hxxps://github[.]com/JackDoesMalwares/Gocullinator

max time kernel
2697s
max time network
2595s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/JackDoesMalwares/Gocullinator

Score

8^/10

bootkit defense_evasion discovery evasion persistence

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Profect.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	Profect.exe

Executes dropped EXE 1 IoCs

pid	Process
5004	Profect.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	mstsc.exe
File opened (read-only)	\??\Q:	mstsc.exe
File opened (read-only)	\??\R:	mstsc.exe
File opened (read-only)	\??\A:	mstsc.exe
File opened (read-only)	\??\E:	mstsc.exe
File opened (read-only)	\??\J:	mstsc.exe
File opened (read-only)	\??\S:	mstsc.exe
File opened (read-only)	\??\U:	mstsc.exe
File opened (read-only)	\??\Z:	mstsc.exe
File opened (read-only)	\??\H:	mstsc.exe
File opened (read-only)	\??\K:	mstsc.exe
File opened (read-only)	\??\N:	mstsc.exe
File opened (read-only)	\??\O:	mstsc.exe
File opened (read-only)	\??\W:	mstsc.exe
File opened (read-only)	\??\Y:	mstsc.exe
File opened (read-only)	\??\I:	mstsc.exe
File opened (read-only)	\??\L:	mstsc.exe
File opened (read-only)	\??\M:	mstsc.exe
File opened (read-only)	\??\V:	mstsc.exe
File opened (read-only)	\??\X:	mstsc.exe
File opened (read-only)	\??\B:	mstsc.exe
File opened (read-only)	\??\G:	mstsc.exe
File opened (read-only)	\??\T:	mstsc.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
175	raw.githubusercontent.com
176	raw.githubusercontent.com
177	raw.githubusercontent.com
174	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Profect.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\services.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\diskmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\taskschd.msc	mmc.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Internet Explorer\Images\bing.ico	iexplore.exe

Drops file in Windows directory 59 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\Prefetch	Profect.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File opened for modification	C:\Windows\System32	Profect.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Profect.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks SCSI registry key(s) 3 TTPs 30 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key security queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	mstsc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key security queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters	mstsc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000\Device Parameters	mstsc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\TSRedirFlags	mstsc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000\Device Parameters	mstsc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Device Parameters\TSRedirFlags	mstsc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe

Checks processor information in registry 2 TTPs 32 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\LinksExplorer	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31134960"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3547435923"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31134960"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\LinksExplorer\Width = "290"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3543035902"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3543035902"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\GPU	mmc.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31134960"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\LinksExplorer\LinksType = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	mmc.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434655194"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{FEC00D6E-80E3-11EF-98CC-762C928CCA03} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723639388184933"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\MaxPos1280x720x96(1).x = "4294967295"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{7C22A95E-63BB-4450-BF56-9758FD861D74}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\NavBar = 000000000000000000000000000000008b000000870000003153505305d5cdd59c2e1b10939708002b2cf9ae6b0000005a000000007b00360044003800420042003300440033002d0039004400380037002d0034004100390031002d0041004200350036002d003400460033003000430046004600450046004500390046007d005f0057006900640074006800000013000000cc0000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).top = "477"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	Profect.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WinPos1280x720x96(1).bottom = "1003"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Profect.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
1912	vlc.exe
3456	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
5004	Profect.exe
1912	vlc.exe
2216	mmc.exe
6656	mmc.exe
5820	mmc.exe
6300	mmc.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
5332	chrome.exe
5332	chrome.exe
5332	chrome.exe
5332	chrome.exe
5332	chrome.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2104	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
2960	msedge.exe
5332	chrome.exe
5332	chrome.exe
5332	chrome.exe

Suspicious behavior: SetClipboardViewer 4 IoCs

pid	Process
6656	mmc.exe
5820	mmc.exe
6300	mmc.exe
5732	mmc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	5004	Profect.exe
Token: SeDebugPrivilege	5004	Profect.exe
Token: 33	4540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4540	AUDIODG.EXE
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: 33	2216	mmc.exe
Token: SeIncBasePriorityPrivilege	2216	mmc.exe
Token: 33	2216	mmc.exe
Token: SeIncBasePriorityPrivilege	2216	mmc.exe
Token: SeDebugPrivilege	1296	firefox.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeShutdownPrivilege	3456	explorer.exe
Token: SeCreatePagefilePrivilege	3456	explorer.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	1524	iexplore.exe
Token: SeDebugPrivilege	4004	firefox.exe
Token: SeDebugPrivilege	4004	firefox.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe
Token: SeShutdownPrivilege	5332	chrome.exe
Token: SeCreatePagefilePrivilege	5332	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1296	firefox.exe
1912	vlc.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
1524	iexplore.exe
1524	iexplore.exe
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
2216	mmc.exe
2216	mmc.exe
2216	mmc.exe
2216	mmc.exe
5004	Profect.exe
5004	Profect.exe
1524	iexplore.exe
1760	IEXPLORE.EXE
1760	IEXPLORE.EXE
5004	Profect.exe
2216	mmc.exe
2216	mmc.exe
2216	mmc.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
4004	firefox.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe
5004	Profect.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1220 wrote to memory of 1296	1220	firefox.exe	82
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 4280	1296	firefox.exe	83
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84
PID 1296 wrote to memory of 1872	1296	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/JackDoesMalwares/Gocullinator"
1⤵
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/JackDoesMalwares/Gocullinator
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab7613cf-91f2-4337-a22c-272865d0bc0f} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" gpu
    3⤵
    PID:4280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15c086d0-e92c-4dfc-a774-94afcf2d5333} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" socket
    3⤵
    - Checks processor information in registry
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 1 -isForBrowser -prefsHandle 1688 -prefMapHandle 2748 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28375eb5-89aa-4935-a8df-c737997e499e} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" tab
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3776 -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f5f22d6-7e43-474c-b3e4-b5d883c69dd0} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" tab
    3⤵
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3168 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3084 -prefMapHandle 3020 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0653ae08-1c05-4f59-97bb-7f54fc1c0ef1} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" utility
    3⤵
    - Checks processor information in registry
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5524 -prefMapHandle 5068 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {875ba4dd-3a70-4471-ab95-19ea89b7ebea} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" tab
    3⤵
    PID:1804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5532 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf396fed-53fb-4505-9061-25822e8ddf75} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5764 -prefMapHandle 5676 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {489315c7-6159-4c15-8428-857c379257f2} 1296 "\\.\pipe\gecko-crash-server-pipe.1296" tab
    3⤵
    PID:3700
- - C:\Users\Admin\Downloads\Profect.exe
    "C:\Users\Admin\Downloads\Profect.exe"
    3⤵
    - Disables RegEdit via registry modification
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Drops file in Windows directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5004
  - - C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      4⤵
      Modifies registry class
      PID:4736
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      Drops file in Program Files directory
      Modifies Internet Explorer settings
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1524 CREDAT:17410 /prefetch:2
        5⤵
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Suspicious use of SetWindowsHookEx
        
        PID:1760
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\services.msc"
      4⤵
      Drops file in System32 directory
      Modifies Internet Explorer settings
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:2216
  - - C:\Windows\System32\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:5036
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      PID:6656
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1516
  - - C:\Windows\System32\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      PID:5820
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\diskmgmt.msc"
      4⤵
      Drops file in System32 directory
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious behavior: SetClipboardViewer
      PID:6300
  - - C:\Windows\System32\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:4240
  - - C:\Windows\System32\mstsc.exe
      "C:\Windows\System32\mstsc.exe"
      4⤵
      Enumerates connected drives
      Checks SCSI registry key(s)
      PID:6128
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\taskschd.msc"
      4⤵
      Drops file in System32 directory
      Suspicious behavior: SetClipboardViewer
      PID:5732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4540

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\BlockOpen.ADTS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulteec1ce11h67f2h4b0dh90f3hb49068b12c32
1⤵
PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffae2a746f8,0x7ffae2a74708,0x7ffae2a74718
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,55575559983654900,11724222207020081606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,55575559983654900,11724222207020081606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,55575559983654900,11724222207020081606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:3456

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 27946 -prefMapSize 245345 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cfd985a-4750-44cc-9986-e6176502c782} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" gpu
    3⤵
    PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2316 -parentBuildID 20240401114208 -prefsHandle 2308 -prefMapHandle 2296 -prefsLen 27946 -prefMapSize 245345 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c1f265-85ba-4e8f-a606-44695f8c0cbf} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" socket
    3⤵
    - Checks processor information in registry
    PID:988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3484 -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2580 -prefsLen 28445 -prefMapSize 245345 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9155fb15-6206-4e78-a4a6-15a8fec31f31} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" tab
    3⤵
    PID:1072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4008 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3640 -prefsLen 33678 -prefMapSize 245345 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1a786a9-d0dd-4ec4-9829-996bf3c1220a} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" tab
    3⤵
    PID:4444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4744 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4740 -prefMapHandle 4736 -prefsLen 33732 -prefMapSize 245345 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4477137-f699-481c-ad68-ee14676a7dbd} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" utility
    3⤵
    - Checks processor information in registry
    PID:5340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4940 -childID 3 -isForBrowser -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 30627 -prefMapSize 245345 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0225355-9a13-4883-80d8-02db4f661406} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" tab
    3⤵
    PID:5608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 4 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 30627 -prefMapSize 245345 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33cbd501-bcca-40eb-ac3b-029d87813ec8} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" tab
    3⤵
    PID:5640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5444 -prefsLen 30627 -prefMapSize 245345 -jsInitHandle 1148 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edd0fa72-786f-461e-ae2f-6b343392d506} 4004 "\\.\pipe\gecko-crash-server-pipe.4004" tab
    3⤵
    PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf4,0x11c,0x120,0x100,0x124,0x7ffae065cc40,0x7ffae065cc4c,0x7ffae065cc58
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2388,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2372 /prefetch:2
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1992,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4668,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4464,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5096,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:7092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4772,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5320,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5492,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5480,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5100,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5264,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4148,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3132,i,6497368823757159831,18373187272413299020,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd4,0xd8,0x7ffae065cc40,0x7ffae065cc4c,0x7ffae065cc58
  2⤵
  PID:5896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae065cc40,0x7ffae065cc4c,0x7ffae065cc58
  2⤵
  PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae065cc40,0x7ffae065cc4c,0x7ffae065cc58
  2⤵
  PID:6184

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:7056

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:5788

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\59965edc68f14d4191d6249d4215daa5 /t 3432 /p 2216
1⤵
PID:6296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae2a746f8,0x7ffae2a74708,0x7ffae2a74718
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:6548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:6980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12371664322478650649,17980273562330188153,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:6668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae2a746f8,0x7ffae2a74708,0x7ffae2a74718
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,10136967871399314082,6080999307227198481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkID=2004354
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae2a746f8,0x7ffae2a74708,0x7ffae2a74718
    3⤵
    PID:6696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
    3⤵
    PID:6284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:2928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
    3⤵
    PID:6968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:2584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
    3⤵
    PID:1320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:6944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:1676
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    PID:3152
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,18016164937563520909,4454412552296231382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    PID:656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6464
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1900 -parentBuildID 20240401114208 -prefsHandle 1804 -prefMapHandle 1792 -prefsLen 28003 -prefMapSize 245345 -appDir "C:\Program Files\Mozilla Firefox\browser" - {383473ee-2dd8-49ba-8ec4-4da7340a5007} 744 "\\.\pipe\gecko-crash-server-pipe.744" gpu
    3⤵
    PID:4636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2292 -parentBuildID 20240401114208 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 28003 -prefMapSize 245345 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac9485b7-021a-4489-98d0-e54c5799bb2e} 744 "\\.\pipe\gecko-crash-server-pipe.744" socket
    3⤵
    PID:3680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3376 -childID 1 -isForBrowser -prefsHandle 3500 -prefMapHandle 3352 -prefsLen 28543 -prefMapSize 245345 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {530bdf97-cafb-45b8-b9b5-374cc6b7d570} 744 "\\.\pipe\gecko-crash-server-pipe.744" tab
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3792 -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3776 -prefsLen 33719 -prefMapSize 245345 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ccfad74-536e-453e-ab2a-4ec2917c7f14} 744 "\\.\pipe\gecko-crash-server-pipe.744" tab
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4880 -prefMapHandle 4872 -prefsLen 33826 -prefMapSize 245345 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5afb93c-d844-4684-bb45-5600e265f778} 744 "\\.\pipe\gecko-crash-server-pipe.744" utility
    3⤵
    - Checks processor information in registry
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -childID 3 -isForBrowser -prefsHandle 4916 -prefMapHandle 3712 -prefsLen 30721 -prefMapSize 245345 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e3c7a7b-b3fe-4b9a-99e6-c5ed3ae15405} 744 "\\.\pipe\gecko-crash-server-pipe.744" tab
    3⤵
    PID:4156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 4 -isForBrowser -prefsHandle 5368 -prefMapHandle 5320 -prefsLen 30721 -prefMapSize 245345 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa85651d-6f30-4cca-8511-83fc3dde04e1} 744 "\\.\pipe\gecko-crash-server-pipe.744" tab
    3⤵
    PID:6276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4916 -childID 5 -isForBrowser -prefsHandle 5516 -prefMapHandle 5524 -prefsLen 30721 -prefMapSize 245345 -jsInitHandle 1104 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d99c3b2a-c5d2-4f91-ba25-e6edf5aa3d6e} 744 "\\.\pipe\gecko-crash-server-pipe.744" tab
    3⤵
    PID:4900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:3772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
823fe1de5451b6ea9c69599b131233db

SHA1
af8b9b46bbe4b0b996abc996cc5f000f8c498348

SHA256
a13b5fcb02fe68cd72e236cec1284e80ef9aa37bcbb596f57fa0d32f9bdb5a32

SHA512
043c555804f19aa482e5419fd0a27b3cf3ca5369cf4f9941608358a7cca8f524515041881b35af63b02dd915abca4a51f45c2b60f1070a293b652d6fbe3ca782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
7e69b651e813abe0ea612d88d5594734

SHA1
639a391f3d27727b81ab79f2e1f37afcaa02218c

SHA256
fcb00cdddbd95f2e8dc4bcf86ed5bac1cff2c1a4fd39fa4cf5f414245cf9d85a

SHA512
3dc904596df6b2a49fd6faf9176e8bc556d47cbf4a79fe82f7716df35295fd234df4bdf6fa826c45dbc901624122fca927d7a2cb960112f01c3565623b209260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
eb942bdb6305f3315f94ae3c05f48dbb

SHA1
7674299d7f21d68d74ebbcb1de993f2c99ea6a1a

SHA256
e306a68470836c921619dbbd8ec7c697a25625402fc95add71250d41231787dc

SHA512
1509991d75b19506b3c4fbee4b75b5caee8e5f1ec7c810d4cbe21ef9ffc32b472851c25da616fcf8cdd9a4b4e57bc5625eafa3d1803f2e41c888d449a2972c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
904e6d725f546d5ea19e93a80544e632

SHA1
3233df3f98210ef1f1cb8cffee04b771d1c7ac3b

SHA256
0c699ae6fec78bd8130d206220b56383e298e6b0cebab5537e3afe0579d72605

SHA512
d9d9f4df28d8b69a0990e703e09738492f9ab2c4c18f2071c434b7e7455f8c3e0a26cb339f9f9b425cdc31dbbbfaa4f5f0dcdc48a913905a185e907aec8fa9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6221612c15aa760b45107e6bb22e6b0f

SHA1
78ce931b9969c44f84c1f46678716456a811b14d

SHA256
ddbfaaa2610af4aadea92e877313c2b9739bf76fc89a80972eaef3fd4f41087a

SHA512
8b60d5b49a113a1ec75544cbbf1748ef8609f6d8135565a5ae690f1e1443402539ea3ee00a2287aa420679f3c52d74cdb763b2c3b6a310a5665b04d0fc1fbaad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1273558d63f57754808ef8c1551c1900

SHA1
53df7c82a767122e8732092a8caac5ec4cf360dc

SHA256
9cdc23011cc647f2cba4480f634def79da1ba65a23329391fb1079b4975aa5a1

SHA512
b1a0a119f0de30d498ba0c0e22e7f88e351ca78c739a239776605a703d73837d75151711c08a76a09827fb3df2217bb46b1306ceb649c952ead699df49a31c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
816bbaf5982109b4fbd7ec73ec0d930b

SHA1
c8ee98527637216f716ed5324773ecb22ede9e8f

SHA256
bb37f44986ec2298511acbec7c671c3dd47690df430ac7a8db3a1e4993bc5965

SHA512
74d34c46e4e189c87e9f36f337739f4867640be8d9c414fa067ae87374cac430aa9b2f46d70ccee5a8b145933b8517039ac713e604cf00232c12c6388ff7abb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
937d62c169a0dbc8f5d064d52f6f9ec4

SHA1
e46a3179620fafb2c4ea8a48180aab7f300322f6

SHA256
f48182106a10bcc2adf1d6dc4b4119c5885673d3f7661a6dc905ea5a71154352

SHA512
dc667101c42710a56f17d1c0ed69f4994edf91bda3a21b11cc567a940b4a0e89b4f83035f9ba082ce762b0fb06a04912118656c15e233d0cb7b3efe26f6311dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7329500c141289fbc756dd95372de6df

SHA1
aa4193f67e75dd0a9619e8e7966f9878298185a9

SHA256
37594ea94a0e6fb491345e548a252131d09efe00d68452e087678a9ce49373c5

SHA512
50975147b2c889b36d43cd3bde5c50241614b9919373e60c025ac14d8c66870e14c65479638f0a3081c46735bf5d13c2a85aef6dece77ea11e3e75da5e457897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b7948135fccbefa154d8922602a2d738

SHA1
9ba2d53b929ba9a219fbec3567af605d5720b51e

SHA256
2b1574bfef82c01f5de178255aae4dacac9d4816f0fff4f982bc6fccc408a420

SHA512
8ac5a00c3aafb2a82614dbb9737b09244e49df874cd7501b8ec6701ffd0059d6efa622b80fadb4e49eab274b6635eadf0f99cac6ae2458086b2e212d1329475f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e391f52d3f4c5e4b8780b8124822e256

SHA1
56d8cc954a257f855a06ecd7c79dd0ba1cd0be53

SHA256
a2765201d76c3e724cae1dcf8773b9d6806810d1be87ac850218c1d9e8f75b60

SHA512
74a23295a9cd6d571f316bf325d5ec702e9950e0ddefe76f507e3c8dad97a0373ba1dd7337241017c23f67144e62297ac619767c39af4a3ffb03d75fc2af8f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5056eff7422feb063964cb21f9537ad7

SHA1
c4afc43a63175291aa9a5f3897c8ec8e254828f4

SHA256
202e74ee122b4599c779d4f207e58ba0866e461d654e96ab602683064151a082

SHA512
b27e7ed219d99de5719e16d09a9d809c8793a5dee4d14c8df17743bd7771eb281246068c8fc0150d14a05fc9aa869cce12cc5ef8b07d2551ac7824c4c9bf8351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
3507af65264b44142663a2a1a48e750b

SHA1
4919b2fdc0efa95db4bc568055fbadc20aed14f5

SHA256
21cb07f3244c184da972c6335f0f2b2b2c172b04c6054fda0e1fe2047a842402

SHA512
14b896c23cf0670fba616866f6457f46bce54ed26de89c1d94e90e62f2a85d9bbb40f72394509884fe9589653a36ec7e474b6ff81b76f58777b51a1c3b65474e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3169e7c3c0f4f89394895c2c126d7041

SHA1
3ea41e82107aa786caa9f678503a0dc5174f9f66

SHA256
e4d13f2bc121371f25e1915fd449606e66675749a253cc31d44db3d039029bc6

SHA512
04e6f3a184a0ec30afbe611f2b9a28d3a1d0351ae64ebe0d26b0e1d8172cf8571443a7c1916f71aa17bf45f960b1e7bfac6ee104db471fa80059ea71da11c41b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
8ce2c6328857c28b1b9c7fa37c847b6a

SHA1
c8d4be693aabf6574a6a4498285101781c920198

SHA256
d781724d6ea0e3e00b9badf8c03401cc5a77912e513ef489c4987207b2299f5c

SHA512
94a8d1dfc6123cbc27abe585b3848834d0701d5526c7a234e5b96762219ea96fb3581435910d64dacc6be94d631d96bfa22fd8fd75eb0cb9fe917e9691775650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f1ea2bf941a61b027749f75c0a9ef1b2

SHA1
39cd0873359c8b12686101b3c2a179eff76724ca

SHA256
2013519f6d8fd1295c0d25ea09f06fa1dd5d572fcf62e5fb61a31e4c37bce4f5

SHA512
c2f04833cd619fce5728c260a667f41006f05180c463f2f0f36e1af9f3ca137f01265b04646ad16e458cea26c9ae3e2b47bb10b472eaee35ec514dae4604addc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
78832d9a05d19da19709849c38e814f0

SHA1
f57e10bcc54fc389ba4630f7d9b8a96b746f0ab6

SHA256
f33c2ecdf24be5e486ed878af45d515af799feb88a908da4dcbc95c875c5db42

SHA512
96618926783e9fb43dde8949ea68b93f054ed36003f555ae36446bdad6725caf0a20d5268f2363ed000b3263c29f9e53dca91ece7bc9aadd2b59d30c7ddd2966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7829c0138379f1a13240851beefb2ab5

SHA1
4f1d7f5b1c327a27afff44f1543e2dda970afe62

SHA256
d324e21ed99aa3f845cc9dfed2b7847fb92e6b0af1b10af48f46f7eefa444bfd

SHA512
014a95bbed5c542f59be4e73d97c5fc0db11be956574a934e8d6fc37537ad59ba3e347c155661afede428239e7b92fde46f7d59b65068ecb944a6f4c90e8dbb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5cf5595e0289fbdc187425da935976a8

SHA1
82d97d5f4d7d6ee7a592ad849191951a8383c614

SHA256
679fd9647e0e15d8ba1a017511cef084c0c77e9e5fc56b52e82fa6a670b94bdb

SHA512
28af4c2958466c9bf70b4674dfb69d1a5a0905256cead95a8b8c8fbe7fc21249148d2e13f3495686aa50ec42b4e9dfa7f4159c7455b9247bfc1baeb9a68b87bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
992be53670022fb9aa1ca7ce39144080

SHA1
d61831c147233e883ef508bea2ced2f90619e299

SHA256
da739478855536bef0082d79b83cfc15cb142da3a798cc69f25962edd16e03c0

SHA512
2814ed68d0cbb035bf98530d0725c64f38e1e82833da05dce9a7d7a1e2c16fead76f79e37c0eadae56e8444b3616271e1856c9aadee19a18bd3238fa6c970bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d9111ff0cd1ed72016757a0c0b292139

SHA1
88b11dab946e5b2f49ec0a953662dedb31085aec

SHA256
780fc8c123c404b85a958009d3f7d89a83cf534729ed1724372d64858f6be7a4

SHA512
ff4bf01ed8554c3f34ed789f4ce47a8f46fc84a5a29184e24cb56819e1bdf90607d78f125e2792c288af246928f36c6abccd1abe5e18b51f969df2be703c644a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42ea81fa36d1d6f77b337f45c3b9fcdc

SHA1
021548b54e8d7ce00133d94eaf871cdfa895f0ce

SHA256
d373f3a21b09f5b07ab95e465482006bb02c0b25c894dc4f3624d64bb8a2f5c3

SHA512
5326914783e604da3a07840c03661d8565a37514837bec990df323317e50ddd299e6c47347c870cb304e8c2ee0e6474a2791e2146c2bb0fa668e370f4bcd60a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c211306c61ed69730386cfd1311abc8e

SHA1
ecb4d29db84d12c77069c7c45057a3cb658121b8

SHA256
790b19ec798d95378f601a8ac130a768fed00073136e07c3a9f6c1f97f704d30

SHA512
fe91773e79d1e9347b50a4581a134bcc5e3264b4cda8082d8f603dc2d5357f7b6235f14a860ecf3ff5ddda7100c85ed48943120776269944280f9cfb27aefc21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d16382e8a0a42e440f2cf553b6705db

SHA1
b9441672e52fea12db633fa5fe25aadcab6ff088

SHA256
9e5e61fd2eff0e4565cf0beb252731b0e08fad4dddd6c1d924562e09e5adf092

SHA512
06744fac7552df900c1d6af634915dc82de7b57879d6e2fe207e0e3953cf75ee746a5941669ec45d6f59f3ea3a9ef577654df162060567cd60e235e615740eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6fcaba0c1c0d2c279a0e92d492ed1e3

SHA1
824c6b70cad14927da0a86525f379f0f594e53f6

SHA256
58dd7dee15b05da681f456cb65a3137871ab8d481ff002952383bb9121250ddd

SHA512
881e2683c6860a641909c51035b7da1e917ce3a3208cc5ca46da47a9fe3d312f60af636d7fab3a1a3a3dd01c0ee9b332a1b008dc9870a5e8e3ad894b1100c828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
22c24b3e4bf02e1c42374ed12bfdfd5e

SHA1
419e9cf8091e6904d0ff9f3227e6eaa36a0ad166

SHA256
c8ac3f6091561100fe4784aa56258433b11ed45b7403663c243e546a4c9fabd6

SHA512
39746c6d46727a77f5507c24275221803ada7a52e7324673a5e01efaf83cd2097ef1919652536802c7df3fcf03a69c269bd5a832654539b3907fa8a7bc7964f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58bf9abb124dfc69225afaf98bcf6c8e

SHA1
7d76bff9224fbe4ab85a38ae91576dc5a7d7ca3a

SHA256
9280ab4e086d1e07e604194c70e39865d5991213fdacc0831600bb88703555cf

SHA512
402d70b9063836512cd235d95b0752d48775823174fbd26d384eda55484629257556f11b951c659a26028b12e0b6b0490537854f158e938f5c6d40c65e1e91b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6bb66fea15f9925e6850c1e93ce40d3

SHA1
033d5fe7921e6fa51f668e99899fc270595689c9

SHA256
d80029344423721e9c826a9f89c8097665cc6a31bbed8713c384178fe50b8089

SHA512
465fe2404b93ce27189826a1a236ec92513614b724a47b550cfc6ff7ea3b06c1ec91330596f50321fc904685d39a02b9f7557be65618a315987f4e29e70159ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ff73f9e924f13f75cd92e88a30ddbc3c

SHA1
b442a3b6192085e8e1e240d82c28a263796fab00

SHA256
662612199983f4a6c821049a987953e58f5bbbb042ef6d0f4677508290514f0d

SHA512
81a99ef0ffbfda5f7832d1d669a3f310cdd0788f5a82239e650bec40ef8c314df78d1ee2b001360dc0464202f611555d71a0d231dd83d63a2d70047f54e102b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0028de9509ee0de0d01a3c071eab97a0

SHA1
f05b979f4c872f293fd5ba6b79b854230ea873f6

SHA256
af0d8ed77b4f6c2534603b6e9cfd141ea99d0f9f7d45aaa5b77e5758bdcf5ac5

SHA512
019f41217579f1304fd1e3e55445662fb6a2dafefdd9e103b8e35f06e547c8cbbdfb2681e2d7293f3aa855129b3cc9a23f729275a0b923b990e3750d76e39431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f061c8d166657fff638b784ce4b69df0

SHA1
d151d9ec7b193c33827a0421d3228e0c5dd12171

SHA256
38c56e3da6564eec7fa41904c71f3ef7067f7f299e8f4752418ae1109d64460b

SHA512
9c4dffd0f5b75e7e6eae8f7e8f4aa2fe1cf67f68a20316f96d9e8b8cc88d78aa48552eb01e4114f6dedc73f4b6e4604bcd0580bf25084e39f346f305466c5e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82bb1b3a9f1f6bc212259be05f39d0bf

SHA1
9b9358443266f06efd5d45fb4b7a59fd24c6b1cc

SHA256
b2ce5288459b2f9a807d602109b7f348cf4805dc5d4e9ef9102d72a5a34c372d

SHA512
7a49ff52641505689bcb09b0746dc8d707947f8bf0a8f308e04c131e110dabd13d142fa09794e12b4a6184957ff91ac4f00d4285c94a976db265486e2203148e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
757fabd5b56987b6469ed32795dae1f7

SHA1
baab572cc4c6b795483af4224590e67d297a55b0

SHA256
41bf2b4786d490536c59d68d5f25da60fd7fd204c0c8e3820c77644ac27cfd8d

SHA512
cf6fd37b795d4717d27c22e27bbcfff2cc7043755bb8bdc857d43268c08def2e99a5345f56f5840881dbac61c7fa34d2d924e3ed098de545ba201f1a90d362db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
26bfaaff7b36d766fa8f78384ddaee62

SHA1
7e80140a2aa80a5e2df1c46b76afca52576938d7

SHA256
330cbb911b0eab1a1b6399309c0662ef66b5b53ce548c1c0c08cfb0805279a62

SHA512
bb57b1331932f1af586283d077d005fd730a9ae5da841626baa7c568f1f582388d590b63f851d6e229d891c95d1868102d907224072a1b4ccab2a401af19d5e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c37d4545b346f32a9404c0af14b7b0c5

SHA1
7f0bf5e0cce1656f7a428cf4898521593201254f

SHA256
1976471a060146e9345a6f34879c3c6746ee961f45138bac67981a116193c642

SHA512
83092b69710fab6710f120a22576323aa2a1b8c39f78c87141fda78b254b87c7f25d96bef8a46fa5d3d53a03addda6fd0bd5d99cf36f3764cf01b2ec27c89bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85969157eca613fd1447b9c15001ba20

SHA1
0351375a9aa2e98e4eee240f55f2117403d71052

SHA256
e2fe86e8bfaf8f68ab3b7d5e2d2a75f224f58fe379bf9650571e299f63269464

SHA512
bfb53c48fb9e024be97614c9efb61e59e936401eb1b78b895bc892c1af46725c71bec7773b9a5318cc3ac8c2eb239cde688195ba52226f4cdbd2dee636776d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09d84a2eb0597fe3d928a4199b420efd

SHA1
140fe49ce0e13c518217ad0a23e1d692155bec83

SHA256
02dfc4f03f53ca73b8451db24c1107d3a71ef0b1a72ee5f84d2d6a1190b52838

SHA512
c8aba7e383267317763b9be5e0a59c5e4e9420045a5e7fae65e5f7d6ab3ec5985b7471eb28c9678827824394aa78915952deaebd5f657d583a1528497c6d9186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08c49ff600653c2e908f99a428b0f9b6

SHA1
f87f22ec423d928024cc40259dbf77cee7d1f70e

SHA256
cf10c809f2a26f23a0c333b6e6240dce57ab12fb63a4019dffa1a13d464274f1

SHA512
5fb3e23a8ab455ca4c2dbeefbbf71d7e6d4f5c7fd2bfc0c88e895794b1add634886310265f4b733c70c5cb5db39ec7f7edc7cb59bc29c643b8d75e3528e8d5eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e3e2e9adfe69a25f72e7410e7851814

SHA1
af4659f643d1e5201fe844f0f9749206f5aaf8e9

SHA256
cb685c731f2eea21c472e867f3815a1225d55b527412299fb008ca9850dc088a

SHA512
1b4aa252a7430daa6c4d928294ce09853ef9387012551235de5342ac3d464c863e5772e13f5c3df27fe13b5dd7a570d439d01c2f30d42d693bef6dbbba4b3bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e814ee1c1ffb5ad66d0e61610ce5673

SHA1
dd75bf046f21ddb33d8b32db9980c1631bcf2416

SHA256
9e0453361f2b04ff3b2dc4f81d912ecff0620b1421cbd8f8739bc31007f8d1b7

SHA512
168189699e08862f280fac4d475ca6d30d03db1ad25bfb8a2c494aa2634163549c4e82dd3eaf3ea2bdf336bacd2b6780f3c2e4f718a9d59b0544861cf0e23660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf8ed7cab1ee583c57ee025eee4802eb

SHA1
2d4ba232c48245594916709933ebd00f948925bb

SHA256
9b7e232849687d93279c50535514b3e054cf3aef5ebd8680ae0c934cb6998efb

SHA512
d4d651be98f17285410de565be034a8c3bf8bc63aab7ad9f5c27094ee934d02e6f3a7c759632220091e236c64257985b9313e8374b95212ff8892cb7fddbecff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ce29c7f5d7ea24e6e76ffcb0cf045289

SHA1
5a42287a09847f13d00ff422cb24afb0e6e22fae

SHA256
363c7df44832e8cf93823953b7ce576dc99a0e1d1f26cc86d427ee327fbab20a

SHA512
00e35b907dd1546595738c43ab73aa66dc8dfe008dd2d98bd90d34443df81dbcb5eedc8ea103a55925cf35dc5ad76c0a15645b2cbad710a6686ba1510f86e379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d7eeefbe06ac63fc252b9d037ae4ceda

SHA1
7cabc951863c8b417c07c0b93c9d56015225376d

SHA256
7beda3e5c32229cf5dd16b0a53ef749c11377460bf078e53c571674d6603578e

SHA512
f60fb2f0807c2339156d9adb6d3a05b31462cd4468519cffdd33d9f9723e821f07fd37ba03548723d9c7512b8b3741f63e4ddb310cb631468822f4b5ec26c7d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
5174ef5b76e2b5782ca7faec5ed21377

SHA1
e0448e8046a656396a7754d724b3245a4cda4346

SHA256
59d2742f7331f02e72da816c2be33488191cdff1fbd9a10bb16c627274cadde3

SHA512
82f806f1f1dd26ebb01aa1cbfed84d0ba5e6c04e82bce86579ffb69e322856d5cfeddb10c364a1f56b593a94581e712f543bd0699cca5937251addf4b9c0d937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
6102776e15ba4b5e14d6e322a048f61e

SHA1
539a1e170f810063a959c654150c20cff4d99665

SHA256
da73c52ea92f07c4d771ac3bf22c2056f5ef0c5128f18d1c14105a529853b561

SHA512
1541931f8a20d9a991ddf11622a87a1815813d311d76200f9f40d9c2cd29ff6f593d2ed82dc79bd790a5da380e1623f3b6505923678aef392e488377b137d72c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
a54575aa691099d53552ea3ce883b465

SHA1
894a3ee4e80d8acd1141e9a65f444bf6372921ec

SHA256
192477ad16b174d4ae4d7916e443fae64d8e080575b47c909830d7f0e98ede45

SHA512
a52f6d93ec190ead7709059b2c89d65029247bb910463176399b961aed67138c3cd8567ce56099699618b2f6b8bc2595fd817e90a042704633b09f08c12a6085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
1068af7f6c77afc4c76837281c52c67a

SHA1
1a0c8cbdda089466193848d2e1a723cd87ec4481

SHA256
eaf0720e6a3f1e65c574d67c335bddc576f9840c79e92319ff06990044b2b621

SHA512
c05dde5934508524e81b358f9446c189ac8591bcf3da1f8ce29e609eb8bd3d3f4523e3d51f10b931789707dcda2c911db911f0dd0c5500a78c740508226f8623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
57ce7118cb0beed6973e62b94dbda4b5

SHA1
a9876806f2adee0fa6200e79a871ae3637a652be

SHA256
19e72be36bf08db3025ba96c0ea7c3d571ab2db5519cb93e3685dbcf747e389b

SHA512
2217be5ab6d03f253c81299aef99d3c1900ada8037e4a74e8e1df1e4b238fd59dd1ba8cad14435ecf15c06a18eeca6981e75890089804d679558856fe4f7976f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f47d84093a40164c7556f2d7ed5bd4f

SHA1
f784182415e013deecc93e8c53c84f9390036b1c

SHA256
00b771590d108b369ee11ee5cc3b437535a7e0b80b9badab5122e71ce17ba91c

SHA512
968af6d57ff6fa6d68f88c1bab14d23c739a7d2cdcecdb7030ee6e97d11a79095e148dfc244c19afd13ccfabbd34c22356bae541052143465d183962b57583c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7bfa10861b5fbef1be1e59cad9b91ca

SHA1
4142b49d8fc1461d0391f72105bc7c6acd1869b2

SHA256
f0683202ff79b787fa3a6db145ddb43ffd01fab29459fc4b45bb5aa16948a54b

SHA512
b362eb9655c5e5db8fa122099bddfe154b6ec18703ea1c84eca7907d122486d017d8ea9da6fb1a42bdd78e14010c7df3a9f146eda007b4e4e54076ccbe41d614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
445d83ffcaf7bd508fd318cf7a004043

SHA1
842cdb640d75df42779ff2fb1d9a3ced204236e3

SHA256
e1fec5d55bf33b746b029d802202d21b428b2edc38b5c7d4890fc8e26a625e78

SHA512
98979035836fb5630c1dc8f6e763313dee10e95da30a0df019e3893b31cf6ac26c065b65d26560f428521adb6c5641f3e4d457088615c1e37e5d925a028f568a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
87c09894efc34a485c65276a3f7437a2

SHA1
c76944621b094601ce8aa02868ce1885cfd42913

SHA256
a4cb2bba95857b78d7fea4ea2fc8ba81229671668aca9c3323efd7f00b8f9673

SHA512
cca53252115e6ba9a54a087515aaa6ac594e0f3f05d7df10b145e81ca7f8a2a6a7ba99333f99549dd78152f359563be07361d8b47437c2b057b8aecb51bb1581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30c8d62e958bbea29e6ed471fc5590b0

SHA1
2e9902cd414a97e2335dbdfa818a35f10fe5ab5e

SHA256
34505628731a0f1e321a00338715578b5fccc52a8552b43b59289b84e24a0409

SHA512
02c4e193286b038dd50e077077583796a0c1b5074bd27fae03c287c13d3a72799d3a9a1a3d5de93dd4ce3dc359d06971b589a0619557301e494b807829fa549f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
708b982fc16a7fe265c8cd72f6cc0f89

SHA1
b623f14c0f1dba7a01871ac9286033070c08cd71

SHA256
547fb41bafe8614b4bcaf017946f4075b0688affc745ec1929712c3145579acb

SHA512
10de1d5af13fabdba38eb9be4a796381335048390348f2da0756193e00d87a10c480b43c3b06f22131f237ca259dfb1ad7956c6738320502f6cc5787cfcc1b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33d013e82969c355fc5e775c754cda5e

SHA1
0f8fadeff5be8b4033c41add5913b83b73fa3996

SHA256
39f81eba12a64d5fccc606963c01f1c48fb7f0593c2eeed857be3bba1de161a7

SHA512
7432ac4970df846ebf1fbb7706c552b9ff920dce8fe705505661ba3ee33cce7e281864a6da7c8968b4a3808ffc0c7b0a67844bca7588e707e0cd5ea041fd303c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a921c6253d026790ccdd73325bb4089e

SHA1
2979f8a6f45dba7d3dcc9ad4b303560297d5b37c

SHA256
9a3d1b68d80e413c665d8f3428192a750d763891b9957aa91fd0161f3390f7d4

SHA512
34ca024d8901267e8755090cb357634f58c51524ef61f251b9069023c0fa5f619a733634e09082104ed3dd0d816ad13d5d0089d7b7b0f6b9d59732216b14eb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e16298964a4e0a2904d24e4d9ecaefd

SHA1
a296ce24e4f00d5917f2a6114d84f413ae122296

SHA256
aaa3abdd7a9097c1e357f7d98758dcb5ffce727ce8157b6b410043534734b2a9

SHA512
ecd0cdf650895f829806d43683a9021ab963256ddab8eacc14543580fe432e294fedf96d7960e7e94afa3bab8d4c25ee7745c51703db756be165ebab541fe3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4eca643a35f3d60f8c05df94f0edf2e

SHA1
1749f777a073da2278cc5daf54010ce852a86dc9

SHA256
9114ee67c2b66f9d6ba49e4d6ff52fd9fb1899c272614c1de6a3d60acfcd37dc

SHA512
d492c1b096fe820ce0dcae840be82c374b9d2390604469caf0778e692aff5a3784a67d29ff097e90d9715b2ffa41146f8c65c1a947e6eb3ecfbe76eac285e35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d46f6b57e460d0e0099d8a7fc99dc41a

SHA1
34c7456ec809721b335ce595d08bab3984e9314d

SHA256
ee630fa63243bb9d700ea973edc455efb803f358dfc3123a3c83d42794fb9061

SHA512
a160cd2265eda32484e45d56ccc96bfea99f127d23c66ab4985efce827b68c606f528fde1929544126cb4ef9a8de2a089735bdbe61fbf5297e5db66f04f72f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98caf57fde061be854877ec2c64cc22d

SHA1
e42c6cfd7c2396d61fae687687acae94e97fc646

SHA256
829eb6da926b6f4c34c70dcab781cfdd35a7502c09d4ff8b930200326f845d54

SHA512
c856a211edacef3e5fc08061e64d87acfd83b22b975cc2ac38878e85e15c735afd3587dfc3b906e65c522c7253040e715efc67869727b47053c57c7a74b1732b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d528a35f2c20f563d319579c85c637a9

SHA1
9e7188f415b92d7ec492c90f2ea13b531d75d061

SHA256
56e1745edae4676ae62f85971d174c107b25480182f165c18f3a72ecbb69c487

SHA512
86297fee13d8809ad3e5c6d24413be986fe9fea97435516880b01e9c9c533b20bad04b77d98f628ff19284205aefa8b95dbd17d6c75ea302922a01d80eb612c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
359e75e17cafccbc8a8b645cd7c16cb0

SHA1
e70533532bfcd6cbf70815471803c5c062392188

SHA256
a7dc4cd29a6f448e8f8be2269958cca9cf00daf7940e921967a0f9d1da1b3a44

SHA512
e41ebd742fbf5541481efb3ad5bd7f6bface1c9c129ffb5a5b0feb00279eef2cc358b69955ad25a748263b650f9dad0703919cec0eea3e4514aaa53233446309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42f211222ffac4b6ef88ff2cf9d03b2f

SHA1
648890a1261e05da658500f0ca34a3a30925861f

SHA256
99638ad6729f3729b8f9dde07025f90ea6dc377afde4aebf876a74c616fdf377

SHA512
5cefab47eb350f32ac82c6a1e8efb97313639bfba710c3b0ca65359f577be703544073be879bfc9d57d0ca8add9471396c48e9722678d1e3053c790e72801e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afacf5029f0168ccf9178ae037676375

SHA1
f9da5d8df5da62ad787cdfccc6c8be95c2aa142a

SHA256
411ac473ba01812fc6abe44eb1cb771deb77e76f545659e4aebfe62605398e4b

SHA512
4eea9ce84847bad87a02fd2b7c76ab1ef11805ee8b2b30e56e7f127d0227771b8fdee5193e8c45ca327471ddf36eff2eecfdf80cf893baa8477b0f7bb4080e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe644288.TMP

Filesize
1KB

MD5
0874ed2521d5728295d80cefedaad4c9

SHA1
9e9517fc545527903dbab87ffa5f76daf494c98e

SHA256
3074ea9e80765bf73ab8e54fe36c9bd57d32f63b04ba0a0a389de829c0196a7f

SHA512
75397509dc9528a6930b13357a0c8acf4a38655398042cfb030740de5f3d0356e50edaf9509945e4f9d2b529fa798d28d03b79c5dc313c8016a17108484e4fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ef38e6e9-ce5a-4f62-bb3e-510d0ff4348f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d2dcdcb8a5bd0ab38870a5b38e3db951

SHA1
d436f80a83c14c709a03eb1ae518e69bc038fffd

SHA256
9ee83566eded2b9587f1c6c412e9049c8fca19ce5ab4998ccd0bfbbf954179bb

SHA512
a2f00fae22f797859f21341cc694464ca92d8aba5881eeac6095be5435933fb66a51f5797039fcc1deffcc5e0a2ebdb53b9d044d0de1eb8d044f9bf22297720c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c665ce80d46d5218ee6f751037ec1b0e

SHA1
3ced74269bbd2511e61f429c13dbab9a1932aa61

SHA256
8a81453a148d4d9ab53f1c109b62e317abe4e77743b4912080487dcf9c997742

SHA512
be6630c7bc1cb91ad20490d87e584cada324c6fb43b2aefae762c9c939fbb11518cb84282ca22a3ac78e6d3918018cfb36b00c62db1a7c7c3f14e1e83a54b184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5305fda547e3329147e2a75512194e51

SHA1
70bfb3d6eb299b4c403ff04ec525b1aa4d7c7cda

SHA256
ebccae9dbd99fc2b27d19b482ca203ddd54656725a8f015bd45944168e8aa74e

SHA512
b3965e5ca36d3fd16dd8b30fb4c636c0dc325bfd010a449c7bc13f59e4000d50b073445dbe51a15c8a2106df39bd3c69f12f4903f1b2f1872005927b430e118d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
40a13ea246fc141e579b0818f6d05535

SHA1
fec5580351d555e2e60b44098201d1e11af65d40

SHA256
7efa60468a5afea3714a1fbe530626fc375e9ee6c72547742a6842113cccb3f6

SHA512
27139138a4257c71dd404bfdf0c9a0a94cf67bc9471389e25e99445f2b55b06288ba9c3b23cd391f4e9a73f3399c28bcbef41d4489a1a566df279af0cb7c8c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64b9767791e8ee174a8fb0dcdcc294a2

SHA1
9b726b82aed24c36fa6cfaf88640fb6c773418d8

SHA256
16cacc61f51c6a2b3725e11903a35ebf9c9f5720a78853730a434e509a23630c

SHA512
ed0721dde096c6598234c3db562489553be85b31e3a1a2b861ad3c837ab269340d6c15b57fdcc6b4ef8afa5149abf2ead359709386341e61e9baf387db394ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
20KB

MD5
e3c8fb8a299f2848b98a05e542934210

SHA1
0eaaea7eb262c0a023baef64fa521ead2f5559e6

SHA256
189d2b794dc2ddf6b101b2f4462b2593079b69435f916c63256bc1eda3bd025d

SHA512
809a49f24657e94fbaa7ae9d6a37f91cd47f073c0acb7bcfd8dee81f52636b47342f1c63e640c873c06dc5bd6b58a4bdd1ebe560dfba0d7098c338ae6e93c1a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.personalization.json

Filesize
1KB

MD5
eee29a62d3151088fc86df9d7fda9b45

SHA1
dc672f5896bfcc1a4fca988fed18b3710b17f6f2

SHA256
d62cc17b814421e3ca04073c95195ad4ddf343ab2163ceef89a9c86edb5838a7

SHA512
448f0246a3ad3ac7d06b4a0359f72157745b65b3a0d41f7e1638997a4058161250f6bf2ca8b7fa2595c2b32ee0c2acf8a45e2162291a11531f74cc3a148890de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\doomed\9990

Filesize
15KB

MD5
2c4078307a24dd604f5e0de5e8995e48

SHA1
f49024e28e147d79765bfce6550f64404300016b

SHA256
e1325fe2dfbd5ce9c1c77a7e8f344b52aac3600538d230ba62314c1a66b1f629

SHA512
38a29c76e46972e27879fbc493e13f6c1eac55c253c54a226a1f89e78e38f876e54f1ea46336563c02cc3863a290f53c3695066d18feb56faed3c87ff59c8c2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
ce5fc7118234333ae2e5597e9cc4f158

SHA1
0c3526f9988fdec93d9001891d7b578e965c29b8

SHA256
f97da374d4e3b2503df74e293f1e084ad10ddb36c5d8c987036c6b6f81d331f2

SHA512
b3c7c6190ddc11163200965dc869ea23aa6604fcdc80cfe50747d5c012134d54535a9a63c51106bc59dd20bbaf792b5acd044d53dc2a3f162f68cee032a74dcd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
907855746ee1191202cb707462e534ad

SHA1
58bc9ff03cc03f25af5ba0b6e0a7ab03a61b06eb

SHA256
c1f9343e8265b02c5455e0679f09d5ad4d93ab4fdfd1685cf0a68dd1cc76d7e3

SHA512
676039d1ed5ba83a5092ab1bb8201eabee27cccd979814c29f1d3105e544a3c1eb35faf7fc2805dfac43b3cbd2b49b01bf1dd766a2624f10cd5d39c39058af6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
622a14a986a824a1dfc5c798d67b0fdc

SHA1
855d518d88c6c9bec30d36669711793947bab7b5

SHA256
8b0eefb205edaac3adc1cb9c369d9777698a8fd5478e205646e1ebe35d05108d

SHA512
75dfe761cfdd682128132033fb4c5f5570ec39ec8990ad71c37527996302a27a0eb7a8cc95d7dc87c00daac67f258b2ab4bc1062732711fc913803ce528ce31a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
d78fcc537bbfe1061ab57de83d8eb57b

SHA1
4a44d5e8f6b37c24e5c58e67c5fb10dcbef1a853

SHA256
88c91fe473dea6acfdfc234dfd895fd3143791954cf47273192f02e7015f0c6f

SHA512
14349e5a4e7a04d4a42693e172bac48a28802ea55d9cd9331dbe1dfcdf1f8e819da74ca4f75e3d28f98899b5945621f87641adc3347be55f501ef926577a80cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\BB95D0607349D05725D5FE01D4FB300E319072AD

Filesize
9KB

MD5
6ad3c3fb912b2ba73aab533981407475

SHA1
67d9986a802c21a3531e21bfd8ebf9069c21a653

SHA256
29a71f2b861a1682a6333ae64528fb1afce8c4a3d2c7b53393d3a7b629ccfcc3

SHA512
2b914592328aeddb930465928c30519a9030910fc86ac5c961bb1b2d62fc44b7632e6f1045ecc274abb59c75019a1a83c6a289bf630ec376bbfca0f068699cb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\index

Filesize
76KB

MD5
f1d2b18d6deab9e6e79f9425de8a43f9

SHA1
ed071847d819917c41b35338ead7392779ef7c16

SHA256
db36805d5187251e8fff417ffe3a28557c78b2f50b9e038e03318e33dd5f8a9a

SHA512
181fac42781fa8144071b534acdd2067a83a6c5bccaf7121e4f736fbdf5400e083ec067531301735437084b4c41c3f3cb2d989fa2676855a48d81b33b7da3e67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\index.log

Filesize
3KB

MD5
f5020563fa54c58fc1b449e5d96852d3

SHA1
1a1f83e08478dccb8296e5755829a0a04b995f44

SHA256
e5273a76ccad7f69cff81b8364ba8122c973fe58fcc208fc10ed560c95657f23

SHA512
b73ad36a7670d72799e0bc4a6f6a799cdc3ea6c1f15989db68ffb0f789a8f80939e5d03a6dd5c874b211feeb0839c5b5058dfe5932917460daf87e26b28e0d94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
15405b40b11396456243a08ab4c1f30d

SHA1
eda1aaf4281a3f6ac05af57ae91e37f6faf3048f

SHA256
2aa3c813af62320d33d79d971fe48ef775ff66a716658e428b043e2425e721b1

SHA512
e7aadce7de8ac6ca2243cfba8ab242ee6b7e7590445c4d8bee16d39cbfc2b74f0095230ba2bf70db70eede4a3cf1be98372bf79c3bb0db2826608a5da4520618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\startupCache\scriptCache.bin

Filesize
9.2MB

MD5
185fc2adab9e07839648c36a5e54332f

SHA1
50b48906ce39f0928dc5bc70b1c6653761ab946c

SHA256
0c0054c7d67b49e7a44d922029a2984147c9e92dbf4b92abbdf4f8692b07d3b0

SHA512
cb97e583df6b08034d2cf0a07ecf8b3a05616f4a2467c00d645bf992157a3bb5615091ad6661b14d03e6d15aa57456bf6cca82ffd244f6e91fb6707778fae415

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
c1da37d91796421b89c14f1268b2acfe

SHA1
9d5ee3e20aed4f6fdece1eaaa215e14eb148f788

SHA256
acca7123da7bd3840a89240eed662f0726bee113a1520065ba97af51ff79fb37

SHA512
dd317c6ba5af1564085310f257bb77405c20fde76887ddf9e899fe1e26e258447b24abbfc9c2b2c726a4c10503bd5487b712e63f063a140dbb22903a3c007d8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
539d26425b6384a5a19b32adbedcf763

SHA1
34c11abd04a47e14eb80f7588d15636456850306

SHA256
f29fb57c5535dac48b2ec4152c3d3b2425be20a9e4fdb533b7e33ec331b29447

SHA512
8d721dae6be352597e9747c3770614092de61eaccac450d56f4c5eea19c38b039826267d21a4702abddf27bfe95a04d0d6ebe096600a7a5bb2790aa7721c6b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
e49c9745907ba637a0821187fef75718

SHA1
f46200a52b365c3dca4da385c0bcf4099873aba1

SHA256
e4466ee335446decd0d72b43e09e6574bfc6c83280bd30a3df821c3bdcdf6b8b

SHA512
40a7e9f802fb9484915733c676895777b19f655085f4c2c6093a9303cbc6e51663253c804087b5ff211ebe2153c3bc8e4521c21e45755a7269170cdf34b25c67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
c302a78cc6342b205862b3df716ca691

SHA1
cdd445366289e1802927dd2edf5f724f4c8ef9df

SHA256
595a9c07ad2841f48a626330902c662f01ed22acbda7506cb819e944814a4a02

SHA512
6e13af51d07f38d35e159092806b0fca18b16be63a263906afe6b38c5a40143dae10e65f7425f729d35c4140a6347559c19beaa2db62d9f0221d3f332d1edd13

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
2093d01aadbb91050a143c6121723f1d

SHA1
6a3420f2ad5ae4908f83bad7250beec79da62609

SHA256
34ea723038c1004e1443e244b4d3806d0346e89e3f05c7a5351810cd41c6e7ce

SHA512
aee17f1e17124895b37f16df056a90bd293daca4f2d9cb60c8f3a87d2a39814adbd5f4e9359501297b4c73bef4b9ea411ffe4762f227cf475a8f85eb20590458

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\X6ISQQAHSCEFVZKLVOPO.temp

Filesize
7KB

MD5
8276d06064c6ec4182440af0b6ebff04

SHA1
64dc5619878635bfdc4938f933f75c957b24ee0d

SHA256
caf3f445c035427f70352c246906eb7547944b6316b32eb9d3e1cb09dda203f0

SHA512
27e82bc2a1447849da403b1a53cda402d211131307f13f68f7073df0ae05f29e657e05bf7d6c03f73ffe139c66b5269dca2fafef3a410869c45c4bfe425b37b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
6KB

MD5
c3ead8ee053fb1fa0ba9169a8334845d

SHA1
9d1e8af4fa44ff1a5981b979235713a477db14f3

SHA256
fc9bd934a9bfc1863ade12b0b55606f541feff2033e1ed7b047c53db0d50a878

SHA512
75fb2cea5df240a8123213162fead1a9b40edec3df9365449f23cb93eac9c3cdc54b3cb845fd8ce894737f6b246dc0969765c0776ae0da00a639ee0eee902067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
af4fc3834034462aab1f43c20c547184

SHA1
d361a29194ce5c487b21ecc04b131a3b97cda640

SHA256
7f2427a7e5ba40afefad54f8585da01a13270f0c68b66b59d79b4e28eaf9d56b

SHA512
9d7ada06e115a177e7bca600430556a895139abe94583def970f7b39a04faf5543abc09fed4c4d0c995e564c35beff4094b1c31bfe3f5caf635016d87fd532b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
9c2d8c8ac615dd144bf49fb610f1d697

SHA1
6610359ae47754dd68a0c6c9dcdee5737ec1b04d

SHA256
9a759c0e351d7479c20e55f61ce14dbddfcdfdfbea77e0d1a77da7bb2d977cf3

SHA512
dc97f5781c0754ea588ac5d53b42ba1233b41f82ae09995f0402d5ed29e260ab314e9d84a106678dee394f1840cf52fd6838712bbe124385ef3bb85bd383b977

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
2400f395a51154a146925c399d64a5b9

SHA1
f5cacfb808a0e101ecf0af3a1553784365dc3cdf

SHA256
a9073e9bd8c68f62554960f4716771bc7f3bb38d5413fd0f90c2d16650029a9f

SHA512
2793835322de91ce9c7948129d7294e22707e9372fa3994bdccdb6b5679cdf26bf4b54d8076cb7390f3a6b80036af81ca82f90466437b776dbb3b500fd333289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\bookmarkbackups\bookmarks-2024-10-02_11_ipkVOmAVKYJEoAlLFdzI+Q==.jsonlz4

Filesize
1017B

MD5
29f34fac9b0487c56be1a75b601cf1c7

SHA1
529b3f5ca67e7b46c319232b5d0c822c9804ee21

SHA256
4431c1aa4e338efde3a7081f8fd99ab6d3fe1df636a2888d5c83f4bc550e90d1

SHA512
e065fe45c17ca8495eff4489eaca305538808d1688ee45532dd03d81bc3f14d894f2a69fa8e881093e9dc8268cabf76196bf05796bbd5b619cf7d5853c694afe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\broadcast-listeners.json.tmp

Filesize
221B

MD5
045311f2d9ad82aaa20d585c11fbde82

SHA1
9f2f122d1e0ba3cefcc452ade5c01f38dfe022ba

SHA256
170bdb16d1e0fdba6027a246c8e7c0910f5dc001449a420de11ed0ee71b8c32a

SHA512
39ab69c5fd69c2683b89f17f54f7a9cb9f7a6d594125e6dca21caae3331e2336380be88b91de4d656d8e3f3b48638bead8f8269e0fe9470826a4784b8d7a0c66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cert9.db

Filesize
224KB

MD5
42c17703a6da931a93bf5bd10bda79f5

SHA1
8671dfe4a3bd7936dafb0d868d2d33a90c767191

SHA256
4d44782d10b7def9b0d590d9cddc8961144aaf8fd9d855adb2aba66b5aab86e7

SHA512
912e306add8604705f77f30905db1ea79c0f8c9b450419f008ad06a13f57d611a8c6e8846c796d73e6bd78aa4e3db33d51881bc94556fdee00e369a6d07b16b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cookies.sqlite

Filesize
512KB

MD5
b131bb06f76d249a6fb28b744a070e6e

SHA1
b23b3f2d90cd8c24e16c8456a41e29aae5699f30

SHA256
57c7c9ce94e8efe76faff0d212d692ab9dd70f32e4e8eea2001e6c17eac0abb5

SHA512
5e78e4a8327a7b83ac448597a370de5ef0734eb266a847883fb9ec46fb1d4be93e389500d7d64f7e06036d6fa683d3efcb55e0d86a03aae699fac138d3460f02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
36KB

MD5
e3142ca8ecdac18f0516feb5886d257e

SHA1
7073fb788f521d89599157e50f6fa82bad5db980

SHA256
d229351dcbedd8418df44295e331ebb0b76ad2f5ca7b0f13f53ccd343398dd5e

SHA512
7d02730785fb469df2882eff65b52f510d48073f761be598de2aed933bd65f9bd95f3bdf26935737b2f6987cafc17018e9d6a3e596c88dd0f13dbc5c6a7903b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
c9fd0016965304acb003d12cb062f2fa

SHA1
def6988249d51835515861cac15ad631b4a6aed8

SHA256
9247c73906fccfa4c29714d55a782298553fc8dbb4682a17c260e79ed358e335

SHA512
9b75dae5163552ed4bf422c92e98d384ec6d0fb2e1f68a443f1b439fdf144503010d5549a9a44f2a5543ad7187985391cbe42a47421773b048563c0d3112f047

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
99cbac1d6dff019df4981ca4f4707cc3

SHA1
0d34d086dfa5186726af210c5fc31edec842aea8

SHA256
a8bd8def201ef90e7720f38012958bafb04351b5ca65dc3392fa37e380daa37e

SHA512
f18710f5e73f4d9cf3e5705dc5296d4f2202a82f22a63a29fc0fdaf43d5d5207ed87e5e1a30ce99a66a1e497c4051ceead3874df1675acb09a2acb2dfc4e2089

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
77e1b15102065211cfd9744de9c57bc8

SHA1
a30c3baf4a76cb9faec7eb72979cbf2dfc2fd97f

SHA256
59f513b839b5828cadc420382d39a0bab4719b8053e14b9b4c986c54433bbdf6

SHA512
21c839db887015ca76bc60ef39c375d590f3caba0cd61f6fa89e6e51b3f8e13688d6201ae2acb8d88d97461c382a593a80f19e6ebc0ee47767e60eb6ef0dfb64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
ed197600cbc6f38d7456548a37497a1d

SHA1
90a45599c754b98e69565cee79a2a619382e8a20

SHA256
4c6023cbd5b859ac94a31ca2dcb78a74d245ca544e61274b19d40622a7cbd88e

SHA512
2c46f8627092fae105f6b79660c81b56d52d0a56433f3b05bdec95c71a4c1685d441d02fc1d80bb28e56c38aaa82aae95cef01a7bc9baf558a66d716ae641f13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
56KB

MD5
e74216cec5198ed7d7b26816ca885c46

SHA1
8de5948f096592712448a82092066b8f16b27305

SHA256
1ff17fddb0a8e6a110179794236c3241dd7edefd904f9ab9d499943dccc6bf3c

SHA512
9ed5d9401d42945f2b8635e65ef5b929b7e9103c0248d170e87f48c99476f1c5461b0ea9bf3809fb16116eca433ff0564b95e8f77e45fe6f81d1d11d5465ba4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ec8850eba387a439cfea934f60d9f7ee

SHA1
0d1dd1f9320b9daeac3aa99326e6083f6b1df3f9

SHA256
86c403ad13d32f308a53154f6acebec1a2f46ca1def147c1173960939474c779

SHA512
0ee5114482ac425fcbee4b0c0dd02811a093e6f45ff64ab021d3697e794912777ae0f7f27be4787e2a483ff9068b19362a63833b6554bf4652fcb82586be2b32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
36KB

MD5
1b2c1c160a14de7ec66485ead75e6c5e

SHA1
cdcc6af02086b7184a5608ed562d87a6039aacd8

SHA256
295ec8df9bc80d714be69abccf4ee5ea6fd84c21b9f535e01b497fe95840ab71

SHA512
abab8cad2748750be92ba80a2d0a034702cdee6144142fe32b3912965b9df064e7a2c148d399cc69e28162eb66f3db5ad883b5762fba595ccc87338f23e2d701

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
36KB

MD5
b9dc1f61b2a062290e4dcfd189927ede

SHA1
aca2ccc2739a8d462e6d85a9398cc3514b1b3e17

SHA256
b89f6fe307da8f262621a0a2c22c8505768e14e33bf5fb67e1189555c339b163

SHA512
35d45d1337b2b4ded63cd448bc5c3365ec5f9cbf7a8eac5794d5aac3cc416cb878361257c1cb0410195d64b3377caac1cefaf91c22001b05c178c1ed9d68c39e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\01e706a8-d101-4425-8936-1d8294fa964e

Filesize
25KB

MD5
646fc3e3b941acc5bbd5afd334092c2c

SHA1
086f5462766e347c392aa59e96979b53d70d6f20

SHA256
4ee6205f3619db9db840b9d5f156e0ba94cca99d6ee740b89b8d7ac5c5e54e32

SHA512
c6809d953e84599f6ae4c0766a2d7571ae44f340af3eb4c5675cd3203b42b236c16253b5e67e1c667eaf9c175a17eef8d02a80b719209b3ed22a711502e1c2c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\0d0141e1-2c1c-40ee-a871-c58173273312

Filesize
1KB

MD5
1b86ae4b9c2bcf1d0bf01594f6b7cb04

SHA1
2921e34dd2559349a4f9136bd175748c27e8bc0c

SHA256
bad50f7059b3eb3577dc04a84d5ef3adae3da23bd195272af096cc36d3ec430e

SHA512
646d8a905b08ca99964500c36cedec87e80a509b4ea9fcc0a0b800f36c40730ace9986181eb502481687b5cfbbbac66a0e5d2acf9675d80412882d8b6e0b7cb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\2832909d-2be9-4703-a379-4f371e51a00d

Filesize
905B

MD5
a059a966cbd1731895e7a6150c6784b6

SHA1
86a2030c45f38b3c1cd0bb769c59c2c0600fe869

SHA256
7be3f2a03fc9712764a9174149def3a84576be661237b8bd5d90d1670aff6492

SHA512
c5866ec44d0acc04b5bb5e11ef61eb58d8a153c0f834c5bd996f4bd5b0b18a177c2c8e10d98bbbf1683c15d398bfed0bf82573940549a4787f2b8c4fccddcf20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\287743aa-a19f-46fd-8ff1-ffb0f4c08ce4

Filesize
729B

MD5
5caf27bd1fdcab2e3998ecc336e7f4c2

SHA1
cbb1b8e2a2e6d7374365a68cd2b928296a826c48

SHA256
b86a40adfb874097d91851d60935491792e0cfa602ff78492b08c95fafb349b6

SHA512
0ef762deaee5c10acbc89343b3890b94c004a9afd2673e6d0a448147a8de4cbb18402e778c6e07c328380c3d58ddfa7c2853bb8637efe625fff284ecd2353015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\4131a5f3-04d0-49f1-8a1d-bfc3383579aa

Filesize
734B

MD5
aa02fc4e912333eef183311396279c6c

SHA1
481e47032432629c9377f112b191e418f59f5cd2

SHA256
ddd315f78bc34334a0eaf057819ef68686f48f13f96cf0d53c0667b75456e6f5

SHA512
0ba62eba1e00edca7da50df7f2242c2ebba33f2a2b7b3995b882c40a0c5e46eb139e2dcb91f6461baae92285b7d798f0ffaf53e2841e7d63b0e337d9e43e246e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\45d942a7-49c3-4bb2-9a6e-5e87a1b2c631

Filesize
11KB

MD5
24bb617e56d78d3d396995fe7340191b

SHA1
08d1fc58b267f7715b2acf03531c53e51b9078b9

SHA256
552c297a0f9f97621aa8c8dad50fe3c993590d29db68b5373d78e9925a9d2684

SHA512
70a4e5bfa663d8f8a0f1fcc185fc7a283ef8f412c90e04e3703287cab8895a3d77d39dab0b3556e7a9bec765b72246478428b494574535c04577898ca2152485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\7c2545b2-58b6-406e-a18d-857318c8704b

Filesize
982B

MD5
5c835b791e75f3d36328365a9bb76aa7

SHA1
a38ed4581be9b117afc6673e4fce1f5bdc1c1c3e

SHA256
ca747ea5f813ea9f8150dd350c721308404d5430e6562cc4a03b1eff48bb2f97

SHA512
438b066df817cded133cbc67cc69cb8012c567ace7f71e7111eec40c333fcb0fcd2c8259dffe3ef45d1712681d062ed53c05595a063f88675d7b55b2fdfaac27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\86d86b90-0754-4f45-8578-4622a68f96dd

Filesize
11KB

MD5
33035b2a2b7defd4cc4b784d06a47dbe

SHA1
4bbea0f68ce966c7e55d5ac1e1a20abf545e79b8

SHA256
84509d291a73b033e1e8594cc9ef8c7518e8180247e3dbbf2662eefbbc605524

SHA512
64bb6838575e80d89d2770bf65c32585572f69888adfaa9711209ff3b5fd172995c9968372e195bde4e52ec0418163fb9be842b7265799d1da313d7af6a92cee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\f24bcf43-d69b-43f8-8966-35fcdcb4c615

Filesize
671B

MD5
f412f92039d66396db5af914d54a7170

SHA1
96dbb50424c90e6b8e0982273abe3711ee47b60e

SHA256
872e9060151cfe9d9e7203de936649d022a3c3772bc50b213dff409d004d4d70

SHA512
ccf7b6efc1c1ce69b0c680caaa01a37f709725448dd49889e3ca08aebe21321266fa89ba399c2a4316dba0dfce2c270da13940dd36c4cffc3e7b0a43e0f98943

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\f950fe64-c7d5-4da0-a335-9f4482d83e50

Filesize
646B

MD5
f53f8896903a5071056dd0cb1a19937e

SHA1
aa875d69efd9717fa8a827210c5204082d5b56a6

SHA256
7a62b550e556fe8bc5eaf4698b48156f75e46794a2c925cb6ff68b7b20ba7bdc

SHA512
9ca8c48dd1b24431de83fdff8ef17107ec5826528da7835caa9a00996ca202e47ec18c98ec97aa605a6f1603620d27f6943b06fde5eead6fde766d59b6209f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\extensions.json

Filesize
37KB

MD5
43faee3f537a2c11165638a40321675a

SHA1
d2ae4e98d4220579b2838f883bfcd1b93944a388

SHA256
4b91d00c67bb810ea88d2f94517f31738ca026ec97d30893361a262297c9cef2

SHA512
fa94f43fda8fa2c77570ead36180fbd4a8d1ac92b4a93c3f8a78ffdc0568b34c8ff28a0182b7a3dbffb1d4ae196cdeae45a16891e8612d4823ab1239565f3a05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\favicons.sqlite

Filesize
5.0MB

MD5
7fb6a6cc3d7001bb562dca0ac6b4c120

SHA1
0a9ba948eca9e8a00e8f5e64a6008dc11e574190

SHA256
6148bc0e648160804b9abd53d9379c7e961bd3c21da58c4f532752cf7a830c20

SHA512
7f021c51e633c1fb31c8f6e24d83f01e8be6c0c10612673d1e1fddba293941e6243118f79266580a4573f651e34af239e6aadf1b33c4918f3f63b963749e70fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\permissions.sqlite

Filesize
96KB

MD5
6e6d42b23b9a77e8e4e6e6d8cf70ba88

SHA1
9e0be5222be93f2e38f0188059519d1b71c25f1d

SHA256
535dfcf308baa4cb59b28a480b0cc5439200cc862cf0caae3b58b49d54dbaa8a

SHA512
35f6e213306b8becf0bcb31d9575a6489c17d7227bcb806c495cfae7bfc4991afbd093139be638585e629f479c348f74ee8a58a3665aa9a76f415dc762335eff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\places.sqlite

Filesize
5.0MB

MD5
850f4faa3cea770934d3edef18589674

SHA1
a73bca39aff15a1bb57bb75cbcfc6366e1bd79c8

SHA256
a09042e789cc8e971aa632c6cf8d0454cb3b314869e99de57022613b08999292

SHA512
f8fb7e6070149526fa77c53a69023b998837ce46522b982fb81107af05903244ffb5f820213026597ed3190a0c03a5c43497e2db1f940d544ab468b57c8d2d2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
16KB

MD5
0b120450b0f3acd6ba2b1517367e049c

SHA1
39ba35b8ea5e83a3e7131d842317bcc084bb6625

SHA256
50902845c42a53dbcc7e3cab09d1d437060b74cb8da6aaa48c84afcbcce3b1b5

SHA512
c731f340862ecf2f654d92e6c20c5a98b9cabe0f93805fedc97fc88812029cb59d23665d187f239f59b95f28ce1f40d983d5618ee3378d2818a0821db408b799

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
12KB

MD5
4ac64dd4ad29532f0b92d72f9a13f776

SHA1
5246f3c8f2cd0039479821d683570ad45b88f4c7

SHA256
d32a609ad327a297d4b66b4aea5f4b0e13294316b7e0bb4716a743a0f02c7e9d

SHA512
68cb57c56919c83f0cebc71d8b5c03ee7f47bd716a6d4d92849455e0b0535c93c8585e0d958c39a96611c4155e4b70f132e78df593ea026fe79171f8fb7d60ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
15KB

MD5
7d0b4734e3dcfa9214389e999a6e19df

SHA1
91ad03a671c72914df9a4546b943875f716d9a4d

SHA256
8d21765b183fa41ee613cb423b70b070f180535a229ecde327e176ed555a5ab7

SHA512
09b7dee6c678004db04e73032fa1c11a1d1975def80dcf79ab2ba3401bdc85b44c6688586bca143cac09472e7ef4592d0e0a164a7a4820dbf8a2fc9748925189

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
16KB

MD5
79fb159bb13ed71a2c074a62bf944bfa

SHA1
6235e5c0cc2419c0c54bb532deb5a544a912e606

SHA256
f5dd0a6c4000e61513076d9d32897f842d1002c7359e1508bf0da91896d667ce

SHA512
d44591ac451499dfd61630b3c73e852b1037f878a260edfecb0a9b3b3db193f323f72ae28aba591ad984ca5d2700b5b03ac3e677ad2d304209bb01b57c1582be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
16KB

MD5
d773d765c3d00d886f5399714b0f0274

SHA1
8a18c1f07b83c821cb45b05eca6987723b79ad31

SHA256
82e9f50c265003db210acd27a606528b99641ebac3069d840d51a4d8a85847a6

SHA512
ab2dd1165b3a594e63e05debae0759ca51dc55d1b72a65f94d4f1a9b0db8ee8606de86eb34949db801dae14c213cfe4b8b977b8e43f59b78d3cefa57b86110b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
73705cbd003958ee05edaad2c32f7ac6

SHA1
2325b05c1e46de2a176f09739eb905e937301d50

SHA256
03da02c524e3476ce55b2f0b3ae95434a10f0737c89752e36189ec5a87e91f96

SHA512
9a469a12ab9d3501f6ac6caeb1295d1d0e34c9eb43a383ec0d90af95dcb6dd703f5aa61a0d2a12c4a860d424e9f35ebac18cba77f24dea5f6af0cc552521193c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
16KB

MD5
38a1db4c1aec428b9afd7fa5edfcbe3c

SHA1
c8e7584ba4487b20499e44cb1dbe82ac6c1a2410

SHA256
4b50a1a6f2b1d26e9c4ef5991a8dc26bc58868b5ed08aebb8a6ce3179367d4af

SHA512
9d34439f25b3caaeb1c8757be3ffd23e4792cfd1bdaebc8a7506404fafe58e0c25b6bcc5df97dad17c09270927cb97e724cd2754acf48471d412760a9bad9f35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
16KB

MD5
8dd88b4728d55812d20631783d678671

SHA1
0439758bdd89902644cbe6ea66c36638f3f21bfc

SHA256
377e79dcd2b3e1fa0244ba715f15c7056e14a3499af8e8d6f78c205a21cc3c16

SHA512
56217f68756738b10d445718fb05603fce1cb786594adedabaeaa002df9caa208987f6cb7303692f2d47e4c0bac6033d54b2ea0f103f7a2ee70855887a4d1d6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\security_state\data.safe.bin

Filesize
2.9MB

MD5
d31fc4415a3ee30122fec8fb24d10567

SHA1
c7a46961b2aaf6f89497312ce001ed4e788ba8ae

SHA256
66ceac68d1401c4cddd81e5a7f9d87c757292edcaf8bf68f22a534ed343ed6dc

SHA512
ae7c74175615e2ccf5be62ac4ce94c77264c66c1424973046182bfba9191e8de51d3ffb32262235900c92d4fedf1d27fdb57d18ba9c14ca8b619d74eb9663f3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
19ed99dff5c580f05f92d06518df6751

SHA1
74af34a012c228e25f1d2a1cb02fc81f93df45e2

SHA256
db3cdcae44d791b23d57d093cb08e670d39cfe9d0840d54ed02098ec72595432

SHA512
b6aabd800196615787548196a6e3bf070502f5cd7ddf29852e1b151641fb879a09967e6f8cc8b3e65bf29ba7353301b57c674439cbda44e63dda6d90f4d7474a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
09203dce748ce68764feb39a49f83f17

SHA1
9c0c40ff1a013924d9bf7b71a2523ba956de1a7b

SHA256
8068bcbc66733ae24c133bd542f3832a405f5a1ee1f42a8ca66636391d10cd9f

SHA512
4fe9fd1128806c23325785faa0bb072f813483184803ba2f86494a71f7e9ecca2e3c76ace92e0d343aed155a75cb6636870b60ef4239054b192b7166237fee8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3214dd6a5da1c0e501b279356c7a0644

SHA1
e00d4ee66888d77d4930d0fdc5438e5babfea013

SHA256
e722fd8f24626104329800274fab478af6397fa3c6b03022e715c30122ff9398

SHA512
fea6e9f277b4fcbc82d887017c8aeb58ddfeb33e5d27e7d690b655367935559b64ffd52637a65cf90942ac8ab8434aa005b96239eb23fe85e29832b5cd2ae2c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
de244c631b2d282e3bf5ae9510e49798

SHA1
dcafd3a118d7e90453dda7199dafa98e26d3e7e5

SHA256
6f3bb3690a82d9f496d579fa91d711eff60d5f8a27b1300cf6fcfd4165a61b63

SHA512
215ed4fc09928f0443917f22d4672c7cd329766a54b6fa0e48e6a3540462cf95a8aabc15f89a3c810d25522bbbf50b5ac4a97dd72a3f7ab5dd99ca40924937f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
40d92a4e3fd660c9d12089e16f07d02f

SHA1
4aeec68165cf1bcd6aefa084d8bcba80dab788d6

SHA256
6f137d132bd1b46b8ad00ada7c2fbc2c7dda250ede3daf17874376c7fae66120

SHA512
db75ffbea5c14765f917e36691382bd25cb804dcd1c9ccfb3ef0c32bdab16944d9fdd94599ec5c44f61b827f97eac7f96a91e8099660b134f729e13fe18a09e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3b7900155e693563a4736030f8e406de

SHA1
6ec9efb9fd8a43934f58ab3c26c375bd42878155

SHA256
1768c734a55288e139102e5811f0c15107c4d89b9a4bdf3b75d39b74027dc1cd

SHA512
61d003ee36eeb0a5eb53523e30f4f7bd201998db295d4c6d29e24f72c8fd3351909fa96c3a5892c9fe5e07f6414090a420cd267fb1ba001b5bae0923dc0404e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
a696866d831d467a033ded10b6d2acba

SHA1
1a731a12bc8cafa3bb0888260f499855bc7e165e

SHA256
2dccd7890a9f4269701618792f292e88a25ff31cf03c61c12f9cb99ec5cbc3b6

SHA512
661418c75e4126bbf818a86e625eaf6a582a957ecdc3c735ce9ab3807b0b7e3dff2aac57b435c0bf87a753f93c999a51492c39068390d80858106653cd162f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
1ab4f1778e0f65f8d4f61e2f96d0cf0f

SHA1
0300a53e7deb17d8e1e52bb8c00650e55766a5f3

SHA256
f016266cf5412294f8a436fd1b0c08d93c675940f9f98b261df35e557ec1b043

SHA512
5c9c48e0dfd8a341a517967867193773f5d441e84c38ff846d6b11965e8e98f23904aa032b40515aa5e4636ca2748d9c596bab727ad3ac98f5d80eb675bee44b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage.sqlite

Filesize
4KB

MD5
6c93ce422b357b8a9cbe8523ed907dc1

SHA1
831a9cd831a9bacacd9d04f976f78c7e9d4a8b6f

SHA256
69c317d28b44bebf08f0cf495efe8461c3d2ba2629f359f938037b5659f6998c

SHA512
dc7171651d6cb32199c23cb386a70104feade50631a37c3e64f0639490c96cf0434a979d036b40fcacb7f0bff16e8fb3256e1ab020bb3c25e990d53c98a43170

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
47d7c1247b1ff3ce63895126a5cf07fd

SHA1
1dacd19652a5898417daeba4f0aee59b89182082

SHA256
5be4b8c65482da667b26c1ea46cf3946019dba5e759ae7e4845fc0738abaedb7

SHA512
101cf2d02b297ec28a91a66154dda5fbd860cf88dd68729de527f47ba767d4b6b9742af38a3d61b6e2e7f37419557b353d0937994fc0d17182167435db5003eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
5bef36aee869e915d57334ded9610ad0

SHA1
1636c31672ef76ca2e2d9f86f7bd121613d86d9c

SHA256
18295cf05b35de3e48ca83356cb26f0ca38140b35cbeed0ceab6ddac8e189eac

SHA512
56500ad410dac891d61cc889f9b59ce7bb3db19d34d26fb87c26239b6d6ca3bb2046761870038009554930a1ad5af41de5a2698ed892dbb97f8ae59f8ff6121b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
11.1MB

MD5
37ab4030667d0ca750cf07b2976eb410

SHA1
55307b53fe72eec26d0a509c0a896db21534f17e

SHA256
8c4b36dbdbb32da64ba5f309701ec11978edf71ee5f55c50ef7c46c9c294bbd2

SHA512
c7ba175f60473e0c7e164c071b965edeaf7a5a76a9e5e687c107c6f7c746ed9377dd5c01a0f5f5ebc7d9b0e95b9d40b2ec3a0e3fcb258630e017ca1c37fe62a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Downloads\Profect.exe

Filesize
405KB

MD5
b93eece989a1ec0086a84573444b4fcb

SHA1
65cecca726793387d2c904054a90277a300b96b0

SHA256
f0a9c27d42e3f77b2f600c5762ffb5db9eafd4fa0a2c2f8e1723d3d40e62da10

SHA512
b89a54f0ae53354be12d3f617b88f43e4065132c35212760c9d7eed305dc0ca24f5319b7838ed490f1598b33b71ef4c99bee5f016e7747ff347a8b739a109566

Download Submit
C:\Windows\INF\PerceptionSimulationSixDof.PNF

Filesize
10KB

MD5
4727f1463800c560e56ac8829da9dcea

SHA1
6b5d6982bcbbba55cf6b2e308a24aba0964b976c

SHA256
acb859df437a9b84d31d1745afcaf35629e77fdeb6c4894a79e970c1baeeb107

SHA512
6bd6f0bfaf8bf5f74aae7038b016f8337642d1320560cde23617126ca76f68ed2ea70e30c531c56976c0392694b7600414d459dde327f3a4c4251fe948cc54f3

Download Submit
C:\Windows\INF\c_apo.PNF

Filesize
6KB

MD5
a853f41c23d4fe2d77416a6abc772296

SHA1
4874550080f4cceb96621db4612b3c782ba749d2

SHA256
67bb08c161f0fa2376226485dff96b96a54317f9114339c188215796af9ffb39

SHA512
4a4f2d300cee4b4ceca4555c0cc9e81599772d6947bd4785441fb80a9c2d979ab23fd52ef517d79996b85f5a0a3ddf23b14fc65da2d77d99ee7386ec6c703138

Download Submit
C:\Windows\INF\c_barcodescanner.PNF

Filesize
3KB

MD5
1612bf196a6d9f603f06e5285788039b

SHA1
439fa54bacb5741e11e6545ee359f2170856a18d

SHA256
25565d343bd1d66169a78a1f724b8c7a802a5a270507fc6e44f9e7f81e133af8

SHA512
95dc29d6dcc12b7e821c0fb5df7b5c9b81d5d5b88a1ac28a8ee9b2f5037baf7bdce76e2f90530a511a691724bc7cb3b536ecdeb27d837f703599dbffcf264aec

Download Submit
C:\Windows\INF\c_camera.PNF

Filesize
8KB

MD5
635b809e7f26e17c826d91caf443f5ee

SHA1
e7eb032169d5469fb2542e265c0e41060b7208cb

SHA256
a0adbb76d838c050e9675aebbdc1f828bed38e666224be50befb3224b6ac1ac8

SHA512
2736ed99f3c7575cef811bbd34e1e1794bf069547039d1c52ebe7d9500ff8a4d5b421f1ed9ae6ddb6241cad48f17a69fe2a8575361929abd7593f61f75b309c1

Download Submit
C:\Windows\INF\c_cashdrawer.PNF

Filesize
3KB

MD5
10ec5363080f592b28391d9ef6d4bc66

SHA1
1e9496d3a08268e0a161dab66e93d5a84c45a685

SHA256
84b989c7c52bd7bb19101ed0bdfd2700d5fbd387f41e197f0e40b74bf03a4ed2

SHA512
7f80383f162713ba924fb27e078d76d048da6fb0e6aa492c4774e0288fa01b5e560dc7e5a531b0f6015adf999196d7caa541e4242856396e8dc0e7d28c2fbaa6

Download Submit
C:\Windows\INF\c_computeaccelerator.PNF

Filesize
4KB

MD5
010ff1b5722b40df96772fc8475e2954

SHA1
d8408c155ea957a279b32772e6bf4828d64de68d

SHA256
afa8d317de9dbd1158ed7f2699a75f7073f7dd0b01d42c9d790f9b2f735b8862

SHA512
32c5568e1b5543fa23f7d43830f98a6aa67beef6b51321857ee7dd01e14f2cf1bad0ab832e40d4d4c9522f1460f6e3b08a843d41bdc9b35da4016ff432f51fb9

Download Submit
C:\Windows\INF\c_diskdrive.PNF

Filesize
6KB

MD5
1d5dd75227dea34de8cb4b9806f19c3d

SHA1
a52effc11dc36f67e8f25d7dcdd6e45d6dccd682

SHA256
a098f9192d7601984e6a479a4de0d26cfa05cfa7ffbe16032ca5f6f6193ae82c

SHA512
82e7ac2deb2db24888e287242e612f2190c2085d89c4b00bdbcdcc13add13cba5b1a8ff79fc7f8717e24903682af3cb88134957030e1ad5dfe4c077f5534dd88

Download Submit
C:\Windows\INF\c_display.PNF

Filesize
8KB

MD5
716a1b21d16beae0405cc08d35d137cd

SHA1
a013a0d39efd59a831edfe5194dd182af25109aa

SHA256
e3170e44d159d924bd7884c4e0fd6b590ffd93b0ce2c1eebd0d68606039f7df5

SHA512
bf6664be664c1675b1038afe91d108a0d0f487f158cf6d0b183ab5ac5cf10836270c71687b69a220bd7ef8383bd2aa1cc9715edcedd4fde1735c7af50ac103f8

Download Submit
C:\Windows\INF\c_extension.PNF

Filesize
4KB

MD5
27d34bd884f705ac09e31702bdc6d849

SHA1
b646aa41779f75da390fc57b6cc8e00923615274

SHA256
fb5b8135d9c19421bba195c08635a8666a63958b0a846a8afd064da1e4905d2a

SHA512
de27e181309d677554f6322e939cc81f96fed9be175c72628b9a70a8d3f8efe2246a920cdaf3e3052b6344d111243d11206c0aae53831a4d1707a6a5b60b0e6f

Download Submit
C:\Windows\INF\c_firmware.PNF

Filesize
7KB

MD5
17e9e998a7bbdb4d92c38ed8ce36d1de

SHA1
c3bf9329f6049e18fce96c01250d58136282b4c0

SHA256
e1be32a27fd512871a6d77b22d82441624541d185ec7d9dd9561b16a546b7a72

SHA512
3b63adacc8d5bc2e874b4c18b5c135b86177df805391642abdeefc2c2d102e5730f926308d0c5c3b4f0e087f734ab2ebb9ee9bf12ab1497192984261b7fc8398

Download Submit
C:\Windows\INF\c_fsactivitymonitor.PNF

Filesize
4KB

MD5
1f4787198878a25c3afd1f570c5ec5ae

SHA1
433014c81f04179fed62fc7ed9e33e6c35214fee

SHA256
88aba4504ce00b030a1f9a6145242494de282c2891d0991b8b5942411ee76c62

SHA512
5e846bbcbdf238e123311c2d8845e24057c2d6518aa4be42fd9444eac10ce93cb5c0c92f69474c4850b670b08ce67bb28460f496b8a6e6e25cef45107b1afb13

Download Submit
C:\Windows\INF\c_fsantivirus.PNF

Filesize
4KB

MD5
b93d641489836820549a799c8e0adeb4

SHA1
cb8c8a23ec4af9db35ee5a8b7ba05dc45a88c407

SHA256
d26f373639b2492bb19b1fe49cb4a15468fa82d33a5edee783085ea930ea548f

SHA512
50971c7eeb11d71c709d973d02095195d402a9ab841d209b7768915799b0efea44149c2295271d370e8ece6bb7e61f2a710743f235d3dac2c01b504bea8b22d3

Download Submit
C:\Windows\INF\c_fscfsmetadataserver.PNF

Filesize
4KB

MD5
471f8471ea731302b8a70e76aa188bd0

SHA1
ab95f26fe6c80afcc51c65cb8c5f1161adfc737f

SHA256
55effd2afad588c36451dc14a1dd3441ed84dc0239bc3df96cf3f14e3e22bf97

SHA512
c9d177573d6a4270b544cc8a550866fe3d5043ca13caf6fbed725ed19238d41753d42797470f8f4e30e826071cd445f14aee1604a841e2edb6415ecd9e53ca56

Download Submit
C:\Windows\INF\c_fscompression.PNF

Filesize
4KB

MD5
f2a4deb924ea1359ebc1f79b54638c97

SHA1
60b73db886611ec90e5e8574b8b29437f549b187

SHA256
faabbb829de4921239f319724428e503a8b97f41b9edad9d784dee4e909c0c79

SHA512
aaccdf7763abb6c975678a87d3e74646607ffd70022286013fb459c3b976ea4732b849b828f92a0227a8c42e106191a525132b7ed2f2bcea70e5406e19252d9c

Download Submit
C:\Windows\INF\c_fscontentscreener.PNF

Filesize
4KB

MD5
3b472535dd28f7813453ef30342da520

SHA1
214cf479fefd4bd97500aded2419b2b8168c0cf4

SHA256
41c558facd4ef651d8550a1e977ea8ca80ac5bb3665871c75feb5d7183d01340

SHA512
188d8401671f34aeab23eccd12597efa82033d60b7aee29757ab1101ede221e4aaa188b6d2dcbcca6cf2055cf9fcbeb1e5e73e6f718c30b41e1ada4278351b70

Download Submit
C:\Windows\INF\c_fscontinuousbackup.PNF

Filesize
4KB

MD5
f53828de32f9443d2ea921f00833f74f

SHA1
4d76ef377b6285fc99ae5578b934399f4c16733f

SHA256
2fefe7ef3e33bb4d3ed76fd778bb95067403320b36598ae266da535cb6ef376f

SHA512
2eeebdb37da1912cde92bb468f1e6bb061134dd573288057bfa97ceb95d21f44b5695cb24da93904a59dac9edd30be60d62b7d8d4d67de95cf60f52444812b67

Download Submit
C:\Windows\INF\c_fscopyprotection.PNF

Filesize
4KB

MD5
5b67080932458b9cc9d05a57738be5de

SHA1
5c6f7afbcf24fe482f69b7a229b399fdea1aea89

SHA256
36030632f21351f30f744c1a860049d96dea2eb2c10d5fddf16419d0cc3e04c5

SHA512
c226f938710bc268f30adb272177d2a442fd4958210fc64dcadf5774ce7fe0eb5c93e717e12b15667d54b1aa6743f8b2d7d3536024fd21ffe11e20d5ab9d1e14

Download Submit
C:\Windows\INF\c_fsencryption.PNF

Filesize
4KB

MD5
9e6208510c8e16c8644bdf84727dad96

SHA1
1ef11316668e6ec8081634e04cce3cd8cc00a519

SHA256
3ce04c47d4a2303ce0fe343f06db8b407ed1e1bb68e4af5d448468a9522c9446

SHA512
bed7fc75339cfeb82beb2fcb846948fef26100b4b5a47a5eb48d1dd34a2fd2f63e035c66fab50b810209112fc761dd8d34053d6ed197c1b8c0cb2ecb7f27f8cb

Download Submit
C:\Windows\INF\c_fshsm.PNF

Filesize
4KB

MD5
da56ce9a446c9c56c8db8fdd774c55c3

SHA1
e2fcafe83a0c44bec9ee04798a9f9e887979ca0c

SHA256
7d70d2278cdd7e2b5332f9a60421dc233494e2266fa13c81cbde98f47bfdaba7

SHA512
18ca1c0cb2a552e17eb798c2ff227d239d082fccb666049a6784abb9ad483430ec86e8756e0f5db6588b9de298ac769246875389883fc5361162460036665d29

Download Submit
C:\Windows\INF\c_fsinfrastructure.PNF

Filesize
4KB

MD5
4606581f16fa9bd296a9004775fa34c3

SHA1
7c2d8e4d7e3048c92ca919d9db10b50edf4539cb

SHA256
dd17315e90f52d0654d2e090764ca944f5c42c36aade16b0a5e2f66801283f2b

SHA512
c488a5ba805e8b1d0991058e7b1e65512fab592dce4eb054ad3d938643712de3a9a613403e02c89020c191e418702923029de0eedc03916b89fb26d5e8f52b91

Download Submit
C:\Windows\INF\c_fsopenfilebackup.PNF

Filesize
4KB

MD5
75cf5e4b2f67516dab96def334520f52

SHA1
bffff5aec69a342a90cc221568b955bb128e4e66

SHA256
0ef98ea9b373048458debfb530fb67db7271bba6d5ed48368c88d506a2680169

SHA512
5eab4cfeba992e5d3f27d31a1698d20eadc20ab9bbce590cdb2df1c2e4688e297c5af4e5e001f7263455847d15a7e4470ee7c8deae452f89d7550b5dda0776a4

Download Submit
C:\Windows\INF\c_fsphysicalquotamgmt.PNF

Filesize
4KB

MD5
8787655d1ede276b63718ce306132a1b

SHA1
86003d100d0e941df9dccc1f1547bc67e6077106

SHA256
c4e7fffc59afb592e185891b1d80bf77036219ecabff99fe9841111681c7d768

SHA512
a0304824071bf69ac9827cd5d1c34d773750dc360daa4e05aa1150d1f4253c515e44c70304a6c239068450eb9f6446a2e77f8d77c8ad3ac01750f9fbc340656a

Download Submit
C:\Windows\INF\c_fsquotamgmt.PNF

Filesize
4KB

MD5
6e878016c00fd87d7e537ab8449eb1cc

SHA1
2f9616a4c9cc3cb84867888ed5fcfb31b0cceb67

SHA256
2b14bda4a5e6dbbfa66ee7bb003292d5fba52afba154d738caaa7df6b3404c35

SHA512
f769bfa1b6d207a43aadd94bd22ffdd5322d65bc24375e3a98d023cf5ef18f623abb1244008938e1678cd86bb49da9094fe94d3f4fe3e53bc2b00da0e4c81056

Download Submit
C:\Windows\INF\c_fsreplication.PNF

Filesize
4KB

MD5
8cb757d27ef88b319f73fc4488b419a4

SHA1
e5b313c1e89452f8939303481962e9aabef8efde

SHA256
54c0853c6c23825d7994d75bd2a303b7652fbbd3be1f0f679b30fc1e9d8a0501

SHA512
77ab6af7838bf4d229267f7a6a661250899c4b35f911d1834121aee57212c44d5556a89c60e2a0009c2595a87748165275997e048a7f38e71dd8f56535d09fbf

Download Submit
C:\Windows\INF\c_fssecurityenhancer.PNF

Filesize
4KB

MD5
1362efe81526af8900823b47aee2af21

SHA1
29ed06fd9ec4642243eb7f9bb50aebb818bece7b

SHA256
29472cbada6d95395c63815e9e0f2af908f5995e40c55c888eb53772516f1cd5

SHA512
3ed679a5111257f04e13eb07d07b09ca607c483a82f9340eb4bf549d090d2209b461ffeb31211deb3b00bc684a6e8bf9891f5df8776f3c9b3df9b27cd6816d1c

Download Submit
C:\Windows\INF\c_fssystem.PNF

Filesize
4KB

MD5
00f1263f2f80f30b8b15c620a2b7ecd9

SHA1
e70a12870530184e22260eb6da195625b4b84c40

SHA256
36d008e9f5bbca30fe100a3ac0d82652c8a856b6f2e280a48eb15ea96243725c

SHA512
d660f50e37a609f1b8c36c1d2f03639e5477dc7fcd30722cc0650df217d3c7423ca6da3578f3184d7352ae2c09bee879143d5a893f4fcba39248600d68d753e5

Download Submit
C:\Windows\INF\c_fssystemrecovery.PNF

Filesize
4KB

MD5
d64cf078b669a9423c53b30639d14673

SHA1
02d135f1ee9cf103f026ad70d2215b00b7d68a64

SHA256
c19ed0b1a10e5d3b24e35255f5d07456d0dc28e3b9258c7d94e74117d0f9b64f

SHA512
04898e90cc19bd15ecc3a94f967724db897b7dbb7b6051d8519d41dadda02a094728d03482e9117bc8db8c12a01e678a900461602edb63e548560c62ef72b8ef

Download Submit
C:\Windows\INF\c_fsundelete.PNF

Filesize
4KB

MD5
9f93b72693addc33af2e63679d1d9cc2

SHA1
b143629771ec63ebb8456bea0f67e5ba0d0fded8

SHA256
3f59ef6f5bed34d4455c8de57af62ebbfeb620e2bd6e0070db33b359e5dd78ef

SHA512
f504cea95b00f6d293042983f30210458bd83743239a11f0f44853d43d7a2bd7aaafd1cb0791feabf76059e8b2d23162b5f87b01626a94e04cc3a089212801aa

Download Submit
C:\Windows\INF\c_fsvirtualization.PNF

Filesize
4KB

MD5
b334b21cca44c954a003517e03e42e1d

SHA1
56eb6b613ff93982080f3acfe8734393e24dc209

SHA256
030f9533f2366e102d9e778ddaee5941e86587f0b7ed05f70bbaedd386c54769

SHA512
e60236a7ff27d03d891cb82216659fd995fa2a0f4a1a98cccee201d181f727cac81d7a9b46350495d6823cdba38fad6f1bc5437f59aa3309e5588511b625dfb1

Download Submit
C:\Windows\INF\c_holographic.PNF

Filesize
6KB

MD5
6de19082ac6ea5e762f07a9f4ae2dabe

SHA1
244f0be56547bc0c8f1e709473c821f4c6e35033

SHA256
6ec40b1ded458a66b7ad4e38548457784ff734dcfdee8a223fc6ec13f08ae189

SHA512
ab6fa5af9c59a18dfc56427d2f875cde985f5be63716ebb87cefd70e68f631e1a1355bf362b972d61b74724b55be251456629283907541633d84ab0f7155f1a7

Download Submit
C:\Windows\INF\c_linedisplay.PNF

Filesize
3KB

MD5
91a09e3af2e93f1077a3f3f0032ba957

SHA1
4db830545f7815a3fcf5af83ffe7c1fb7e6c46a2

SHA256
dd962d4f7cc8c4f5089af114415d76b939eae011675990b2c90c0cf70ebc2b22

SHA512
3323c25f6b64d50a1017189af4d5baf47c3f7fdd7d0ca1c9813f78113763c40f466081414df4d515373089ceccdb26a1daec67679b8e460a71a6fc34c1c1b405

Download Submit
C:\Windows\INF\c_magneticstripereader.PNF

Filesize
3KB

MD5
b19015e21e1bc2886b0b674d2f450bd1

SHA1
540de50a0d3b98b6abbc084178ba05e4704321be

SHA256
a1bc54e853d96acf8279a0a7f98de870e6d217d281b1119aad865816659b1eff

SHA512
cfe69151364ff1227b2eae37420ae70f34760150ca78b2e5dad9a83cd0538f6e1ce2798b4f31ee6fd9b9e17e020d738c7ec3805796e8d40bad1cbaa3914350b6

Download Submit
C:\Windows\INF\c_mcx.PNF

Filesize
4KB

MD5
31955dd6bce18a28de7437b71c8fc9d3

SHA1
4102884389d4d7f1040a0253a5a9f6a1be6efd5a

SHA256
f225f80951685d3251e2b3a5e541cf2b3cd15e3c0ef726acf73a2aa9286df194

SHA512
7a20dcbc83224120eab3845bbc18873d5966681eb5737fbc13869d6be071883c25285deda6a42cbe71f7785198531d8249b07db76c70d2b7ee36281a80a955ac

Download Submit
C:\Windows\INF\c_media.PNF

Filesize
12KB

MD5
d6f787534eea52824abfef940379b071

SHA1
b200fb5e314de41c743ac84fc973584dee668946

SHA256
feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8

SHA512
7ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca

Download Submit
C:\Windows\INF\c_monitor.PNF

Filesize
6KB

MD5
e55484adf517c891a3568285a58df614

SHA1
04c231a0fd9905bbc69705cc68aa34de1f5d7fa6

SHA256
6fe79bf95069eabb801dda3a11a6fed20219b4551048c0543519fa29e658854a

SHA512
5f32de576b3985076371ecda630512d345d3408775a1fe9fc83007e37a9da4c8b5243e12875f5026cd1237e8c802069b0d27ddb089eaa4e6e1e72dde382af742

Download Submit
C:\Windows\INF\c_netdriver.PNF

Filesize
4KB

MD5
a40acbc0203a0113c3ad441e60eaa829

SHA1
ab60fb245fa158318794fe4a257daa707ed77307

SHA256
6c93fbac7d48a4f7873a46b1f547b04a8895427cc6ebd95c8df82d77b8078b3f

SHA512
b30fc0918dc7666738314fe401a5f52f4a4f94a1b6f6b6e67faf57e88431b7ddaa57377b405a53936e94b2454358722876056fa96304e963bcec84a741a8ee36

Download Submit
C:\Windows\INF\c_processor.PNF

Filesize
5KB

MD5
67023eb46c962e3e002b173c5c2f9486

SHA1
bc0bc60fcaf68b7c32691f7697910e9a8df7e034

SHA256
2d4779aa32d7c06de10881adf7b3ac969015283a0374f06bc826e208630c2532

SHA512
453a6668974f61122d65c4b8c508b0616a930cd3c32d16ca25841a08150fe129a2e8ed7f920f166587304d3a9fc5a72135e1039bea9cca5eca73519a17fd57ae

Download Submit
C:\Windows\INF\c_proximity.PNF

Filesize
5KB

MD5
e3d6abbef4229f7bf273bdf8b30c88e2

SHA1
e933a7cd9ee4e48eea4a4bba5264050adc438d3c

SHA256
e28185e3a2aae498b6fd252c32352a0d7545ebe785d9410c67f60f3c1c2cc9ec

SHA512
e7d34e5943c2723f2802e72d83ca3082510c2a5e1187e55a43145e14c9f5f0528c25a55e221bfca98cd3dc815056e5cf4b0d824f5d57c0193387a881591bb472

Download Submit
C:\Windows\INF\c_receiptprinter.PNF

Filesize
3KB

MD5
7ad88f894f88591b4ba3a210652b6770

SHA1
bd4af94cbe2c3bf690ea36873c8d22ffd47570c6

SHA256
f65627cfa3082449a09aec7625fd929f7076e33eb434aff9755ba36ff64e1cd9

SHA512
ce287a5285b45f6d4bdb5c45a7c9deb9e858dcd27f5dea3036bca8d17d185692d37373f797d526924789bf7234df1b25ca898f895a9975b42b1a0bc2ea043f79

Download Submit
C:\Windows\INF\c_scmdisk.PNF

Filesize
6KB

MD5
19819a9d36345ced250334ceaf3d9933

SHA1
57ea5febd57b940fe0873a30d11d8072f58f34f0

SHA256
26e2ef177733b7e2a65e498b9d8586bd7895b55b61b9805816a897afa0f189e0

SHA512
08ffb76cd1af7fcae742efbb4a14c8ff5662f682cae7f90c8587d65771ca3871e5bd3d807336924b4632150a4b47da2bfc6b9d7bb919b5cf0633ce60517823b6

Download Submit
C:\Windows\INF\c_scmvolume.PNF

Filesize
4KB

MD5
4cd9a52327efce4c0d587add58441934

SHA1
ed875acf73786e3097d3eb5e4a0e6bf2e1be0a5e

SHA256
0bc3b0e811f8eb985ea41c8baf342084774fb2085cc4c88f25f6f2a175224a3d

SHA512
1fc6897b1dd0f033a3077dc6086a991f80aeb7f1c29975c465c5311837a7506ee94777fa75774346d0961b181a210d21cb021e1f83d03c0ac450312cf72c5402

Download Submit
C:\Windows\INF\c_smrdisk.PNF

Filesize
6KB

MD5
781fd38afe88a2f83304918be5f877a0

SHA1
dbaba880da5be01c5b8cf6c3452cb01f0799a014

SHA256
4c8dc9101bd8c67018a149186e1f5991be5f2e0067fcb6c8f19f02c58ad75658

SHA512
3f896a6db4dd3363bcd85106d20fec1d3cd915c4822aebb640acb731b6884e8a0501dbf48c784d8f07e2aba60eb00ff9b3f15d0133a686e4254e2ca1740f6a79

Download Submit
C:\Windows\INF\c_smrvolume.PNF

Filesize
4KB

MD5
82e7a585ec5c27df4474bcde4f0fca03

SHA1
1c1993d5f3fb15c9bc6e2aa74a09760c3a9a1579

SHA256
e4da23de89652abdb279b1c8a976c199a2d248e69fd394b0fbcca9c989163dd3

SHA512
0cb290e8e8e2df6d1b4693aa2e247753a16f94b989021d1b4ae70edfa38cf86a047443afb25e3d13648c235b4b20ee6b4f85ae712168d286c7abfe86473844ef

Download Submit
C:\Windows\INF\c_sslaccel.PNF

Filesize
4KB

MD5
a5b60198ed9c83074babfa86f60c1e4b

SHA1
2f3e922d885fec14b965d9138ec90a1571125e8a

SHA256
024d245e7af8409c38f53bd91cf4ede6c11dad6a192a27351ce027db7fdcbb03

SHA512
47571c1995d026e90114bea355d67842e8e77ab003e906f7f5b247c1fe50743609165b944368f7b92759082c78f5b0ef020023c45bb712ede8e408979a7bbd00

Download Submit
C:\Windows\INF\c_swcomponent.PNF

Filesize
7KB

MD5
403754bb5b16f0bec16feb627e89d98f

SHA1
7c8ad53c645fdcad430fcd98c5e2c479ab67375e

SHA256
076a3397a28b8e3d42a4a4cf49035b8cc93431a354624180fecfed646184784b

SHA512
dca99bddcdb45f3127188f6fc3d05625d8d8a6a4707ac1e2382ee067ad578b226f4bfa00b32198046b948530f92c10783230259e4efe9266871c52177aead0de

Download Submit
C:\Windows\INF\c_ucm.PNF

Filesize
4KB

MD5
f9ae048e56c72bb3b9fb1952f11cc19c

SHA1
8511bb327329b0eae1395257b4993d9c68c228a6

SHA256
fc2b432ef5f57dd777d2bd5ee144be5e295aff15c5665777c92c4b09d6564347

SHA512
73c3e2389ddc1fb1b059b65a63d54c52457094e627227fe936327ef8dcce71f4a03d7e9893548a6ec2b99e19ac2260a2e1a8574f23b58fa1153ea7eb0adc6586

Download Submit
C:\Windows\INF\c_volume.PNF

Filesize
4KB

MD5
5033fa3bf5ee1c8c1caae81ea274dd4f

SHA1
618b9440eccb8fc555223beda00253ade35218ed

SHA256
70301e8c8cdba4ff779eb5a865beddcd57ee8c850943af7f8767dd195308cc57

SHA512
4ef4b41df992e8114802e44e42638e6a6b4d6522845bad81ab7d4086e9c938f3fef9607e7f1ae1c69e4be27310efeea8ed8029c6a2f1d7b75da7792a4bb77a65

Download Submit
C:\Windows\INF\dc1-controller.PNF

Filesize
14KB

MD5
1fb296ca51785eb27dd289ceb90e8082

SHA1
0024d66ce2c3bd8d215e2a75c78bac3b5bb6fb5e

SHA256
45a627584acd8f55ac0f185b736d4fe8b1b8448bc43429a6d5eb3dfc6e0619a7

SHA512
4180b4bdf466f19ee52067cbddf4097cfe4898bc7bce044e986564ea6ba583c89e50869f33af65e2df565012f451ea2ae3b7be04c3d0c2c42de2a1ee98b34e15

Download Submit
C:\Windows\INF\digitalmediadevice.PNF

Filesize
7KB

MD5
a836ce407e59d74219bc0b9eecf283b8

SHA1
8a81e6f50f5072a3ec8a95bc762ad4cfa5ce7417

SHA256
e2db4528df46f2d1ecdbd9cfd1f49ba4d76cdb1209c68c2d44ae2c4659c6bb3c

SHA512
0224a30d40d10f81ebd48d5c39d5c6427eaabbf00a0815399677473c2f8f1446d25a38ab02dcc54d239be54f6e85688c7f609c542a58fafbc5a659f0f759cdaf

Download Submit
C:\Windows\INF\miradisp.PNF

Filesize
11KB

MD5
a29c26407bbcd347209ef1b6ee0da34f

SHA1
e1f4ce5ff4619a4414aa1e0ed3ac520a83919584

SHA256
519c5d140e5fa8aae6506e14dce399e1e7d44798989227962ef51733cca03227

SHA512
1760e5112b9e4723d51be0f07986649b3b524ec3a994b3035b6239850c449279cbbef40533dab1cc08c1bae3ec5957148ce6f66504d0c9cfd52109ef09cb53d7

Download Submit
C:\Windows\INF\oposdrv.PNF

Filesize
8KB

MD5
659a76800ea4cfd8964835bb3335cfe8

SHA1
9c76e9b00991a70f401dd8a466bf03fec7970f07

SHA256
0d4df2651cfc67925e89355dbb3b44448c67079fc165766fe7333b6c01adf1c0

SHA512
f648d6b320544f7f12ef8ac8ac02cbb19dde870b049f180cb7e1aa16502d8c1de6b20bc6a7bcb274bf05ae58962b1e429dd36c3d8d7f64fe38c1817765c2f323

Download Submit
C:\Windows\INF\rawsilo.PNF

Filesize
8KB

MD5
dc872092ebf50bb7a7896139d455a6b7

SHA1
546b584bd1308ad385dd41590a088b5cca5b7726

SHA256
78b1064c14d0105e95cba86bf5dddb52bada64c2cbf13a3050225513fe940f3a

SHA512
0c7cdd06dee1882bac00ff499f452670abd6f687c6050711dc4304c9c91b2e0df920baf5346906ec9dc39738198fa66e4b227b1b6a39cd57f6390e055e5d1de7

Download Submit
C:\Windows\INF\rdcameradriver.PNF

Filesize
13KB

MD5
1c5d8d8648b79b79d2ddda9d78fa637c

SHA1
5de477696fdaf88c626717f8a3a5c06c7135eb02

SHA256
ab0cb0aa7c4b85d6209fdfc916c5426cdf92fa8bc63c3fe15cda9485bc39f7a6

SHA512
e0a1d6d35578edc27783a22e40ae533477fdf0ff315d119d4fa460faba1653b23104976b1e0f685d0201f7cb9c06a304481337b567c3b2aa57ee72d31bf743e0

Download Submit
C:\Windows\INF\remoteposdrv.PNF

Filesize
8KB

MD5
9308552995015f80d3bcccd3064fd195

SHA1
6d4d06f34993415b2c7a14a43482009690570791

SHA256
731cddccdc9a9162c35a930b2a49ccd8e948a7def5592d747efe18e6edbe1495

SHA512
727932159bf9c9776f77aef5a58a861d0776b01f40fe3328daf627d3aaaf1ab024083e924997a376fef431878ff3b9583049f29663f3524f72c49b38c18f88bd

Download Submit
C:\Windows\INF\ts_generic.PNF

Filesize
8KB

MD5
3534f09af4d582004cfe83f46c1ded8a

SHA1
214ef4c84113ef525e7f7a0cdcb75381603d6a94

SHA256
4073bdbe494263b9ae88a5a389e8c2910ebcbabbf6d217be98641bfdbb14340a

SHA512
033f8add0bb488bf5f7be5f4fb70983ab583de9dab24446efef7d78246a600d0e6fd09b286a18e6399b15c5b3e844d53d6bb75e1dbc33c908b938e8e278ec690

Download Submit
C:\Windows\INF\wsdprint.PNF

Filesize
7KB

MD5
8a6891fcdf26e775d797e990b9425fd1

SHA1
209c5835a526d24404d6d7fd900c7d6d15e46e36

SHA256
9079bd458069686dbb82872229308ab78fe7d57719dfa3120a307ce6164ba7d3

SHA512
7b32bd3c4cf093d8a6657c00ca477143ec4318b657380eb58998c83dd19525df754441a99350c58c511d84f455f1002ceb9755847d7725337bad0a9a3686e874

Download Submit
C:\Windows\INF\xusb22.PNF

Filesize
9KB

MD5
85ff96e96acea3a9ad5723ba90aa2cdb

SHA1
bee57b3abe4b3182284755d206e0565f990e2cbc

SHA256
c7f6aabc0b73f90fe527cbe4cb8bd0047988d471731471808b07a87b61eea13e

SHA512
ca3aa49446693678429e1920224170abbecfc52eface28801acb0de4ee0cfde2f4a7e1f7203f86733b866feefe33c3887847ccfec2077ddb60cabec5c5a21f28

Download Submit
memory/1912-4720-0x00007FFAD8960000-0x00007FFAD9A10000-memory.dmp

Filesize
16.7MB

Download
memory/1912-4715-0x00007FFAF17D0000-0x00007FFAF17E1000-memory.dmp

Filesize
68KB

Download
memory/1912-4767-0x00007FFAD8960000-0x00007FFAD9A10000-memory.dmp

Filesize
16.7MB

Download
memory/1912-4723-0x00007FFAE25C0000-0x00007FFAE25D1000-memory.dmp

Filesize
68KB

Download
memory/1912-4722-0x00007FFAE8CB0000-0x00007FFAE8CC8000-memory.dmp

Filesize
96KB

Download
memory/1912-4725-0x00007FFAE24E0000-0x00007FFAE24F1000-memory.dmp

Filesize
68KB

Download
memory/1912-4721-0x00007FFAE25E0000-0x00007FFAE2601000-memory.dmp

Filesize
132KB

Download
memory/1912-4716-0x00007FFAEAA40000-0x00007FFAEAA5D000-memory.dmp

Filesize
116KB

Download
memory/1912-4719-0x00007FFAE3790000-0x00007FFAE37D1000-memory.dmp

Filesize
260KB

Download
memory/1912-4710-0x00007FFADD710000-0x00007FFADD9C6000-memory.dmp

Filesize
2.7MB

Download
memory/1912-4718-0x00007FFADCDA0000-0x00007FFADCFAB000-memory.dmp

Filesize
2.0MB

Download
memory/1912-4717-0x00007FFAE8D00000-0x00007FFAE8D11000-memory.dmp

Filesize
68KB

Download
memory/1912-4708-0x00007FF698F00000-0x00007FF698FF8000-memory.dmp

Filesize
992KB

Download
memory/1912-4742-0x00007FFAD8960000-0x00007FFAD9A10000-memory.dmp

Filesize
16.7MB

Download
memory/1912-4709-0x00007FFAE3CF0000-0x00007FFAE3D24000-memory.dmp

Filesize
208KB

Download
memory/1912-4711-0x00007FFAF2110000-0x00007FFAF2128000-memory.dmp

Filesize
96KB

Download
memory/1912-4712-0x00007FFAF1EE0000-0x00007FFAF1EF7000-memory.dmp

Filesize
92KB

Download
memory/1912-4724-0x00007FFAE2500000-0x00007FFAE2511000-memory.dmp

Filesize
68KB

Download
memory/1912-4713-0x00007FFAF1E40000-0x00007FFAF1E51000-memory.dmp

Filesize
68KB

Download
memory/1912-4714-0x00007FFAF18F0000-0x00007FFAF1907000-memory.dmp

Filesize
92KB

Download
memory/5004-4668-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download
memory/5004-4666-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download
memory/5004-4665-0x00007FFADFCB5000-0x00007FFADFCB6000-memory.dmp

Filesize
4KB

Download
memory/5004-4664-0x000000001B9B0000-0x000000001BA4C000-memory.dmp

Filesize
624KB

Download
memory/5004-4667-0x000000001B650000-0x000000001B658000-memory.dmp

Filesize
32KB

Download
memory/5004-4663-0x000000001BF70000-0x000000001C43E000-memory.dmp

Filesize
4.8MB

Download
memory/5004-4662-0x00000000010E0000-0x00000000010E6000-memory.dmp

Filesize
24KB

Download
memory/5004-4661-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download
memory/5004-8279-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download
memory/5004-4670-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download
memory/5004-4677-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download
memory/5004-6763-0x000000001FA10000-0x000000001FA72000-memory.dmp

Filesize
392KB

Download
memory/5004-6762-0x000000001F7E0000-0x000000001F886000-memory.dmp

Filesize
664KB

Download
memory/5004-4659-0x00007FFADFCB5000-0x00007FFADFCB6000-memory.dmp

Filesize
4KB

Download
memory/5004-4660-0x00007FFADFA00000-0x00007FFAE03A1000-memory.dmp

Filesize
9.6MB

Download