55aff8acacd729f3aebac8ce9bdc91dc861e7c6a7f97aeb44766703193089c60534a890b0d0bc

Download Submit
C:\Users\Admin\Desktop\vscode\resources\app\licenses\is-0590M.tmp

Filesize
179KB

MD5
575506a8774d119bc036fc34a0a3b08a

SHA1
87864ccab15ab97a8698c1bdaa7db88d7a8dbcdf

SHA256
a8e9fd8d817925e0457587f9252dfd977bf17a4155a7ea67bf230d3283036a79

SHA512
39f515f5f7da39fd6e026cc3f7bbb269a60c635a51338073cf752352635936834280a68c1deb46fdfb263293716bafdc31ef569663175b0bea6385acbc36e24c

Download Submit
C:\Users\Admin\Downloads\VSCodeUserSetup-x64-1.bsgg0J2O.91.1.exe.part

Filesize
64KB

MD5
037f6c7a0ec07db68efa8e26043b5eab

SHA1
1a285641daeb9d42031c2e766fdf0ae4a66b4570

SHA256
e88898fc689f886349eac58069dd1f68e0d683dc85eb15857e81ac1ba7f6c27c

SHA512
3166fcc9e06310448979b1217d54bba21fc851c1d99aaa473a64ef54eb12cd3f1d0678ff62de8ce290f5daff9ddac429514bf121a4060f66d358aff1463ab237

Download Submit
\??\pipe\crashpad_3016_AVJNCQSGXYGJDHUR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1860-4208-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-2006-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1945-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1959-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-4259-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1935-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1933-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1916-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1931-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/1860-1909-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/2340-4930-0x0000021AA72C0000-0x0000021AA86F7000-memory.dmp

Filesize
20.2MB

Download
memory/2384-6344-0x0000023E80000000-0x0000023E81437000-memory.dmp

Filesize
20.2MB

Download
memory/3176-1908-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3176-4275-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3176-1902-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3408-4717-0x00000233EBA30000-0x00000233ECE67000-memory.dmp

Filesize
20.2MB

Download
memory/4888-4662-0x000001A4CBEC0000-0x000001A4CD2F7000-memory.dmp

Filesize
20.2MB

Download
memory/4888-4269-0x00007FFAA2EE0000-0x00007FFAA2EE1000-memory.dmp

Filesize
4KB

Download
memory/4888-4272-0x00007FFAA10A0000-0x00007FFAA10A1000-memory.dmp

Filesize
4KB

Download
memory/5072-1995-0x000000000AB50000-0x000000000B1C8000-memory.dmp

Filesize
6.5MB

Download
memory/5072-1990-0x0000000009FD0000-0x000000000A4CE000-memory.dmp

Filesize
5.0MB

Download
memory/5072-1989-0x0000000009950000-0x0000000009972000-memory.dmp

Filesize
136KB

Download
memory/5072-1988-0x00000000096B0000-0x00000000096CA000-memory.dmp

Filesize
104KB

Download
memory/5072-1987-0x00000000099C0000-0x0000000009A54000-memory.dmp

Filesize
592KB

Download
memory/5072-1972-0x0000000008920000-0x0000000008996000-memory.dmp

Filesize
472KB

Download
memory/5072-1971-0x0000000008870000-0x00000000088BB000-memory.dmp

Filesize
300KB

Download
memory/5072-1970-0x0000000007FF0000-0x000000000800C000-memory.dmp

Filesize
112KB

Download
memory/5072-1969-0x0000000008220000-0x0000000008570000-memory.dmp

Filesize
3.3MB

Download
memory/5072-1968-0x0000000008180000-0x00000000081E6000-memory.dmp

Filesize
408KB

Download
memory/5072-1967-0x0000000008010000-0x0000000008076000-memory.dmp

Filesize
408KB

Download
memory/5072-1966-0x0000000007830000-0x0000000007852000-memory.dmp

Filesize
136KB

Download
memory/5072-1965-0x0000000007890000-0x0000000007EB8000-memory.dmp

Filesize
6.2MB

Download
memory/5072-1964-0x0000000007150000-0x0000000007186000-memory.dmp

Filesize
216KB

Download
memory/6708-18842-0x000001B2F2C30000-0x000001B2F2C52000-memory.dmp

Filesize
136KB

Download
memory/6708-18870-0x000001B2F2FE0000-0x000001B2F301C000-memory.dmp

Filesize
240KB

Download
memory/6708-18881-0x000001B2F3530000-0x000001B2F35A6000-memory.dmp

Filesize
472KB

Download