asyncrat | 35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c

max time kernel
205s
max time network
200s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/08/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http45.151.62.96setup.exe.txt
Size

29B
MD5

688fe12c2f39d3d739a04e6c89b1b22f
SHA1

e2ea25ad47861e77b912026839666d3a99f5c90b
SHA256

35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c
SHA512

f56694118d4adee2e0c65fb28c3ef86bc5db032656e2306e02e0f5b19706e260f0505ee97f5068d07ae5149a410a15eccd3ebc758d216a5549d7dc0de52834ac

Score

10^/10

asyncrat default credential_access discovery rat stealer

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

127.0.0.1:1024

20.199.84.103:1024

Mutex

DcRatMutex_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000800000001ac3c-76.dat	family_asyncrat

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
948	Client.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3af54b7d59f6da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 74f40d7559f6da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{A4510789-374C-4E61-91A4-EC843822D2 = "\\\\?\\Volume{38FC7460-0000-0000-0000-D01200000000}\\Users\\Admin\\Downloads\\Client.exe"	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = d01412a90802db01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000ef178702f7d2b922f97de46c20e98be46763cf379bc04799f4444685e0e383e91783cff77c31cfc04782585b9819a6ae58b979cece5c39f8ee4d	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b9b67f6259f6da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Client.exe.747wzlh.partial:Zone.Identifier	browser_broker.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
824	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2340	taskmgr.exe

Suspicious behavior: MapViewOfSection 3 IoCs

pid	Process
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	3236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3236	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2340	taskmgr.exe
Token: SeSystemProfilePrivilege	2340	taskmgr.exe
Token: SeCreateGlobalPrivilege	2340	taskmgr.exe
Token: SeDebugPrivilege	2244	firefox.exe
Token: SeDebugPrivilege	2244	firefox.exe
Token: SeDebugPrivilege	4612	firefox.exe
Token: SeDebugPrivilege	4612	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2244	firefox.exe
2340	taskmgr.exe
2244	firefox.exe
2244	firefox.exe
2244	firefox.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2244	firefox.exe
2340	taskmgr.exe
2244	firefox.exe
2244	firefox.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe
2340	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2832	MicrosoftEdge.exe
3296	MicrosoftEdgeCP.exe
3236	MicrosoftEdgeCP.exe
3296	MicrosoftEdgeCP.exe
2244	firefox.exe
4612	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 2852	3296	MicrosoftEdgeCP.exe	78
PID 3296 wrote to memory of 2852	3296	MicrosoftEdgeCP.exe	78
PID 3296 wrote to memory of 2852	3296	MicrosoftEdgeCP.exe	78
PID 3296 wrote to memory of 2852	3296	MicrosoftEdgeCP.exe	78
PID 3296 wrote to memory of 2852	3296	MicrosoftEdgeCP.exe	78
PID 3296 wrote to memory of 2852	3296	MicrosoftEdgeCP.exe	78
PID 3348 wrote to memory of 948	3348	browser_broker.exe	79
PID 3348 wrote to memory of 948	3348	browser_broker.exe	79
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2656 wrote to memory of 2244	2656	firefox.exe	84
PID 2244 wrote to memory of 1652	2244	firefox.exe	85
PID 2244 wrote to memory of 1652	2244	firefox.exe	85
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86
PID 2244 wrote to memory of 1232	2244	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\http45.151.62.96setup.exe.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:824

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:3348
- C:\Users\Admin\Downloads\Client.exe
  "C:\Users\Admin\Downloads\Client.exe"
  2⤵
  - Executes dropped EXE
  PID:948

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2852

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2340

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.0.848258973\1677997168" -parentBuildID 20221007134813 -prefsHandle 1664 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d02530e-6ac1-4fbb-922b-aa4ebff331a6} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 1780 19812dd1b58 gpu
    3⤵
    PID:1652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.1.1353172174\1916959860" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99ed9b9e-fa93-41b4-9305-a09bd281d68a} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 2136 19807d72858 socket
    3⤵
    - Checks processor information in registry
    PID:1232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.2.1594089303\1853286054" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2788 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {236d94e9-b8e4-4e61-9a6e-b5e633a2db3c} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 3040 19816c97258 tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.3.663087004\760383810" -childID 2 -isForBrowser -prefsHandle 2924 -prefMapHandle 2748 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {581997ac-c4c6-41e1-8b03-c960c06041d3} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 3468 19807d5f858 tab
    3⤵
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.4.112139258\118069139" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4172 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5995de4b-70a3-4a58-9757-f1f349d24d81} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 4224 19818e6f258 tab
    3⤵
    PID:5268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.5.761372898\1134943614" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b1c55cd-6b7b-4b24-817e-7aef1e6a13c6} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 4940 1981857ef58 tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.6.668237091\1502925456" -childID 5 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5efbdc8-a175-4fef-9d5d-e50c07d5007a} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 5072 198195fd658 tab
    3⤵
    PID:5720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.7.1956300975\1244845315" -childID 6 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da504927-fde8-4978-b81c-178bb7a4079a} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 5264 198195fdc58 tab
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.8.1747569868\1586886593" -childID 7 -isForBrowser -prefsHandle 5680 -prefMapHandle 5080 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b280c9-53e3-4dc5-9713-981d9261ec95} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 5700 1981ab25158 tab
    3⤵
    PID:5144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2244.9.1697028565\949511972" -childID 8 -isForBrowser -prefsHandle 4348 -prefMapHandle 4336 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2ad1d43-9aed-4357-ba94-28aae3d3dcbe} 2244 "\\.\pipe\gecko-crash-server-pipe.2244" 2840 1981adb5858 tab
    3⤵
    PID:5564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:5336
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.0.42179677\1207272896" -parentBuildID 20221007134813 -prefsHandle 1628 -prefMapHandle 1604 -prefsLen 17556 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eb1093c-e662-4d07-afad-faa52a75d829} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1708 1ac7e7f2258 gpu
        5⤵
        
        PID:1244
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.1.689602630\1841429632" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1872 -prefsLen 17601 -prefMapSize 230321 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ced12a59-f0b3-4874-985e-42f4b26b0fd6} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 1900 1ac7e64ad58 socket
        5⤵
        Checks processor information in registry
        
        PID:3316
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.2.1086605912\264201857" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 3136 -prefsLen 23687 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a31838d-48b9-4be8-ac8c-b3c6aae516fd} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2732 1ac037f6258 tab
        5⤵
        
        PID:5780
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.3.2038137203\1478310004" -childID 2 -isForBrowser -prefsHandle 3248 -prefMapHandle 3388 -prefsLen 23842 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c677850d-f3fa-4d3d-81a1-e176678601ab} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 2232 1ac0463ba58 tab
        5⤵
        
        PID:2296
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.4.1177748943\1346859047" -childID 3 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 24924 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80d34087-d1e6-47b4-9496-c1df05e437a6} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 3388 1ac04d63e58 tab
        5⤵
        
        PID:508
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.5.1717547455\1874801363" -parentBuildID 20221007134813 -prefsHandle 4172 -prefMapHandle 3768 -prefsLen 25858 -prefMapSize 230321 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3ce7d1f-e1f4-4b89-a42f-348ff25626e2} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4148 1ac06df3858 rdd
        5⤵
        
        PID:2244
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.6.746652613\1819352955" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 4552 -prefsLen 31560 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa4dfffc-e24e-47e4-8b54-56bdb03f20e6} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4696 1ac037f6258 tab
        5⤵
        
        PID:5136
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.7.1799733686\32169835" -childID 5 -isForBrowser -prefsHandle 4844 -prefMapHandle 4848 -prefsLen 31560 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24efafea-fac4-4361-b402-bdf930b401f6} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 4832 1ac0468ab58 tab
        5⤵
        
        PID:5196
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.8.446822458\1842579553" -childID 6 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 31560 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bc2a81b-1b26-47ee-a261-f619b998fce6} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5104 1ac05493f58 tab
        5⤵
        
        PID:5148
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.9.572326928\889633763" -childID 7 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 32091 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f47dd86-ef6d-466b-86c8-b42107fe9b6a} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 5868 1ac009ee958 tab
        5⤵
        
        PID:1920
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4612.10.1874982386\90379450" -childID 8 -isForBrowser -prefsHandle 6116 -prefMapHandle 6112 -prefsLen 32266 -prefMapSize 230321 -jsInitHandle 1256 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4df46b8-e7d4-4f4d-bcbc-ef071bafe08b} 4612 "\\.\pipe\gecko-crash-server-pipe.4612" 6120 1ac06f89058 tab
        5⤵
        
        PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
ed0e574a1b469ff0b9e54d58ba6037fe

SHA1
903651730767941fd9315996ad4ff504dce66a74

SHA256
56ca7f7898152f153ba8e2d866b645ac5e44a109a6fb08c9eeaac961732f048f

SHA512
e1975105849e2ad1cc4f0bb15a55f07a360f8c02584c59511bab4f98a347d21a594d66901bc3785fde5b823ce0418bcf0853e54e587cae49f84f3f22c460ed2a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\1062C4165930C8D7554C6B109D670C213BD10B05

Filesize
61KB

MD5
81a8e7be8dc24bbab3c85da550f365fc

SHA1
4f4938a3dc34c6e5a330387d2f1339480078838e

SHA256
e3bdddbbb4542de60604d31d475461b23538aaa001e42e8a00532506daaa23e6

SHA512
de238fd65243a8d2e09467f8ad61b36c8e69d3269e69bc405d63095c3bfec5bb81e2cc95f04f38d672afb427d23269e3031d798b9f55909c71c882d48368b8ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
477d9d1f33578456df033d4a3f344fe4

SHA1
fcdcd5f0689f8b530e5b965634ec51a373106793

SHA256
36a063632d31663e0e93af2da1217da0927e81c11080c1e77898dddb0694c589

SHA512
6e625c763db6e5efe45751c230d61598e2b5dfd65a9b304c8d48eeb4bc8909160594a1e05460a8afff274662485913916c609488e83a3a11fef3acf6a1591f0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\5146E9C998ACBB54B6FE4EDFA913819276991980

Filesize
9KB

MD5
3f37a64b0931fb2ced8b3ab339ec67c9

SHA1
107e555d4c14041de6e9b67802b5cf8898ede19c

SHA256
fd8d080dcbaa8950a84f93b63e2492ccf6851532ffb4f8fdcfe9b5d7ba6337cf

SHA512
16502336c3fc5a6d7e570160a65731da52fd1ab2966878ce949bfa2942c5d1c04db9d62b77f29124d49df4ed576e5fcd765a719861ccb4c6ca8d8e4e3261e151

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
9cd8e2e7edf9c78ba3708c310e1ca3d6

SHA1
65b943f98b655ee4deb31caabdd42a8da8c871f7

SHA256
31e1a952cd20b45fa8fc4e4a72d9aae2f34adbdc3bd49f3402d6fcbd3444a4ec

SHA512
3dbac8e434613f183646e7203f7858b9da67e89010a94306497bd95cfb14964c9b383ca09cd7cbe48ac93aceeda19612968bd09657c419637950e450da13fc4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\5B1EA717F426335A3760BBCE160F15489D1DABE3

Filesize
66KB

MD5
3c9a273fb3c8d435c704c874d356d671

SHA1
7c7ac325a5f8e972dbd3b3b49df89a2cdc1c0c89

SHA256
86adae7f9b9173847c772029a981ddaaeb4536447211f18e04ab41fbc32c2be4

SHA512
06896a2a0950f59766a8b79cfdc121f0ac45adfab3cdbc1037896e0a82a69fe9dbf340ffb0aaca6fb00fc568c933f36ced4a8e1568015a06f89f0c6f6bd42146

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6A5F813CACE9267EE0CA4466DC601B42D604B87A

Filesize
50KB

MD5
b3e102c9ed4cc745bc87053c25ba0de7

SHA1
bfa51fb97c953689dfd58fa7555ac3e6ff857fe0

SHA256
5cd79c8b6ed32c0c6a1dfa8cec1b9e7decafdd00deca1fa3646b739a8606dbad

SHA512
99bf4b938c34f6275cf08c387c0995f9e9e3c5b0a1cb528cb4da06d9747b87c75da51e1bf8517eaf482e657cb82b47a6c37a6792560c1ef2cf86e3c40127eadd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6C6A5228C232A605B0BF63FF82B7DA6FD9B8BCAC

Filesize
58KB

MD5
bee34f1798f79322a74d8a226fb0f15c

SHA1
7ba66014a43b179233e30e387fb5ed592aa1e266

SHA256
3b2cf76215c80c22a8ac37922b4a32c927bf7cfb5758f58295ffb3a415d278e5

SHA512
e884f7072467ce569717c486b5aaf67fc7fc8f2e25566d773d42354fdceaf41075fa0b0f9a996e153da20c271758f2604e990b38f34e6d1f3ecb7be2049c7a8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6C853E75EB94B06E7E1DAE8B61F19AF5B637E043

Filesize
44KB

MD5
2c0866a612352fb7c425ca57d0181120

SHA1
a0fd0b1acaeed5864d8c4e042ab8af35476908e5

SHA256
ad3b4e2347bf86fcda93390191c38951a296edf916d3cdaa8b3371e0c646200c

SHA512
757d0c3ad9959e03bc04bdf08c544b34fe3766c6486e8ff183b26aaddc1c0580dc27e744903a276af024e83f12e3f49a17a6d193627238fa72b609bd8b1c5ace

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
72b971397df215a4317294b71bd6df07

SHA1
26a15178949711d18f84bc361457f88bbfafd4f3

SHA256
60891968534514ef18859645ae54f5ad34acc0da2ab590015d3f28f8a550a100

SHA512
e931c0229100898f17f52edbfa2173d7e34d25615178cf8df25bda92b519962eff4019172a003d6dcd0fe9acd6a2986c0903071b700189bfeacb640d1ec50672

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\720F9328EDCB687F180A61D6EE96A9CC79671A28

Filesize
60KB

MD5
928f8058e38e63c63c0e1b32b88ea9d4

SHA1
49a452f2c32ec4225f26733be63832102f18a3dc

SHA256
44a70c32d042367b5dcc58d6cbd07e26d55b32657aa61821a77c6fc443110ec2

SHA512
6c9f8eee9fa3030e78ebbf64ff69ee05683758669e58bdc1baa3b5fce74ed0570545f2898d5f4cc7f62c3906b486cb10a15c581bf694321800d3e93b19a23053

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\80E40493E66F98650D12C73CDEFE29BBACA89328

Filesize
221KB

MD5
aa8f953bdcc5bc83dba1a851aff63d7f

SHA1
c831626cea808d7dd81c690c35c99ab17135ee91

SHA256
6cd095f30f1e6603c3a80676083f98a5c20bfd700d03f9f7f7cb1e4de28a4484

SHA512
37f538df143da1af3d762e2b7bad35c2da1840f3ae8e24f3266ec84e37de70c0b87670c550e61a98bac9d7052d398fb58ce8283890500472e20cbeea3763b188

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\83E3BDEEE2656890431C3484D2DFAC5D44936E89

Filesize
32KB

MD5
313dbad3488c7696c2ab7dfba171967f

SHA1
c1c505de8d2503888ab7259e917de2e3dcffbfe4

SHA256
5034259322fde290055a550ff9f0a64beafbe0dfc0da35c7ce78996389f4ce40

SHA512
ab72b3240220eaed5d8dc6d81753124e10fb4251add413f99b4f3c8deed36994f1c16f8eb92f30d58ad1b31be4e58ea24300f2c65a691a9abf9f07db881ad341

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
10KB

MD5
d748f3dc3780d5bba72512c0f2b58fab

SHA1
77b14f040792dcf59b3f6bc710f71116af08ad58

SHA256
e1a510e88ce7dd5ed767d789b5eef343bea158d8ef4c4e700a430478112a7630

SHA512
a4e3afad960fb98ff42b4cf5cc10f9435c577b8c6e26f1446371605724cc17e99556e36edf0a4f915febb5ebe909820a407dbb903d245f6e3fb10342d33c0c25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\8CFD27BF3ACAFFCAC2275181459E30BA7252F829

Filesize
47KB

MD5
fabc6a22d197402d314f98afd00d1e4d

SHA1
18e20a9add30e141fa0504e1b7806335e99211f5

SHA256
9b77236d57499b1226d3c106322456a2f3d20964a2292aa21ee90d3edea322e5

SHA512
0a06f6d0d0254709baa8ef574753ff4789423a0ddc7c8e4fe5b708eb5b76964d32703bffca446c3595c492dc96885a16c9b7c933c53606e53f97dc5ad1aadd0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\9090EC5E1843CC7D0A73E31E525F115B5A5E9F75

Filesize
15KB

MD5
d11a5dc51677f0b39a9cd9571315f61c

SHA1
b1dc5a868a8e2d07a9488801fbe48d3084bbdef8

SHA256
d0ed82b105e4e607af425e2f9eb35f4d7a5e3cdc8c90a9e1ff0c79f8015d5299

SHA512
bd8a6225f9117065d9c1462c2062274e0eea7ef93864420c8ef3d4a0d05c5527ab148ae37b077f2650eaca0953174e983eb3ea207458bddca77a7052e23bc1aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\94F72B6F2D0DC3ED340D601AFA278D214906FBC5

Filesize
9KB

MD5
6df8d39f26aedc03fdeb81864b8b5cf9

SHA1
9cc87d817e227c759f2f05793dba3f531cc39e0d

SHA256
1d0ce3e9f2f62b18b8d5569252876a16ca930c91889a1614b295110ac00f1f8a

SHA512
6bef5eaa1f46f8b7c5c817af7dfeefe6917b6c3b9cc398b43dc2fa355ac98c70eebb3ec93ca3a5c98f6f5d54e9d8b935f08f2b45b59260565952edf1bda6c345

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
ab5179cdb87f6494397a4f8017ba1d92

SHA1
2a6710791ba08e2a38295fbfdf7b729de33074f9

SHA256
06a9e45ad465c3ba9b90b3a0237d32b450ade8393c1d59c38967c6385fda0cfe

SHA512
c21d745877b5e86d36ff1a36d2614f3d270c1444ed251cd992bcf313b99174d9d38337737d3bdf94dd78ec3d2bd9d7fadf176ee484728a44d28de78d145b2568

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\A1A817D7EDD4DD21A411C422AD86017AF7902811

Filesize
54KB

MD5
433c8911e304f52a2b8d3235e161aed5

SHA1
0e678f6e6716c2cf6682167719cfa1cf816048a5

SHA256
94b63be056d45755109c8b7e1b7bcad9c3315188d8f2af77b419d9d4b4f8e9bc

SHA512
bde33b66b97502cdebff53361329b3686eea13f2409f5b8860ecd2367c8a40781dac44c890b3aa179a9df1c8906e90824e6d74d2305fec6936fcfe8eede986c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\A59CD5522356C9141BA2A8B4056E63097ED8529A

Filesize
2KB

MD5
09de8e19f1131ce6fef93393f5e6f7bd

SHA1
c4956e86f48cca911dcddc71e239eb2a7ec427b2

SHA256
1f27b1f98fb8637cfb6c7ccf7a09006d00eb72fa891fa013cecdd4b4a70241fc

SHA512
883887ce9790132e26951b9d0406d2ec1474e4375f743e0cff232693e3c8e0a1c5b45d3253bdffda87451c264782737db48d0a0bf95e0f1d828096f08e0357bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
24KB

MD5
fe4e928bd3e429bbb39187d795fab587

SHA1
0d0c04b0a50e58fe431ab02b7122c87641de2e64

SHA256
84f08b255280f020808f7acc779d969a704c62b9aed577ec1806eccd26fee3a5

SHA512
87fa7c184383db81d9f066e6a7d833fb5a0c041f6737a96b061f8c87544bae765d6640e5e8d41dc46c6669a31f6227ac867dd6cc5b3d2fe36e296026ef0ec45d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\A9FB5E6047697568641592A7A75CA6ED3DBF5590

Filesize
9KB

MD5
58179973488ffcbacaa354581ac61eb2

SHA1
fe57729f42704bcab7b4d5d2804fbf05e88d6485

SHA256
50f7af57fd63f21b9d7337a013fa8049ca43a6ac103e2533f8bd21400f0d3901

SHA512
02808e0e83f29e6b114a92aacf8ba8031d40b88dfebd900bc01c06fcbfdd249875e1d4d14fd0ba4a10d66550980e3944d17899933d07571d493ce23a232f2b50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\B41C7329F660E92624C61816BED9D62A49D8FB2B

Filesize
96B

MD5
6a128074c75e82a61ce98c5848d9815c

SHA1
7376a361e1f41bff9794e808a11a10eabef68caf

SHA256
169625098330d50d1719dc038fe16f579ec3b42551c27cfc5879b79111fc710d

SHA512
c835dd19cd68ae5e8c927b03d6297a42c563ac19e4d930cf88920690293d6dae1318343bc9a96c4b60ffdb0cc7cdfd51e9e9b98fbaf9e012267174af1f02cff8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\BB2039C61D7901FB1268EACFAEB3ED79012AEB19

Filesize
45KB

MD5
4f77fc8f48228584025ef401eab259c2

SHA1
115491693b26ff8e1e1430ec2e17c3644494e278

SHA256
dc43b02e0a8d5e106c3f604db1d0b75b62ca36b2e7269acc52f9d1685c69e54e

SHA512
d2dcffac6a56d0448c0b88514bb46df90985df1a06b429f4b26c2fad4b0151cf11ba41d6f6d7fa75e1c5e6c2be0ec15d0581ceebcce8d1a1708d1ce545bb216b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\BBF5A51B9487314703B818CC765EA6D55F1D46FF

Filesize
2.1MB

MD5
daa8a010d099649fd54c113794f4efdb

SHA1
9886ccfc56a68e7722caa2bd0241dd21cee36d5e

SHA256
b31c992bc2ccd94f4d4e817a5a927373aca881ef04d93f5216aac691f3edb705

SHA512
3f98d52514bf08815c6d88cb4146a07a5478c9a1557eba1fa064e7eacd9a2df4ee3df0850a7ebd2176b167dfaba03cecbc464b671468e13d6704011d7a8dd5ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
21d39732d47272026b5ab87a2193ccc4

SHA1
c72216f4b7fd6c8292626f250ea2085b83037d7e

SHA256
38f88bb3c84925e6f52a40c70a1ca882fbefb83b21982d5bb9756c3b86da0654

SHA512
61c4bf385d2de77fb7d1d80a0ce051c895274d24e97db88a7dd2da1f9fc20c7e5ae3df8281f7576dc1a43cde53bb678ef50df0262af2b47553bc067a8921aec7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\CAD350AAEB15C3744B51F7E061BE1E641682BF8F

Filesize
48KB

MD5
d46effa1c4d7721e5573467dfb602b62

SHA1
c80ef1df2615274af4d7fce78ed33ba35a5bafae

SHA256
b7f5b5f04342c5605e759c6e08cfe1905caa26ccec4726934c829d1ecee6bafe

SHA512
446ae341027f52ca100c5c595f15fa1a0c2526c90e2380748a6a7c148bd3b6ef2a24aad10f86a45418a5e0a3f781d31e7f1fff9bff10cb5f64a51e6348b8124b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
9KB

MD5
164a464638a516ad3c042107e075cd8b

SHA1
6ba04b0f7096a8ac2c16e9b5d6d37406f019a79d

SHA256
2ea788a63fcbda134cc14248b1873aac8261b1e891e97109f0e50ae58b706ba1

SHA512
77cfe427306b2d1153c8a6e065f8d2a8f0ff0ce7c7d89e47e106a2fb9c1666c835d3b64656b13cf3f10acdb6c786c367a4494402cfd69ed8802d93ecceb2e02e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\D8C2CFE0485DFC922614553B1999E8CE09530D68

Filesize
23KB

MD5
b4073e1751d64016a8705efe762e4786

SHA1
69700db206a95444cb0d8250470f000bbe18ab88

SHA256
ea7237ac4907dcb47e6131e3520574953a398e8f246024c91ec5acbad1e4356c

SHA512
33fc7c7ee18b05433faa4bfa26a96167c493997b64d504ef061c3342557a5cc48ff45c017b814fd6ddeca2f5f49d258bda3fa60c1dae546f155fe8e6add135b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
46672c3843b506f356c6163c2abf0696

SHA1
8a6f4d28a036864b5148a156a2bbfccc8b9d6c16

SHA256
61f2f254d136ca07811db8e26b79cf3818db01862f4c1427cf63c52cfc7dd06a

SHA512
30db3b6473ebabf496136406edb25cae069a2d21479f3740ed55b0e212069e2f21b59529fa49e5d457d89cef849fb0cb606f186811dc0d70acdc631062022134

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

Filesize
11KB

MD5
17ed74fbaa2d32bea584178fd874887d

SHA1
bb661b241a983259ba506869f787f3c3f5f32cec

SHA256
3b0e4dc207715b4bec108fc83eaf4c71ba202efe6a205a1e78f5959831c9109d

SHA512
1fbe48d38ff5f8bb0178688cab9dd0b9862b1ad820c2a637f54923071a21f430f27935e971b9de07112f16eadc14af4dd56000f37d8618ec2bc4a3ffa26f3cc2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\F21F53293B85556D4D7282B4E507DC37E6D6037D

Filesize
9KB

MD5
c67fff239bbcc68e72b92104816f1aed

SHA1
e855e72bcfe367c43431746d3d2f8a30bb978d89

SHA256
2cbba2d7ea338f66d099aee3afce9c48cf1e5f8de6118d340d57214db20603d5

SHA512
dafb4a189375c456e2a6fec60c58392b51dcdf445ff28310e5a5d72052d5d2086287b1ace958686deb3e09486889ac2ea12439e0859cafe2c24a4a89649974ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
6d448f7b207bf2b025506d3818b631aa

SHA1
0d284b79094ec05328e03189123ac249684e7d22

SHA256
98688e036c48a4c7baf462a12c95488e86a89354b98a845030b837fb28852a8a

SHA512
2f02aa38b7345f7dbc9803fba9f8135a0417ab898a986d22940dc97dbb7ae16e099b2d605fa993eeb921f75cef920b1b6a53b0be07bc0d197f836722c798f19f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\scriptCache.bin

Filesize
7.7MB

MD5
f0832224967733af8f5b9beb0daef776

SHA1
8efc7c92fb7bf2e0e33a718a8d6f2b34bc44f2ae

SHA256
ecd1224278eec0e3ae4faf1a03e01716c28891873057afdd840424ecee333677

SHA512
3460ccb889d72b7aac5f9904fe05f1616d482742ee3281eb6edf12af5f728a4c3b49ddea405bb5e845c5accd4b33980863380ed7db46d063057ad7dee0ff0108

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
5a3e1cca06569a3abad215db82b0b76c

SHA1
18ecdf820ea13771e7b56bdb6ef306f0c0c13334

SHA256
503d2ae1b9e57f6b33593b6013152cc3a6b60b7697366416192d205673bf481f

SHA512
fd2b7fc449db397f5a8c23484a369a5ab7ebded5f2e21a594fe7a5faa314f185453c31650fd6bba83a66c4405a50f49748c1e79bde3a0bc69bceb6d069d2a8e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\activity-stream.discovery_stream.json.tmp

Filesize
46KB

MD5
f5872c79a9fc2ee8b1799e0a62f8ff39

SHA1
839bbd4600b7ec571f9d1c079d54bee6da6091cd

SHA256
0ecd02e78cd8aa21e6958a5cf11d38b7fbf42d5a7a3ecaf9003b20ccfc88f361

SHA512
ebd0dc725457dcd13ec2b56151468e85485e92e4bdcdfc684d8553e00cca6f72a97cc6d7e2e20fe540acc7a923430ac2144b77bec0f72b1a557510e0c0a3e73c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TTSWREZE\Client[1].exe

Filesize
47KB

MD5
fedb1274930bfa08a83480134a3f1412

SHA1
d47be6340ecd780274b98dad463749eb2d9d49fd

SHA256
a8fcd268b48c903e21500439d6754500d59d12d7d5d4e2c7ea737661fa8fe230

SHA512
ba1d2a9745b837c1f984577a5d96bff1b2c126d86fd75c7e763b085ea8440360899d383be10a7a6f31bbd87c215c3dfed82c03c15880e8f4ef336c411cb448b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VMDT14EN\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TTSWREZE\Client[1].exe

Filesize
12KB

MD5
d572ffdc92a1544d25a8983c40e1ecc7

SHA1
020ca43a8d7946f23b8cea9ac9f15752c248e9d7

SHA256
917a0e774c413499f0e513a93e51f1aec1ee8c115b4ddd184f4314a9173adf76

SHA512
8bd05ffb5850908f359076be075260d3da61eee6358e6b206c3886fcd3e98da0ef6aa0da50a21f880825fab56a066562703e7813d60011512e5e7d431969d06f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\AlternateServices.txt

Filesize
766B

MD5
fe3020ab1c3fda64215de1eb7e494b33

SHA1
dcf512ccbc259de72be35e35cb54c3fe6773b870

SHA256
5ae83416d0b03618d9e07f8d27a73fb29fcfc3da7f172f066817ca44dfae0342

SHA512
3d5bfea3bb2235b4f42fc431b68bd4ee97261af7157ae1454d7316d4728a90b32b6e7ff6da90b9eadd10a224f1a9c43fd081358d3f3f4daab3781daf4eda377e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\SiteSecurityServiceState.txt

Filesize
407B

MD5
7f8c201b99875ddedce48caaa5545cf8

SHA1
a0db1a1b5089a61d184ca3a377a7de6f96d5628c

SHA256
1541ea62194d8eea8ac0530469111f7bc3f04c7f81ef92e1999b5b3762624512

SHA512
02ea0d05325331ae20903ecdfa6268d4ca77f84a79a6b3280a3107783c82538075e7a18d1f6a3863e8609517f839389b4c72173f36f570a17d9014504e230006

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\cert9.db

Filesize
224KB

MD5
ea92f4ce945d4fc4e0f55d7702216b19

SHA1
5efc462f54365dbd9c19cb34d3b90f2544dd0411

SHA256
4c890c22ed87bd5ff00572a4576ee047ded7f64e91e301b9ac4c45a1c53b6b3f

SHA512
d03420043fd76c55790f7e5f78e07e6263ca31d7b3df65a3dcfb6b695e21e99f45b5166de0c4cf2c0bf6f036385f538e03c714a3dbd749ed71fac251e482664a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\cookies.sqlite

Filesize
512KB

MD5
e97b8b09c6c5d1bd74ff987c02cd96a8

SHA1
95b4eb1fd1001f9b1cc31c80ea018c0d61b4a476

SHA256
3e4b8384245cf952e44d533587a2c09ecd5a230337e12e8b0ccf6c5bfc9e26d6

SHA512
30b2ee8542d34a1a23b487dd630e52be1d63ff05124a13f80daeed86d35cebb7cb8390083ff209a7ae398eeffc81b9a96bab11cfb91917db68e83794e6cf5ed3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
cdf3691e526d494de9a7b5289d94690d

SHA1
a2d278fd1446a9c9d4aef7c918dd3ffd0015950c

SHA256
aaf5e025ec819924f0a303955d154dd3788393d330f6198fca49a7938cc0d9a8

SHA512
8a3807d4f64f0cb8b9def014bd1d436a849928b946863d456311b37c29e2a32eb5e7b3be418d7a22f83b55306d3f5efcade3099970d7020b547da3432c2b4fd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
5KB

MD5
56330674312dde528262f2736837d47c

SHA1
4b7a2e0854c2492cf08640ad7c681e45e1d9426a

SHA256
3a9fac2627d7a7af6136c81f2433d3d78a5bb1ed8ead67202f6c86ae21a6da9a

SHA512
0e1c4d022af8ddded63f7c4c45b5dc2c3e47f13c1e0eb7738063ecf9dded0c0d6b0e2b8b9a6c29c28b1909e6208d759004efe60389c3db367dfe3a6ea00cd0d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\events\events

Filesize
327B

MD5
532f6f9254a08ed989d2327c4c4e5f06

SHA1
9a03d7d211a36275703842581b8764e8b9f468be

SHA256
38bb254fe57b9cb9cb474e5e484c2641fe1d575e262727e4fd4b8d4e2fd3d222

SHA512
06a2cf6bb69a80661f49008d48aadf4009155e7674ee0e64e0797bd84e8838e43e9d50d38232c03aa7953df7f58fbed09e0d5d249d0af3b834f7c9b2519b9f33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\287c3328-57ec-46f3-aa1d-7f4951fe3212

Filesize
10KB

MD5
678012f770522bed2183f56548aadadc

SHA1
afd1de7c32d4df9f54363870b4d3aa294ad6b5f6

SHA256
8e5df7136199731e66c6b940df38c20a6408a4dd0dcf6784d49fb2ad96d6d613

SHA512
915f885240d83cd2d81575e2cbe477c0a663cbbcf08c1285974b3d25d23ca4e7cd987d2cd2734b5a48f3118311ba6c7d3fa703e60801d54ecc625f5517b29866

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\fe8df8f3-35e2-40c1-bdfd-d136d1fe822b

Filesize
746B

MD5
7d9143c2425241c522999595bc943908

SHA1
489dd6babf8076a49fc17ac11f2eeb305a267b2a

SHA256
f089d2a02be5e6c5fdd355a9e65f06f70d9bdb449338a946484c89b7aa662fd8

SHA512
f01b7a2e15d3e8678f75a1ebd8ea5e8d01f2b59dd6538a7435f61f221b85b155af2b72828d09444c9cd016387697bb8142c468ac1704217954d767156335940e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\favicons.sqlite

Filesize
5.0MB

MD5
c7a26063ce0796a892a75c979441c389

SHA1
471ec84546561637d1d37dfe83af0fae93e30ceb

SHA256
bbb6a79d6e5c257d8bbf85d0087089a8aa2530e59c1559b9136eb44c8821fcfa

SHA512
271d7e9ed3de449a912d1c23cab143b8b500ca278989fbddddf513e37a1d20ecc505afb966a7385832565fcb62cc11f5816a982b2824c630bf6b45cacd0c8fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\formhistory.sqlite

Filesize
256KB

MD5
5e69bf885177eb0c9b5044f22db66a9f

SHA1
f6ebebecc65bd1204785e71e83d74dbb6b2d962b

SHA256
74d7440586a855f064d1d212b20094d1da736d9339662571f701cc4357457e63

SHA512
8d4295ec4d92e20944d38f4964a9fab3025f82409cc4da49c8c1ad71bf01d2e9a3d6fdb9155985cdad89aa49011862814fe41a5e6825f436c2859c2f12b5897f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\permissions.sqlite

Filesize
96KB

MD5
cfe2873caddd29314b9f590f0a588ff6

SHA1
7bc23f27df20c320795f78a1bc1a7f84b5600812

SHA256
2c1757b18aa86cc1019040de6c487700a9d1edc3e6eb256deb176ccd5a7386dd

SHA512
50cf5cb07e0b732553bd111b4754e8fdae904addb5310803343ee7f2d6c055431754fbf82d39a402965ee4ef711f2ecdbb1b5bf8e86ed4dfd157ab2cf295a16a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\places.sqlite

Filesize
5.0MB

MD5
bc80ea2f6747c06d23080a0de6490670

SHA1
a247b08bbbb044e9dd0d458e7cbcc253faea6d39

SHA256
c02cb7e2a14fd67db53f14a8bff5a1a06904960ab7802df094dddd9993cd17b9

SHA512
32e42ff51637ed817f3cc117ae56b5c7a1b034fffcd8db380476f2c7a5d456fbabc560491c4b0f9b4e08597ae80f288cf5e04be3e2ca4fa2a29ff12d7c1fd9bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
fe73e1a4a63ff2211639bd24d71e3ba8

SHA1
5880d66fac21ca2ab9f8083d7b037e34d6ea2168

SHA256
b9bc5d912a6faf8f52f1e30a42246e6a176d198018fb5ece73355d66deab48a8

SHA512
7df5d70dfb4744b9149f5f256b00bcecc588e79e03315e720279042d80ace45cb3f788a88da98eb2a52879ea3c55fa89c79d68e2900b0a52a4725635c218be3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
99e5de842f73f997e73dc5de5f219cca

SHA1
511509bb5f2a75424beb89f1b06b36895b76e2ec

SHA256
59c1dbbf0c333a7ee02e231a267d465111d81f23526bd8d0f884fa8884ec2282

SHA512
12d80c61341cd94dd49d00abf6eac15be65e271a0a7c38704560b944abc99690d9ca1d2bd2941ec11770749a49b4893e37b3f11b91a3880d5fb70bd253133c74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
6KB

MD5
2f1c955617a33685b3677a067be99f1f

SHA1
1ed6b6cc94dc8e8798a8c01c84c9a602b6dda90a

SHA256
2dad4bd298ab7d3850914736eedffeaa458c0c7c8f9546f51f6527e4c885fa72

SHA512
388507bb2e9fad5300d09a45a1dcc1191e299498c4c631f128c95fac6448bc0198a312a0744f82987a273468e96c2ec64f7b840f5baa035a70c1d1a2cc9c34c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
6KB

MD5
26f7a43eb016a346dd3e9f09e0fae2b4

SHA1
8e52682c99d017c28b62b19a7ebe62dffa9a1b70

SHA256
70dcf7c068506e0d578864e83e5c69a8bad3a1d313b7525b3d95183638299533

SHA512
9cadd19323aaeca2acbea48ddb1ea238b9cea42b05b987f8bc4a2ad545263e9d0dc355b0b758150e40779d0cae11af576070150c7e947ff477d4850ca39665f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\protections.sqlite

Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4bd7e26cd6e10da4d9789359fdd1fcab

SHA1
966f917c7dc6548f865f9b42e4d5b2bc4ea218fb

SHA256
fcf13276bf9fbd668205ef49fe25c658631474c81186356747fe08ebe7e57f94

SHA512
66d5dde987d6243da3cff1607232048bfb9a536caab0d82a4a77dcd83719d40522ece22e4a20bdc90efd02bc0bff81219657501cfa2957dd0ef566f06dd5b66d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2bc576f02c06c5eb6a084850cb23fdb0

SHA1
f00e0431836dec1a7102ed6494342c1dad5912b9

SHA256
17e9cae5ec33194882ea37d11f0421d067deaf2d244a3afeee22b56f6f3265ea

SHA512
74392f41a06ee5c21cc0b7c3b24bffc9b59efc6ee057fc881f484a50872e24836654bdaf344fcf670e8e0eee70aca6a1ab676ed5992efabfadc3612ece003f24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6e160ccf953f65d5e292fc1eea4560c6

SHA1
ff4c4fde320f6b22989331d29bb140f60cf29b0d

SHA256
7bf4c8680d190512b64e2d1a439d12b69a71fba9695a2591fb99a250fb444441

SHA512
e7bde20ed07012739e35f45e56b826ff92933cc3a25cd8701325760671b61603f5c766f6f65eb5761ec571d16bc5dd10a7ce78fe29f980c9d9a2660d9a31be85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
b4f77f09b515eba27eaca5ac77968783

SHA1
d599d9de66df492f68615b8f566e5ec0028c3456

SHA256
9a87cd488d9bb1953edae6396e6555e9c45af9a8b8f46e471a2b753404fe1c01

SHA512
128ceef27dafc7a98750a6cddd6625b25cdf3a1194a182a85693b9e48972a226af4cb48b3bcec1874b1ee073ad07f2ebad49b2d1b8535206f3aa1e379e23e6d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
62B

MD5
2522f20bc3e7678ae2a43c1c4a1abdbb

SHA1
d0507bf9f6502ba0adddbadae5639e5d6bc4e7aa

SHA256
4c4f183f8df28efcf36534d21c5725403f0b75babd20274b6ef0af0228e9ca74

SHA512
45298c78b2c293338c487f1203cb6ab0ca27fbf41613dc60a7b8edd790b594c456ebece71b06542e0141fc625068ad631da1ab05612ac4c20f622490d99b971a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
bcc04d985399af1e1e28e36c816b2fa3

SHA1
381e5cb79bd0b3a49551a070ef2c48ae60bab69d

SHA256
47a35c4d93ab7a5e4dc66f996b2794aabe3296402cc0d2ad2f5e96cde754cea9

SHA512
3deb00f4e28b5dea952c53fd81c5e3b7e3cabfd2d857e232df4917b1d754d888252b2ffe09e29117903029a590162fb6039f806b1c552fae7b5040c43971a8ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
4c428e195a2fad0b912480f1aaa48bf3

SHA1
52a8ec75e9ebe26a80438cfa5b234ccd96f24621

SHA256
330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d

SHA512
795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
cdfee20e054c74bce2ac0922ab0527ab

SHA1
67d0697bdaf9124cc359cbef8ea35a39dd24ffca

SHA256
fe2cb6c1a8d168d570560b498f1140fadacae2940c5748f887c150128d84a9fe

SHA512
27a89b1e1323eb942a2c8159b3f3cfd1435523ed331018695bf4a3d800712282f949ae470cf90232849223fa4589b62ab597f3bf2a8adec4c700499a0ddf6f6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0ed2663971e8051b2bcb574926400fa8

SHA1
467756bf41c377bdb07c8be10d5391f1df1d80a7

SHA256
0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

SHA512
e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
49dc5e81195b9537e8d1232660777f22

SHA1
586565a4208248f59580aaeb58b70f0005451f36

SHA256
d6da9198865299572fa72b98d2cc1fc85a210cc75a77e10b0e2dbfbcf9a886f2

SHA512
311e6ff8ef3d6d4bd38db723a776b21ea7c4373fe412185dd083abf187e5ab8fe0f1e3d7a13bd0060856bc7696b4f0d3154bbefa5fddcc5bc2bef35cd38430d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\containers.json

Filesize
939B

MD5
94a3843fad8c45c48b0e07342df3dfdc

SHA1
d55b650208bda884d573afebd90830a3f4d7c201

SHA256
854ff2076f71097b030c302a1ea71d8e851d2920b9ff5fc8dc8f16c91ba95b72

SHA512
4d2a6b2a223ad81bb97195abb27685cf88453caf5769de154b373486d5245f02e0c0f664281d8e3bb33bfcdf1d6f7b3d9602303864d4e56481382adcb0b932db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ead30e82cafe2fe062db36646dadb903

SHA1
48acbc345a32d16bbbb2a9df44820d47c71e28a0

SHA256
17479b2e95d3758731c9d6bc6f08f6e15459512a82458f627b55829b59c30e9e

SHA512
e398b8b952539ad008f2dcc54483073f970fc193385344430cfb0ba544c3c329713f49af0d204b20f6682805483e1b84e3c12403329627beb89a71f4c5bbf252

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
575e10f3c60d50f108c81744f1ddd199

SHA1
8b6d52fb048dac47df4682bb72421a7ce1566d16

SHA256
dd7b88331574f76b44321f7bfa77c8dbfa85a13524474ccbee7066a5de73b0af

SHA512
8d9bd4724e5d0a73e0d3866277bea7c7e4e70e5f8dcc093d2166a87bb1cfc5397dee215ac3bdf9241023306c8d5c0ab1ad0c9f53729953b28a723c7c2c2e7a16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\datareporting\glean\pending_pings\01a538e5-d0f5-4c83-aa86-185117d7bf71

Filesize
656B

MD5
31860d7cdada9d59f825019463a18588

SHA1
b649d08f5566ad07dc9c13ade48267632b346a6d

SHA256
ec1c7b21ee1bf5254ae5e02b2c5d311d5a58e6f92c373f578c655666105d8b6b

SHA512
ca115b19d25c4de1fff72a29d4b33ea87660726d21198e27ee5a6f39c7cef70a52a1e79fd67c7e3f4f37a391ea175d7250ce75f327c403d939303635d2ebbc2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\datareporting\glean\pending_pings\7cad21e1-8ba7-4bb4-a406-f0914d1b8651

Filesize
587B

MD5
30467b4e966f77024b3a9c8b8dd881d6

SHA1
7466f408f233aae7549e95a936b33cb1c5e7b54a

SHA256
e8c28421289cd86f6d311293508b89d35c2022c13bb37eb6e4b8182e7256b023

SHA512
8996743d7e3a68f6efedb827aafbfcef50812582388ff9d3e41c6b94adad2c6d554e2ce31c885ba3d205cbe3417b2fc306e07909b8c431b0f3d4bfa274d5966d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\extensions.json.tmp

Filesize
36KB

MD5
f3662d756cd0dfbc7e3836454e8d6404

SHA1
ad4e7f990807768185f639856b2ce492350e52d4

SHA256
5236237eb6c56faacc760a49ec8da94b2323ec250b5d6460236c8b127f671948

SHA512
9ff64d7f52d3afb612c333589e46c36b8a5577482ff0efc7ada141106efdd8e82e5befa65139ba2d4006be9d17c6a1a95d8ec50cc941e1fff180af3b448eb1a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\favicons.sqlite

Filesize
5.0MB

MD5
a77d229acb3138699d1b5b61ddd07bf1

SHA1
6046ad5bc0407e5e8b408efb223a1924052de305

SHA256
0171d7cd7f5e94d4e1e4ff63149a7736701c7af75520370196a7a88e79267847

SHA512
e844c58277b426c8f2f807254f1e4b45034ac34e60fba5bc5136fa82ed13a07efb66a870e44a786186bae5f96c9a8196f6e77936151ab9348df87661fd008b38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\handlers.json

Filesize
410B

MD5
e7a65c5ead519a7b802f991353c26d3d

SHA1
34cc3c1cf9bd4912dba5fa422010934e46419fa3

SHA256
0e5ce92485da953757f615bad034a43032b220da18f8165dd85347851b56b2d2

SHA512
2a6034449ba6f5da8a77870ae665064047cea2460aeb4c8c0b62b308a403fdd30648150209aecc31ab1e50b6d9d94a1f51d3d7d50bbf35ec1b742bff2dbe788d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\key4.db

Filesize
288KB

MD5
c7ad45f660b8ce46e9628750567b7106

SHA1
fd046f08ee4fd812490c12fa77480153bdc2e3e4

SHA256
5c7dbb5d8797257281e637b3a8b1f96aea31b1f0c5178fec9caa7562cf5e7555

SHA512
dd3b4c3d23f43e830eddb7ce82ee40616e0c30960511dbd70966bf0d241a0a42f73fae794422cd5fbd2aeff1193701c6ba01555e6a8d5ed1c4456cc4f5ba865a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\prefs-1.js

Filesize
6KB

MD5
c1ea0d01b6691ca601e89e64fe29c916

SHA1
f4fdd171d045d67c046bced6b96ef9f89866cfbd

SHA256
f175166f3c42c41edc6e283883608bb9741d3f523ce80938039f2b5a16f57c3b

SHA512
dcc77e058f9f08f5d471679c27b869134fb509c84d74d7bba5c41eeb7904aee3edd60090fae32daefe294793eca18ff3137fbfae9fa5a1c191f5db51d2c99c70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\prefs-1.js

Filesize
6KB

MD5
f9f97c3298fff0b4a966aeb2a383e529

SHA1
7e31b37737065a4b6ae498382722c203e1b2fbf1

SHA256
01c2e4871ec5096f0bc5218d728afe22211dc5805df0084b0910e1928ca835c0

SHA512
74f37d4827c086fce4a9bf59f8aaa068597dd5f477ffdf95b314e684ea52e53d49e814d23153179ef3b16b6d317056bef32afd5d936f6f53001447f59c8d0ac3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\prefs.js

Filesize
1KB

MD5
85fa3056cee78a5790dbf287de0a07a9

SHA1
76d36eadae01880dcb8234a784b881f350677c80

SHA256
10a5d5b882d0e6fbe0d068811ab7b330c3a4a8a418a168f1dabf354e29582a6c

SHA512
33db059b4ccb414869ec8c24b14582984d09ac20985a9fa817963a6de9d247e10c197256c2e2717d41376c2a2d2a2bcfe3464b01134ec0ab084a7f55254a1d50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\search.json.mozlz4

Filesize
280B

MD5
41d220d4783f67d2b57beec20c135229

SHA1
6e97765e77920b6010fac2cb4abf1e3cea106541

SHA256
5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc

SHA512
dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionstore.jsonlz4

Filesize
603B

MD5
3bb753fbb1408936230083115f861ec3

SHA1
b709ba9f86041da64def690bacc245e440a7d974

SHA256
00000cd06714a9fc81edd0899d24bb431c411ea727bc5cefa3852d756c20e903

SHA512
adfbc12538fc54d34534fe59158adc14bade84fb63ca7bd80abb0794bc9222c1118e07959b62a8c01e5f7a83787b27a570fd36dd779ae1a8f1c2c18769f36355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\sessionstore.jsonlz4

Filesize
4KB

MD5
8e53a99a0353bc8db676df1af84c4012

SHA1
df71b5efc9f8e02a26a4554f97b81fd6c8b295b3

SHA256
b19cecb3ee025790077f51279a972bf903c56e4ad16d21c7b4ab5d82e89df724

SHA512
051ba7d6fe6852281f0633c3f9d6a488176dd94c7ee8c9e288bbc3e7998d764ca1d6a4e5a9a5dfff9d5088f4296ae5a51851a073be2127676004697d18b69645

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cp4lfehr.default-release-1724526818217\shield-preference-experiments.json

Filesize
18B

MD5
285cdefb3f582c224291f7a2530f3c4e

SHA1
f816c3e87aa007b6e6d31eb6a4618695a7d83439

SHA256
704d28223a4320a853df4a19d48c7015cf79d56a5317cc3475b6305fa43dcc05

SHA512
8f1decf1e4b5755fce8f165daae115f45d6890985c9c4bbb33a6f724cbfd26db75f6da06f9ef675de20fe755da9b7f55e5ee37124296a12a520a393da159bd58

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\c5nsco79.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
04c288a1562d51d0bde6692d1a5a6982

SHA1
96cfa3f4b5f19d53145bf761d25c70c5db59b424

SHA256
9748504d46f56cda1857f8a159551c1d33e386b46b273b93aa210c65402be776

SHA512
2cb8bc9d58a6f0f4231c16b735b5ac834f4a66c25164945ea69c50e189bc0205c5354d9869cfe214d5b8a5defdc995851c527b0135938f4e480f6f9f426782b2

Download Submit
C:\Users\Admin\Downloads\Client.exe:Zone.Identifier

Filesize
131B

MD5
eb3e96ebf5a8e42b5251dc5b3332f185

SHA1
2d7f890635fddc4ad6654105b7dc70e7fa0708b6

SHA256
c7a51a5b57a3afa06436679532d204f9dcca96b7117225a8a5ed11e472e14b53

SHA512
b6ae8578d81b5b2b0111594c7a6c6ae7ead72b1eefccfcb406b3e6bbe3dd596aca42bd49c05d82961cd4d63c2e08ff9d1adb00ca37e3aeab2bedfef064b762b5

Download Submit
memory/948-93-0x00000000005D0000-0x00000000005E2000-memory.dmp

Filesize
72KB

Download
memory/2832-16-0x000001771F320000-0x000001771F330000-memory.dmp

Filesize
64KB

Download
memory/2832-35-0x000001771C560000-0x000001771C562000-memory.dmp

Filesize
8KB

Download
memory/2832-71-0x00000177257D0000-0x00000177257D1000-memory.dmp

Filesize
4KB

Download
memory/2832-0-0x000001771F220000-0x000001771F230000-memory.dmp

Filesize
64KB

Download
memory/2832-70-0x00000177257C0000-0x00000177257C1000-memory.dmp

Filesize
4KB

Download
memory/2852-59-0x0000018699AD0000-0x0000018699AD2000-memory.dmp

Filesize
8KB

Download
memory/2852-52-0x00000186893C0000-0x00000186893C2000-memory.dmp

Filesize
8KB

Download
memory/2852-55-0x00000186893F0000-0x00000186893F2000-memory.dmp

Filesize
8KB

Download
memory/2852-57-0x0000018699AB0000-0x0000018699AB2000-memory.dmp

Filesize
8KB

Download
memory/2852-61-0x0000018699AF0000-0x0000018699AF2000-memory.dmp

Filesize
8KB

Download
memory/2852-63-0x0000018699CB0000-0x0000018699CB2000-memory.dmp

Filesize
8KB

Download
memory/2852-51-0x0000018689500000-0x0000018689600000-memory.dmp

Filesize
1024KB

Download
memory/3236-45-0x000002B1DC600000-0x000002B1DC700000-memory.dmp

Filesize
1024KB

Download