ac7bedf7efe27c0827fbe122e4f92bf272df550ae3dea356a241c39bd07cc2be

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/09/2024, 17:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

k7wasvUmhVhzw1tr.mp4
Size

290KB
MD5

2f56fc6fc90f33ae6467b7c008e4b602
SHA1

bf1c58280768c6cc6e66f4c0b8a621698694b2cf
SHA256

ac7bedf7efe27c0827fbe122e4f92bf272df550ae3dea356a241c39bd07cc2be
SHA512

1955476f41be0aed7db4c0740dd3fb778f62518f27f9f52afc481f83e88d060feb2686597fd06adaaf8e0a2135c55de0e577134fc92d725301b2378e19e40c73
SSDEEP

6144:jrq9ntBflBz+OpZPRTGdbh2uH21e48NVK9ZWPjFPbJqAS:XUPtpB5Cdt2uH2UxzK9YPjHqAS

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
58	discord.com
103	discord.com
111	discord.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{018BE1F9-A78F-47CA-A96A-5D9A33066887}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{77B4BDCC-D6F2-4B2C-8571-3564DFC64AF4}	wmplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\media_images_lubieptoszki.png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\media_images_ptoszek.jpg:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
6024	msedge.exe
6024	msedge.exe
2384	msedge.exe
2384	msedge.exe
5620	msedge.exe
5620	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
5892	msedge.exe
5892	msedge.exe
5144	msedge.exe
5144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4236	unregmp2.exe
Token: SeCreatePagefilePrivilege	4236	unregmp2.exe
Token: SeShutdownPrivilege	1852	wmplayer.exe
Token: SeCreatePagefilePrivilege	1852	wmplayer.exe
Token: 33	2448	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2448	AUDIODG.EXE
Token: SeShutdownPrivilege	1852	wmplayer.exe
Token: SeCreatePagefilePrivilege	1852	wmplayer.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	2232	firefox.exe
Token: SeDebugPrivilege	2232	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1852	wmplayer.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
2232	firefox.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
5056	firefox.exe
5056	firefox.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5056	firefox.exe
2232	firefox.exe
1460	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 4320	1852	wmplayer.exe	78
PID 1852 wrote to memory of 4320	1852	wmplayer.exe	78
PID 1852 wrote to memory of 4320	1852	wmplayer.exe	78
PID 4320 wrote to memory of 4236	4320	unregmp2.exe	79
PID 4320 wrote to memory of 4236	4320	unregmp2.exe	79
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 3608 wrote to memory of 5056	3608	firefox.exe	86
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 3152	5056	firefox.exe	87
PID 5056 wrote to memory of 2520	5056	firefox.exe	88
PID 5056 wrote to memory of 2520	5056	firefox.exe	88
PID 5056 wrote to memory of 2520	5056	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\k7wasvUmhVhzw1tr.mp4"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4320
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:1828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b7c56da-ff7a-4870-9d17-42ccfda4da6d} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" gpu
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {530decd5-98e5-46db-a4cb-e54cce288c18} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" socket
    3⤵
    - Checks processor information in registry
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3332 -childID 1 -isForBrowser -prefsHandle 3324 -prefMapHandle 3320 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {141f6b34-57d2-4ce1-9166-b947ba430f17} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" tab
    3⤵
    PID:2956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3764 -childID 2 -isForBrowser -prefsHandle 3140 -prefMapHandle 3132 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80411c70-f57f-4f17-8118-c404b76e106b} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" tab
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4460 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4476 -prefMapHandle 4472 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2988e50b-1f72-4c1b-958a-9e50b5449f3f} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" utility
    3⤵
    - Checks processor information in registry
    PID:2484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1608 -childID 3 -isForBrowser -prefsHandle 5436 -prefMapHandle 5384 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7867de18-8715-4520-b7a8-bf06fe16bc27} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" tab
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 5632 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db0f83fd-3a88-4c81-8902-0a632a156e29} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 5 -isForBrowser -prefsHandle 5900 -prefMapHandle 5896 -prefsLen 27130 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f78eef-1740-4917-b28b-d1239c0ef3fc} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 6 -isForBrowser -prefsHandle 5916 -prefMapHandle 6064 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {097b20fb-06cc-4371-a07b-6d6e5700965a} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" tab
    3⤵
    PID:2904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1848 -parentBuildID 20240401114208 -prefsHandle 1764 -prefMapHandle 1756 -prefsLen 24528 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9497f5-7529-41fb-a840-64e315d26809} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" gpu
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20240401114208 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 24528 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9a32741-5eeb-47bf-9703-29b3fb725783} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" socket
    3⤵
    - Checks processor information in registry
    PID:3928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 25027 -prefMapSize 245025 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ef8bd6d-e473-46e5-97a7-e4609bca1bfb} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3872 -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 30260 -prefMapSize 245025 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13024406-0f68-43c6-9022-72bfbca86a66} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
    3⤵
    PID:4744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 30314 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0eeea15-ffd9-4fa4-9e81-9d1445818ce3} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" utility
    3⤵
    - Checks processor information in registry
    PID:4104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5092 -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 3256 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7643ac50-fbe7-4726-b3b9-3220307c8fd1} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
    3⤵
    PID:960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 4 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d0cf231-b3ee-4c1d-957d-7ea72ee4770c} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 5 -isForBrowser -prefsHandle 5536 -prefMapHandle 5532 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b540ab7e-e53f-45ef-823b-b060f22aa869} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -childID 6 -isForBrowser -prefsHandle 6032 -prefMapHandle 6036 -prefsLen 27782 -prefMapSize 245025 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e9d7feb-bfd3-49a2-a1c7-8e563e425d5c} 2232 "\\.\pipe\gecko-crash-server-pipe.2232" tab
    3⤵
    PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff996a63cb8,0x7ff996a63cc8,0x7ff996a63cd8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8324 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7620 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=8340 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2028,15945872144828551418,10182544037958852387,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=8176 /prefetch:6
  2⤵
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5268

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
538KB

MD5
123810d150f819ec4557e4014f676276

SHA1
0f370219e7118823c85f7279414ce166ef338b1d

SHA256
c1f5700414e125b7426fcfe1f2c07478c784b49139c4d3fee921b82ef0d65eca

SHA512
2812a5862da37d7e561ed9efe1b1954ef1b8f21980b4fe53027ec97dd2c4978e3ac9882bf7ac4ad47f92913db809c1cba2c4d97c8fd285ef7f608a631cac15aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
1024KB

MD5
3680d862474f5af9bbcd440e0bef94c1

SHA1
d7efa5887f139c3aa633bcc759092d1abe01028d

SHA256
aff07fd0d757945ed27cf0b9fd6d006e8f6eecb2de4d1cf5f9b568579f7b53c0

SHA512
29f5b80014f81a29f1d908d0b7d514cd739c20d1502bb536fb3e859893d43a3856b1b61a2944035289d766e4d64c82b3ae3a0ba2c583bc72eab889a8dd7c57dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
428b9c8e633a3fb7d4280525e5a22073

SHA1
fc99185ce342468dae668b47d6824ea320fc0289

SHA256
f8f6794b8a6c0769fe05e293b2c08a4c966f26c6cedd46441ff28532795f5067

SHA512
d3bd437658c7f91e0d945a7b33ab0cb923d1b279d109b087f469fa70e654f1762ed181ad005e07cec97138310eaaf65d2dc229a1e6256305c8988b7dfa959f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8a395ba3e03d063a7dfc80625e5c1bde

SHA1
57cb47b33aed9a8f2a6e6e193945af3d8e5f6a31

SHA256
0bf1d7684b15763f2d1c7cbab5dd8913e83e48645970de167a1f77d15592d5ba

SHA512
c1e049720b47785e232dc8aa1ee4f498f20d81f8699ce36709d435f9b77806f52b610a9ed1d55cc6d49762cff7ec313e77e43a8c31342b7222b60e645bb69f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
71066d8786e1f770b918764d4805401a

SHA1
55641c59a664039c2e4924c68edbcdc02645b113

SHA256
69c468d8ce33de498726625c32950c657aff9c5309db5b2cff6faab90f3294a6

SHA512
c2d3a6359aedc5e29202885cce480609d8d49453ced21b8672d63333f1d5f39aa2352ea71e39f89bb5fa6b7439627306c42008eaabb57d2404dd2ceafcab22ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb541a024cba8b2d21f85a00f87768d9

SHA1
c626682939b9f31edfd9faac27749721e30b15a1

SHA256
6df9aae5f8c287efbb20444e540bd8440f433c82eecf82d04643507f6ef7a8ce

SHA512
b1274dd2896240ac712e5827f77e5453fc80e9d37f081458ac8a3b7114c2f56975e49eafa59bb4c8a2dbebbb8fb12928cf5ef1cd209ba984b762cb0750c60584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7881fc3daf2aa83caad54562c0772404

SHA1
13c27d704aa63e7b28aba00f336011dd5e259e8b

SHA256
7c217fbd53010288ee9ec22be59fb2552e44e503d3b185cb181d936ddb5f65f8

SHA512
d8f8b1f8e2d37f6c38815c6942aa4cf9ee55b5753bd745fd936be54a4d88fc6d235f23238f6845eac484d20568e5de7acd1c9bed5c763032210476fbb6de6c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370634376406962

Filesize
94KB

MD5
3be8416a98c043a138b9eb8c56d0ad30

SHA1
ee21b59f19a97ea902b9849849893f26e1bb72b5

SHA256
a0bb6d30ade87e6695192821350746f53df15d5a223b75ab9ca00f06d602c5c3

SHA512
214f450c394375dc32f15c21b8fdccb7f4598c8c0b85083a59e3836f4808e21c9efd12e41431a41a002d19489991a4f2c57596ae6ac332aa1e2205471c989f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b570eff3c500d7cc9898cbf1bf8bf747

SHA1
ce74cdb3a81fbc0d2fedfe6b652320531693c0e8

SHA256
e41550a621e4a7962735e6cf65a5df6c044fb01e7a824fbd5ee5f9e2549c9e3b

SHA512
c6e0f9428e00ef71ac21e4e62dd73ce90bcf00b5d289182109d5c280db3a612f27995e174dc0a6a3d70d840f17387e0feec0f857e88b9e55f5a2c1b495c32807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592e2a.TMP

Filesize
705B

MD5
00b306ac460953dd240b27e00da6d84e

SHA1
fe4d84dc4ccac51faecdb62ec4bbcd98f540d006

SHA256
252ad102b481829bf6e7b1358c209faeaecbddd7decbff73104b03e6f2d1e214

SHA512
8a225fec2e2f6b4c65af4a1d7fcf3543937ff1c46bf8363842559b7da1b4447f00be22897e604ebb05e14a249e65cfc27422f7ccaef57d3d4f3e9d6c329ec46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
62dea080d58883e90d840fb391614d02

SHA1
e7ac7fef4716f611a678e32e0dcf36f29566fd79

SHA256
efa63162722d2afb15c1c0107b0a5cfa1eafb14796d0204d2a27a675313d7366

SHA512
32b9eecde18647e174ea2b22f35d9ed9aa2c979111f093abdaf5aceb7754917ee91ba21a0253fd7ba68eaf8e85f0a583cf8efe6c62639d5a8d97f3ff25f1565e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
bbb416e94d91b0dfbb49e250efb4e183

SHA1
bbf9700fd646ed2de62e7efc230b578e7cb5d414

SHA256
82302657180df4c8f2f81df34d3150f263b1a51773fc168b0b639906163d0dd5

SHA512
13d07ae391a9429f508a052aa7c6fa39fdc1d18963e2697f7918229dbebcaf937c65fa4209099178a9ca66e8ccb48544f24a073ca24837e65983f1517b054d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
ed3648dedbcdd3b65633eea0f6f2a5c6

SHA1
f6c750672f913411a4ca21bafc4f8d80eaa20a58

SHA256
df90ad387e3b58ab68b851fa9905e6c7583b663359b897d30a01ab7231c9687c

SHA512
20bef9fcca0c196e11bb476b2df58bb4543a2671f2223a27f3ace753ea661db27fa0653a88198668ab5f211475bac66e0ae073dc3f49970f82cd81df9da16bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
140caf65d0e9102bbf6ace279b62f8f3

SHA1
674cae8fff4a31a11494e88b6508b8d71e915d12

SHA256
07d39cb13b30191bdd192253e1f86e72ad2272f62b9a4bfa52f5e6ad2e96acd4

SHA512
cd9567c6410ee05cc6f366312f8263217680a3e4df13abaff6b3b36ec12c3c41082460e9a9bb5e86ba8afbfd3b173281962987016a9c8630f2d1d3d172698f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
5433eab10c6b5c6d55b7cbd302426a39

SHA1
c5b1604b3350dab290d081eecd5389a895c58de5

SHA256
23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

SHA512
207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
30KB

MD5
a18fb55ea82b6dc84b99558b0295161e

SHA1
51cea44ea876bbe7c14595fce31a3e5be88adf79

SHA256
8b6ab470cd359f943bd4050ab02b9c71cc23d971a58fca952ec46d2e36a26d5b

SHA512
0f8a8d0da88b2a6f22447b1a414a87ecf655004044b6777d78c60ce264d79fbf19fbf185b35ac47c117f3bb00ff819de2c19f858879c67660a5cc5ad5cfb9125

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\10A0222AFA26BA84074326BA5AAF691B1EB56EDC

Filesize
32KB

MD5
3e8f39df14d477c8b1d54edfb17c63f8

SHA1
b52486b8dd8a8ea32e53817143031a96cb9e7e51

SHA256
15af5241f7e04df59e69fb5129aea96822b6139c8f9e89a4293e3c8d6d41b005

SHA512
04dfd27dd909229bba0d0c9e27c871f0c6d1ddb38f1da33cfdbcd3c09a6eb7bd085ccb2b3e6be19e289ec1023841459807ec409c4d6807493e0fe4eb6ba8fa12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
06ab93ad7fdf936548a64155b008b5a4

SHA1
8246d25a1ace7a98729ca0c3c95b1d6d1922dc02

SHA256
c0c13b847610bb32152846c936b3c2ac4a185b49b18f198c69525f2bed7aee8c

SHA512
c4a70e7edcab8384b35d8551adecce69c6ea8a20caad79c3a7a1375864eb4d9160164295888e8defbf5e8658dcfde47d94c13192363cedb63fd8bee58fcece26

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\60CF38545A505890F10C7430AAAE5029D396CDC2

Filesize
15KB

MD5
e125077be6631a63835e461f640ab640

SHA1
7fb907fd69523ebc9d6de80385434fbc983d0659

SHA256
25bd6e43d21df72c2b562ce6c7bbbfea75460923c9c5900779f82bc7e4114e75

SHA512
d801164d5d3f5c8b1d6964c61332974cbe4c32bb452a305a77b225b03fed585007f083baff0708e8e196b037bc9aeb76cf71a7e04fccd0d8a14fe842b1253071

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\62C514A3D9BDF3FCB31C6A5B8A4FF2FC8BEF667E

Filesize
221KB

MD5
bbdb9336ada8417375b5200b4abeb6c7

SHA1
d8f4a1bb9e7a4608a5b61a98bcebe3a00fc2f6ec

SHA256
ce19701145622e7d5af4ba07b9bc92b71778396d24b96c712de531a8a4b0fe2e

SHA512
7a362682c97d79573d9b6fcf8be4811a4367c77ecf7c6cb220493a0ee081e3438311e4ff5ecdf8fcb8620e88e32b1c7f9f1eb25954c43ba7ceabf4624fd14596

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
041f29720b2ef9b08a98d79eaed6e31a

SHA1
29dadfeba593af53a9b0aaf84bad0f02e8a46dcf

SHA256
12a14f3a67a63e303b270524ad4496563768abe94c88d46dafdba1bc6f7bedf2

SHA512
d179e01cadf45f45dc05778a5b38097a680571e184d1b6502ed0b3b6e09ea14163241cbcf44b19f6dd519197e1a0ae1f26012c1522f04d19f8e69abf85069523

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
16KB

MD5
7ced3b797f55158862612a0c63356ef3

SHA1
9195e946c3a445fc9c2a26f7957d5e7f4a080344

SHA256
d97df6ff1a48721f1496db2229cdecd8accd719a477a6ebcf44c83cdf9b448ea

SHA512
06b2340845c0a654b2e1106d5de5a4c083a672b651f28cd14b97ef228ed0c750a0ba9819f97031eb6e2a55d9bc91151c5485d0a2b7347c9ed70dded9ae7c30c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\94F72B6F2D0DC3ED340D601AFA278D214906FBC5

Filesize
9KB

MD5
ca66a6e1abbce187015906a4c07b35f8

SHA1
2b8a77b95b862931cd9598559c64b183022fb00e

SHA256
deaf0f2ce5b048943ee8f948bb54da6b872c7f6166a078cf137bccef0cc42536

SHA512
c9244f692fae8a9a815d18538547be672635c73b1b1db7f8ad0c2b4bd775c7c10da741d0101029e26d0274e993049a5dfc5f5ddef84194902ce6bff8b0f8377d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
b57e46987629cddb5df972b2080bb21d

SHA1
59b689ac33349d4c55a3bf71f055859aa501082e

SHA256
7951d4655f399e2b17f04053503ecade04f0b9fddeb60fded62f48d055948a22

SHA512
207721d9daea711bf0e5c652f4b04669b926340fe25f0068a2d53f8746aa4dc86571b9ac067022b6780584cd7ce3a3aa3dd5079baa52b863463c82317c95007f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\A752BE816C32A166B4212612D41570FEFDA0B4E8

Filesize
24KB

MD5
1343b3a19e6287ca1f702007a27380aa

SHA1
d7006a370bf58d63519129d45758b82dd6a1655b

SHA256
a2c28391fcc8347ac41a71af1eb3b9ba239894af83545c649e380668b50eeed2

SHA512
cbe370ec56488f575ebe9e58b12d5e720fcc34f74798fd9d5ae858ad6fa632fcb30187ccd1844e185ef2e61735883ff6e5c587a2d9c95698b40b573bb3908df4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\A9FB5E6047697568641592A7A75CA6ED3DBF5590

Filesize
9KB

MD5
2900ceecd0a90fc51d2426a9198e7b7f

SHA1
b9e5ebc8deafd1ddf6d5eb4ff756797e224df779

SHA256
ecbbd0a01f9f11504db1e588e70c6dc66ed6f7f7f3f3cfc8837fe4b0f7fe655f

SHA512
334c2e662e0b8e7d4d776947326103ca34eb3b7d3b8ccf0762b7354424e73621c0c1475afcc5189e6a654ee7cb66f15e22fed27d2060669d4fe24e3edf6157b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\B7493171F1C7EC9204873E02C5A4FD3214532DAA

Filesize
22KB

MD5
b2d0181992164b5768adffb2dfe38a8f

SHA1
2fe9100dedd6c72f7fc89e2799e0201338c0e607

SHA256
b0b960e7e32dcb99e06dbe6e1f0ff3c6a6715902b77bb798a7da3c273b0a0f87

SHA512
19e2a3d553208361d514cd4839205e762127f2d0f02c43302221f91de021cb07d015ecb6314a9da850a988b18fcb9a761279dd23b3d5ede24ced12c9280bed48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\B7493171F1C7EC9204873E02C5A4FD3214532DAA

Filesize
60KB

MD5
2bc37ec62d8951ece684d90127233d93

SHA1
eaf9cc372495a35d177c54bba108538052d5efa8

SHA256
bcd10d6a2d611992df057806eb0233677df025b5fd330736fbbd38bd68a469b3

SHA512
399799d600210f167dc99d215c5c0f9f0efa6cb2c87a9cd6015f388060b71fd8a17159cf61903dc56c91f34af8879b3a2126cb1c5fc53db38057cad83994bc5c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\BC74B0C7586729507EF539B36C4A5119EA662686

Filesize
9KB

MD5
6a63e42db820bb36e5c16e0cc2d797d3

SHA1
ce514df024cacb808dbb69d8a694404d6b2d06e5

SHA256
a45ce0269ad4064dd1d069182cbd84b13435a3edbef91fcaaeafa02d11745853

SHA512
6507b2b615b5d365abf69a2bb842354a2e624cb85a154490445004e42dc0c9ce3aa692c0be573b00f02ec32cc62b9f095537e96ea9ed2cf271dec335aa71d992

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
15KB

MD5
f4e709c4aaa395a39fcafa740241ee72

SHA1
2f44856d42ef09b4b54c79298d38422ebe6545a4

SHA256
a8885950b2d5d90f6de282611417262109b36af9906cc26e1edce65020cce293

SHA512
51b23dce724f5c3e6181a7e1960216a903c89a4ffb53e70cdd10a0331e79a61b46d6fd4435e6cc79c0cf2f0f5f34f6e94cf83c778d6ac8da4632bf98f1f0b88e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
145KB

MD5
3384cc149ca9623aa50605445f12f315

SHA1
4804be2d7aaaf019b7cf442b6718382d49fedcd7

SHA256
c05dc816f547789e3340bf816cc05935f0d43369ae35df79e1a9283b426ee7e2

SHA512
5771424faf73c9ad615ee1a6893ceed125359740ca1813eed73f0ffcbe860ee38a3ff4f90d74cd241ffa45ad96725449b83c131f1218b1603964b446dd36600a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\D8C2CFE0485DFC922614553B1999E8CE09530D68

Filesize
23KB

MD5
cf3406c0910ef0ddafcda4436fc776b4

SHA1
42c81912a2af190daeb22e6eab48a2ffe0066ad0

SHA256
9a9fcc1573acf213bac0047db365b2c2b7af8f75e8655e75749ae4ad9cb57c8a

SHA512
e1a8a62b682b21ff0b5c509ba4c8e67f9943abaadb48cb98b79a1314dcc7de7dcb20b0d08dae98fc15489caf86798c4d1d3c0f012d9e51b7762d368fd3ce9f9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
304278a5eca0de5186ee6cd11173e766

SHA1
a438fd631381b9c6770b37e857c569af24a4cfc2

SHA256
35795ef61602e81a592f609cdcc894854f1a1e42df0be2c8c93850b70d2e3ead

SHA512
e7ef897f5b89de26ab6c991e64d3b6b8bf73a39f5f2f96f67fc7c299f4fd5c52db9fb4e10c94d12999e01ee857d8965877d866cfaede4f9ea198ce05816379c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\F21F53293B85556D4D7282B4E507DC37E6D6037D

Filesize
9KB

MD5
2d2151092031c2bd0edbfd7f73c48451

SHA1
f7842ff67362162ffbb3097015f60b4c07213db0

SHA256
7fa38728b7d42e7b1d6cb6b98816483170606cb7cb7fd7a479d7dbf1d8343820

SHA512
c15110e6fec1066859eadd6b48f29d4e77d0f948cae6651f431a4278a17151bdf7b0f55fff6e7f7e901eb3c3ceb11a3083563ccf3c0cb23abe0d92807eeaf232

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\FAA749CEDCE427A154C0BB6A9180421E04A0EF0F

Filesize
221KB

MD5
8241b74e7cd8c9ac0d3eb7cdf8c54ed3

SHA1
8ed6cf42647b46d40b0de57ae1ada6828209265b

SHA256
ce82cd6a75052f3af4632604c1b233bdc3d7fd232349099b7077982ad7a3c376

SHA512
fb633a4fd21c4d2ce7ec454bb13e4fa1c6a4a0ee4fb953be4853a438e42cf81ed46c6a4a69a83a8364449bdb0375266e8e51b02e4161100f90e9c9eadff57235

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
1d3dad2e920cdef34e5cb6f2776dda24

SHA1
52e794e2a7c054923da7479542f3c3ae2b030fc9

SHA256
6c5b2ecae0ff680a41cc259f9e7f81a608bb5e21d0ff8cd0eb03b7c022b89835

SHA512
c5536ea01afeab90565511e4505dea5d3960be3f8609748a304538833816898e6de1cd5d365d686a4f70c7c51bea8e852278971046b356cef9a370d50f332f46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\startupCache\scriptCache-child.bin

Filesize
705KB

MD5
8ec6f0cbfe5f9d87f944115fdcc66df8

SHA1
add1b91725be116115d558103d1fe8f0b216981e

SHA256
86040760ef773fbd5412389adb2477a078c31a32d2189038d620410e62d331df

SHA512
60c5008c66f31313cb5642bdbbfe332ef70402e300a3dc101ca21a7ab0e3a36b60d153c40784cd55493a5047d0d5497c2197b6502776a475721090953fe440e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
42ef850edbc139a84e7e3b20653f072a

SHA1
8f4865cac36ba29890d1d0bbec93d36393d545c4

SHA256
4770d7a9a2fb83641bca7ba915eadd15fd6349d4a0fe3e37627550453feb08e5

SHA512
aceaca216366d624744005c55acc2c11c065bdf54c309358973d9cec1fca7f9cd9b12573c2be7487dba3e5147ef8b01ccf9237492bf8086deb3799eceab217f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
c05abd4cf28f07e05dba2ed2f1457b4d

SHA1
f8fa803a2fedd7e1f4264c56e941abb093559d63

SHA256
7dfa33eabfe9bc85d4810ef6d2216ab27e40d64cfea27aaf7b4c7a5b74a65974

SHA512
65ff59201689835a0a499b89ffa163ebda0bc070677090b2906708449b69b4112d5c5f46d276036e4ad20f95e75a4d8ab328567577468643000122021b310dc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5vinb3pw.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
d15531f643f59d89ea626e4f138ae89a

SHA1
d65ae67d948a3d86f0985b41777c154d55ef1404

SHA256
7aa9b67d17d1178c8c86a8911ef22184c55a036beabeadad9aa0e3f098b70329

SHA512
8c20a2b2a4604a857727a63dfb15b846fc36d499e4edfd70d801f927b52fa1d526eab03130f6019aa2c0df732067c44d5148d91a7a96184e0c90206d7c50eff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.ses

Filesize
53B

MD5
eec9cce675c966215d5c486edc92e0ac

SHA1
c6726950f4599861e5af465e68dbb467fe092001

SHA256
77026d38ecce1e6f4f7a7a8730f80b347235a6988ba42b3b0172e9cd2f7c2246

SHA512
a685215808b3e98ebe3bbdb0ac46888d59727ab50cb69ea8e78dcd3b603dba929baaa318e52afb7d8a14500f749cdd84a8c63b122b3e1188a0861814838a248e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
fb24dcd5393119edf1b72df9f1ce4cb5

SHA1
81f29a50204bc57bb797e5d1bc3fa00ab16fc992

SHA256
95decb31e392d846d185d61a36a2bd0c752787e16cb1d59a54ebe95387ef68a1

SHA512
768eb243e8934aed252f01bac7eac0182c6ae1c0d4be631ec3f44ade8d6f6db5c78de5417a94f68acc448be98a1068bd9240ebce9d6e2132fc82b7e67a1e769f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
6KB

MD5
5f18960b7eb5033b7aaa95ad21aac625

SHA1
a03aefe150fd69690a21632502302a301bc58488

SHA256
785325efc1fa2c083270ed4630d60b07d1731dd9e1b63955a6fe02d663a45213

SHA512
fe8739182a5dc021647d494558fcbcd0521df15d4aea861582a7c1064998bd4fb5f360ff647de86fed35e093c67b9e8902fdd354fc5d5283623550f971b16035

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
12KB

MD5
2254deba269f9e79b9576b0f78ef8378

SHA1
e7786e4d0615d00495a26ce287f311ca2d240277

SHA256
c65b6c3e09399ee4680a62ebd224e8a3491d6fa8d9706674b5863b620e460c3a

SHA512
3e3f933d4a0fab099a326581cd671461d16bbe7a18b8282f38c0459d82f28bc5d8405a468f94291468e1f1b39a20f72c9cff1d22ed1cfc295aca37dfdbae7e9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin

Filesize
12KB

MD5
26fa7fa0b6f5f57771d18489eb94de51

SHA1
5d5ae350e7780fbef4ffba77393f9ded5cc932b1

SHA256
12356e8a38f9578b6bfd8f676d3ca806012e096d5a2467136435a5025807cbff

SHA512
e0872413af057ae61f072d4338d623daac8aef4e0914f9b2ee9545041525e31c9bad6a84321ec6dec6189a857bd7597f16907831156df9b39131e08ee041d0a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
f91dbca0bbf4bf936d4a57076f07ffb7

SHA1
ebe9801caf80658918e4791553bdfd5056296561

SHA256
05687496dca56003ca5b743b4ba413aac7b5bdca5164ba2ef31cda963deca6b5

SHA512
30485ce85d0062c66a4e9842b78d238c2f522bf7c7d1a49bd1757b944c98ca2bbfa45d8af10a98025564682b89fab218ee69494df300ffd6d80c580465e65f5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cert9.db

Filesize
224KB

MD5
8312d52c9f9d9325b9f43b2f184c33fe

SHA1
e2c0476c9c4dc761082f1aa9af860e7bf629d607

SHA256
214f79ea270e9fbbb5beaec8a194f30e17d65911e9394c2871b6bc5fe9cd3c61

SHA512
1fa7b4e268a171037a0c98262c41c49555ea7a8f3be0574b0ffe5237e1839cd51a9b5689e60e59da09e4e7cfe54dbb611955984752c5b0e6f9310d505795c1b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\cookies.sqlite

Filesize
512KB

MD5
0382e0c5278dcbc1f0b716a832cd267a

SHA1
396a3e8062bf7286432bcbaeccf3e5121034aa61

SHA256
b200ef86a0889447775ea9258fa0d54dceb0d5ac9218eaa19867d59a59413be8

SHA512
eda471ba69427bc0f3a302816e526f7e707a23ee5c235579e46ace35551367de2562b6584ab2d98d8c43b0485c495c946b3cbf2b2c90e26bba45e11f3904d7e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.bin

Filesize
32KB

MD5
a540757ea7a85c44ba6b10dc0aeeb007

SHA1
e59a0a60acd92f669a47992ba388408144c785ab

SHA256
55d0609614fd6999b804c30130d3895ccc07a4e9433227e260e5a9d817f54379

SHA512
6cc16c74b2d97cdcbc270e1865d4489a69017da509be7fda5ab038fa27cb46f435d725df5a7e821209818245b86fb1c1ada05bb01c44165fce68165f1fb294fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1a2c1fcf3a57a39e95545dfd8ef0ea8c

SHA1
937d139a7e1ff23850246d2c702de22b586f4fd6

SHA256
0e555a039af3cabaf7d9eefa18466075a8d79d9d22f1966a31d04da5b70aed78

SHA512
3e0e3801232ad696e9d3a3dbcca7005aedbf54547d4bda35a9901c96ad0939282576e4c222db2613bd7c21734b6fa8c91fcb89c996f3d95f5f8eb8db587c885f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
2e9635a99c7552292cea197686a0f08a

SHA1
4a62b6fc3851924beab53d71684f9df378ca0106

SHA256
a6c73badf392595150d9f0785724648283cb1698f13469b48a0f9d4d5e2906b4

SHA512
a315d30b4fc0c224b815ef05d664dcb52bba0ca2d7804de7025bd7b96ca198e60208d59ffae3f68fba6914f2cf62ae25493602aeceb0664e738ad64a79bfb03d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
0bc401e57ac614003d6853a96fe1cc1e

SHA1
ad86e526765f226139768347a907802db96b5dbf

SHA256
6e415d236fa59877eb898a53518895e21db5407555a896d23a356fd6732fcd96

SHA512
3f2df87d1e920cd573c99e38d7d9f9e8de20c65bc484a85b7636adb73f4f8194f8139ea52f0ef8cdaae223bac8a39f5b03cb7c6ba65dc965fa600bbb28df07b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
e8318ccaf4265f86f97b399bc2b5b6f8

SHA1
de3f5c1d834e3ace700680ea19deb158105962d2

SHA256
04e666293eda53e928604225e09f098acbf3d61bce6ce4c954ede6c873a4dc70

SHA512
32bcbf8dce7780610693608e0de195780ce839a4ef02ff0988e53209836ce5cee2c1a7df422cf81ec3530e351e9c62e20bf3029eb37069c73d13e7d594e3406b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
bc21da04409e2e1aadfefb2303869712

SHA1
92372e36fda946947674cba0c3de07347054abef

SHA256
5b8b45a8d44af1bd01d34ce66d06149cd7bbb93d19c03bfdb7d5754fa6b427b0

SHA512
a6bf2d187d751e2983a1ae60c1201f36825708004c0ef347bc89abca76006c65cd73bb2a979f6471ce2784771b0c024f9d8569be3d8a43e2731ce3818f39209f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
82f8e119b850118e6a5cff6cac1a30af

SHA1
f1b5e24aefc2f12886e58dca510ccb6923f86621

SHA256
f75a234b3fa45e1bc94ec5f81d073c161445523ee152b21324d6372ac1313276

SHA512
1a78f3dd2126314a55d388e498373f5543351d3487cef584e5643addb73a290ce5d549e1549dc93dc6b73a36a665f47fc3247b775656a6b900dcd7a28fb85f3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
fe41a6f945a170e5fbce143434e24e14

SHA1
e51e98eadfbbf306339ba51c75e19633cb037c0f

SHA256
41bf5ede0c2c1ecea7461f48853492f071cb6aeb1bcc44713eec557d29ad205c

SHA512
5961d1244cd42a66ab01eb8bc5815ca4028404ff2ad5c9bac8bee277b209dbdaefb8dd2e294cfc5642dece92f63f3debd0449cd52beb6386f7b4c8bf8515564b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bdcabf0a812cca149b1898fc5a89df8e

SHA1
be2ef3e2665762fa9bb620b9f5c712b2188f94ff

SHA256
c535ceea6c1c28648f92bcd91422d0b38d2c6e48bac7982fa17a403488a07068

SHA512
3fa564ce1152145bcc90abad8a0636ba05fa074ca70658c113611019527109bee9f70efb6a89f8a18e2a703e4849441cc70ea723a3e1e7701755a191d95d8c5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
a87f8b4bfe6fce00b8c586a4f91b7351

SHA1
64868b7d30084e35244cb0418776a0bd36dec981

SHA256
78081f684aa1ca3d07fa83babf918a9bc7fc53b55d3664aa6b7a4458d23d3e64

SHA512
92efb8719c24c4d49fd6240bc1d28b2a236a44145a453949a719ccdf9369055fee44bb2dd8aad72021065fe0d79dac1d84da3a3d071a14db7d6474f4869c3fbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\events\pageload

Filesize
353B

MD5
fcec8cfd4bb97fd5b7d7bb25b08204d9

SHA1
f32adc5f9d85ea436f18f2d08aa4e0fc24a97cb3

SHA256
005f06905a7c152e21bd1e7da4c883388d1054339faa18b105184f403936ceac

SHA512
829af173c46ee4e7e43de03970a5e57c3af6d998ed4c397a6046604b6792ad671a3d6f67c15cfacb04980e62ce7621d1b5a58192afa4550154e20adace73438a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\11ee2769-ec9d-4cd6-a392-776c01393f53

Filesize
743B

MD5
d87aaeab9fb85dda908f051896be18bd

SHA1
a50a292b989d740840167a95fa3a4c601db5c615

SHA256
379933b99c6696f340b26feaa128f9ee4d578332550412af3781218073c93518

SHA512
6b2dd501a87233e01d8bedaf384351047cacbda34cd4352e12da76fa9ca7b59da7a1703be473d040fbc49329d6c488b740ccd77db281b898085f18fbf95e2f70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\237be00a-0e18-4140-b631-899586ffcba4

Filesize
982B

MD5
22287f647f1b1f344727efd32d8988bf

SHA1
cb4506fd02deaa25f08aba1242dc52505db15e7a

SHA256
f4d02f52b6b1f4152d401a156f963c9241da16e8d836eedded51c9868d2f11e2

SHA512
1b84afe0070fc968667ab87e9baf122022a8ff86af8267e93be6495387d037fa450ee93188656027715a9ee5a3502b13783e581d7c104a5a9e32674203639464

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\59c1bc18-3f68-4d15-9217-201e1ac93973

Filesize
734B

MD5
d812ade04932b4d724222538d50ddd4b

SHA1
de59154811578959d1c1cab99cb70d17542cdc74

SHA256
1e232910cfb528b5553b4aaa9a26e54f9f081859e7df1719802823eb63878f4c

SHA512
5b64b66f354b91d4e57cfe785330c41b27792ed5f09ab33772ed549268079c89365f275d6a4ebeff74eb729fb7c4699624e47c314315ebf427e4906c130fa025

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\92b710f5-9ea4-4d82-86fc-8c2919c4de15

Filesize
671B

MD5
5ff9eb4e3e0923bf0789bfdfe5784e48

SHA1
26d482caf99188b8ff87b3073b59ec407d18a0c0

SHA256
d6ea22946f480a168a47de4f177b40e371b3773dec16296de4845e63217a881c

SHA512
1e590fb0e17a9b5de66466425230d2e58bf4d73796aa5760d07cde0cb3f1c23d142be7629a217e6cb2b1b4a48fa3d0b7240dd862d2783b31ca35645b590d4235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\b182ecb7-cefc-46e7-bfbc-a7ebe3a5aff1

Filesize
8KB

MD5
5ed9cc7b8b401084b5f04c1d8978bd1c

SHA1
6d39ef4c6e6e6f34dd7bdc5ec6a605f3649faa43

SHA256
80a3f63e44b719321c18b858121957067f6433122b8aa15d60e5d38f63166df0

SHA512
061ce9a1aead61637571986e8df8c93f6f9c563e0dc635f51a6baed2ed758d560dc3233ef2eba6d6752f1cecfce471544b13bc75276743c38e85f420517ad2f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\cde384ef-2358-4090-8127-2eeab4a25e1d

Filesize
25KB

MD5
fa1a56d7112a42fb5e508f69ab5eb2b2

SHA1
da09a7b2e3fb7c49c1568b2ff5258434c84b8a36

SHA256
6cfb94413fdabc70e2f3f133948e411d4f09d5450554a42c19d1b75a865db6ec

SHA512
c5c5eb83dc03817267866475188da6c85883fb70df35bfdf276b76fb3b8a7bc730a7faace9f9ffb815c19d436b034eb194bf8c5527b626e978d9c1b38c987ec7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\d2364851-67ee-447a-acd4-d0f4eb056d6a

Filesize
2KB

MD5
49b8756638089624b8337c6aeb938946

SHA1
675a385b6000d3fc244cc219a78a410e3acf7e9e

SHA256
5990933eecd87b170ca4e4bed8aba5915cca00a2fd48e852957acfc87d015f91

SHA512
6aca3177eb6c615d14bee4b892b32677493486c817918a2cdbe7b2f5786d5a70fe704ce05e6ca1c108943b0768c1a7db54541790f8b4ed6e943ac00d7e28ce7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\d497373f-d7d4-4dea-97d5-bccd46f684ad

Filesize
4KB

MD5
980dda7ba6551d55094291b6b581cc55

SHA1
9f6e5fc3e3c5690ab2098274f2b312767077c57a

SHA256
f79ff44de833149e084c162b9f26f2402968712057846f8e9af105e0e55aa745

SHA512
de9bede0fb61e379c80f36d89f248026b7e2e4aeac16e2852bb18b272d2346a4baa1ba9afd209b76622ffdcb316e617bbd3e13cf039d2fa2a6f205214d48afd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\extensions.json

Filesize
37KB

MD5
846d525f0662b09aa67e97d8128a62ea

SHA1
98da6bdf7d0f90fe716bfc7d72e5ffb04f054466

SHA256
d96b1424aaa358e582a6382006fc5bf92524cf7b969aa21e61bf840b32ba74bc

SHA512
7c718e6c11b4717b2d77ebc293baa957ec4838c79f893c932c0aa1e688b7ef01450dffafa5e9544a71dda3eae4e3c3f7a83ad46399b9a7ed57d73eb6950d613c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\favicons.sqlite

Filesize
5.0MB

MD5
a10b518c91502442b47e927acaf65848

SHA1
162499d6193dc46d71be472c34d90cd2c3fdd633

SHA256
db223f546756a0fdc5c80eb15c463ad7d6b855dff785c82788790ce5b31a821d

SHA512
d4051ef5deb7118031e44edf13cc462ceebce602438c48555bae4d46b4c4cc287b4fc039fdd21c878e3f5ac50b767a0290af6cb69173ddb4cf6944f27c875355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\formhistory.sqlite

Filesize
256KB

MD5
9dbbcf21ed2f661367ce8cbce4eb9989

SHA1
9144e08e4e7d6a74de597a2fce97cd2b89e7460f

SHA256
188be29f4339d68c7f5abd7b5a935f9f1c3bf8f7ac97d3beae9be144a5b9aa4e

SHA512
ee96ce52b794ec5835601b1918302899a8bb5cab4a58ae092a9616bccabee312b832d6d543979e6ae040eac701840ab1d4c4b4d250603531774d309ce4e5d0e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\permissions.sqlite

Filesize
96KB

MD5
3be7f8d5f3060397da1ef6863797d9d1

SHA1
d47d05d6d521df6a72574c2f70fa7c661f1fa332

SHA256
862f997272c7171c47f1fa2435cd6ac2319db4dab168bdd12dfeec13016c8f13

SHA512
b0f278978ba25cf43d0f35755a91492d36b76c47c35ef7424b4a657ceb030b79a8ce996965842486190c72233e204125bf91453a1f048d2f3ddd53cf486776b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\places.sqlite

Filesize
5.0MB

MD5
24762e3a6d854846525c76842684cd29

SHA1
11d5f85d759d7f7aa1b5d0a037070a1a7604fa9f

SHA256
dd547593956b2de6ccdef2bc7ce60a1d3bc2f0c6a39e6af22a1a91974cc2b783

SHA512
71709e6d14f9e61098999715f3d2311e430e2f9ff227a68d10f71eb1d75197caddb3800e8442e5d9403448253643a1e1d180ba0b178e8873637be0d62f5f451a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
11KB

MD5
a4fa78a354a86cb88bae6c56341b19d4

SHA1
ca828f450db2c69147b136708b766caf8117ae49

SHA256
acd48a6516af4f064ff325b5a71e1fe015cd7927aa1886f03673a199afced3cb

SHA512
6e1226ea81d9e9c496b0f7ca5fb67319e6d6f39db8c1950af3741e6b9f1e3ffc6d09aaa6eceb5d75a12ec47ce96633e16d7a68b522866c9fdfe15e5d466e06d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
11KB

MD5
8d7b7a628ce7220907e1b13143cbd638

SHA1
1f0962d6a0aec6844c1e0ee8e38ed0538d7d518f

SHA256
1c540994b55cbfcf70a1e1508434a346ccf38e30c422e640683837b608e3d887

SHA512
d121750c004ab2db220a90fb9b43b577d227f6329ebc30ea67450b93de3b9923330f0bffbe37b6b5051c91ff25160d6ed0775cd80b60515ab890ec09b9490875

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js

Filesize
12KB

MD5
983c5798cb4726b8b33e611bd88b3ebd

SHA1
528e8ed983accc533117dc3e6aa186c2e32bb5ea

SHA256
6359ce660fe9d3d50148088a9fec705e149f16e7e67236614f3a4cc45b2e6739

SHA512
d3036be271fa784511d8e38b4a952ade71d5874cbec4d48cdb97d01b43978fe582086e6fdf43dfb1beea5e0aa5421cca1f1f1ddea383a55ff88294bee8b177de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs.js

Filesize
12KB

MD5
7ab9d9ab3f7f94a607d765daeaeb9b06

SHA1
b3f3536ada1e2714c6d7fc5d396ae60af3f3c7b9

SHA256
e0501ef2c0f7e54c1161fa3d336c3a0c5f259a69342789946b679f4f653c09c4

SHA512
f96bbfb6d6955af20504385ead539c5025e99c0e52767c17f8b0b40a717ac7adee7aa3ad393f3cee8bae6657da9232e6036d4fc6b37b6b21f80400fb2be95991

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
7e5d8e6f601b32fbbb26aa2c3b27b52e

SHA1
b17e00431cb6603dee1b7450cd4349e32e4b81cd

SHA256
bb90bdcb4287930bb073c98f6d40dedd734aaa453b0ec17ac9e1eb0e0dc88aaf

SHA512
3f2a24d048e94e94df26c26941ae5bcc6dee22d5594d9fd613c9bda3d94161c9a3e723f4582ec42b9edd0d33766f30db85ec1e7d183563ec87bba917f4989ff1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
1167ef398c318c9da1928884b24d2852

SHA1
583cad1dfc71aa63f1f185603423e5b2ed0cf2b8

SHA256
87b0a88a7e654e75011803106254219f7737ff3e9770ec9964577db36ba8e7c9

SHA512
49c5cae49f8231d36f8b1cdf6ccd7e3801fe285277a9c7434edc4b6b6d4016af60c07af86f8b14d0abd1f90166d0913172e65313f517e858cab7d65e0ed14d80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage.sqlite

Filesize
4KB

MD5
b24b2ab22994b29e694dbec1004e3bcc

SHA1
f15d21e6e6a8308627069ef0008fda37fe627b6d

SHA256
f1bf867081b181967229a8f69ab93c31643e9558dc922f90b5fb41e4b82a6be9

SHA512
b8b3ed5cf155ac5fc58e5bf38f374957702264225a9c1af88f5b6b79e2694547bf3c53b741c802e17487b62fb79707cf28f7eeb3872d1133099dac63ebd79b2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
52B

MD5
442e4bdcabe7706d0a040562023a0256

SHA1
8b9037e573a6a3c8c75832e6bde89c309c859329

SHA256
e6e48c4d484b67ac69f798aec79906dfa2efee357af3351dc1ac76f663cbe4f9

SHA512
3ac15ee18f16fbd732346d4fddf8522d40bcd6366fd4efede452a6b5f3de7ebfea0452b7905257700a981b283da0ef6551933e90af130a7ddb189dff6bbe2786

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
291ee25d815701b696876160c3c4d802

SHA1
b9b8b614ab277f95d3a1608d3292cdf4af72fd69

SHA256
bbecd00d9479f92f06d1b131b24d3cd2a5491aca68c0096c8907ae021ec9c866

SHA512
f5ff90a6fab6baf04404ea4c8e9b0608e24a77814fac3821439274324f5776318c46c54be4b7ca699aad4cdd04de02933fc467e2a49665e92bcbc3e37c6817d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
4c428e195a2fad0b912480f1aaa48bf3

SHA1
52a8ec75e9ebe26a80438cfa5b234ccd96f24621

SHA256
330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d

SHA512
795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
af6f926e52deab13d8b821f680e8dd09

SHA1
e2260470a791aa7b0db5a5a08ff5b6fa91519d27

SHA256
5d982a5ab7b526e0905baf08186a24596dfed14e7636d61876aeb3e384df2163

SHA512
ab34c58b09276001fb0f982ba81d27fcfef59271284388805ef7475cd5dc8023b1602f8383129c1c9ab73f118287373faca8453f61bb369b803e3bb16973d9a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
368KB

MD5
0481f4840f6f16ecc538e077e172d448

SHA1
fa05d4b6f8470eefb676a09f9b3a5edcc56f0f15

SHA256
bf0a91593fd0524d121037981ab51a011fae641037fcc8a2815d0b66cc9e29cd

SHA512
2181685d0d7b258cd22d64e81ebc8ab5657e6898fda370d0c079bb7d041d760a4698f27eab9dba1d985db42d16f73dbfbbd78c52bc50462ad9d9053f7e30b73f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
7610421a9eb9b9c8ccfcee9dfc7a8569

SHA1
a43df725e8bc2ed0eb94464a3a5eceb63acd650e

SHA256
755771c1a5a8a1b7aae482f0c9e672736ef2abe732651523613e2df1cc041b09

SHA512
931f69b4468ec435b4cb78c43be60de150e94bcb521910e911a63423dd88bfa52d4284f9d2d5dbb51e10aaad080376e51ee8064f02f0f0709527d47290e6be97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\xulstore.json

Filesize
214B

MD5
97681ebdd2c278701e9b63a1bac456a4

SHA1
d458ba7b036124acf6c418580a8ced95e1704d75

SHA256
930b511c4a8af4d71d760db941aae3cf35852207e311d24f94fd7c7fff8e8cf3

SHA512
e764938aed8eb500f4a31ba757f2fb90f74fabc27076aa7603457f7a04a9b4a47d6e0a12c63d134f684b0e9151ccc95ab5e2eb4a1ee7d95c2f5366f0464c2d73

Download Submit
memory/1852-37-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/1852-503-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/1852-459-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/1852-38-0x0000000008F90000-0x0000000008FA0000-memory.dmp

Filesize
64KB

Download
memory/1852-36-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/1852-451-0x0000000004D00000-0x0000000004D10000-memory.dmp

Filesize
64KB

Download
memory/1852-35-0x0000000008F90000-0x0000000008FA0000-memory.dmp

Filesize
64KB

Download
memory/1852-34-0x0000000008F90000-0x0000000008FA0000-memory.dmp

Filesize
64KB

Download
memory/1852-33-0x0000000006CD0000-0x0000000006CE0000-memory.dmp

Filesize
64KB

Download
memory/1852-29-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/1852-32-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/1852-30-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download
memory/1852-31-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

Filesize
64KB

Download