jigsaw | 3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

Analysis

max time kernel
2588s
max time network
2623s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-10-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jigsaw.exe
Size

283KB
MD5

2773e3dc59472296cb0024ba7715a64e
SHA1

27d99fbca067f478bb91cdbcb92f13a828b00859
SHA256

3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7
SHA512

6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262
SSDEEP

6144:7fukPLPvucHiQQQ4uuy9ApZbZWxcZt+kTfMLJTOAZiYSXjjeqXus:7fu5cCT7yYlWi8kTfMLJTOAZiYSXjyqX

Score

10^/10

jigsaw discovery persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw
Renames multiple (1482) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

drpbx.exe

pid process

6128 drpbx.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

pid	process
6128	drpbx.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

jigsaw.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	jigsaw.exe

Drops file in Program Files directory 64 IoCs

Processes:

drpbx.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\fr.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-96.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadWideTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-36.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-200_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\GetHelpAppList.scale-125_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Todos_0.33.33351.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Illustrations\icon2.scale-125_theme-dark.png	drpbx.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-60_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\ExchangeLargeTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\FeedbackHubSplashScreen.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\Scrubbing_icons.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_12008.1001.1.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\GenericMailSmallTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailMediumTile.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherAppList.targetsize-48_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-32_altform-lightunplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-80_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Assets\PeopleAppList.targetsize-96_altform-lightunplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-140.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Wide310x150Logo.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailWideTile.scale-150.png	drpbx.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyView.scale-400.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\contrast-black\NotepadSmallTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\contrast-white\CameraMedTile.scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-16_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneVideo_10.21012.10511.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-125_contrast-black.png	drpbx.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfr.jar.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-64_altform-unplated_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_1.0.36.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsStoreLogo.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-80.png	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Warm.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-black\WideTile.scale-200_contrast-black.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\Agenda_EmptyState_Balloon.svg	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-16_altform-unplated_contrast-white.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_neutral_split.scale-100_8wekyb3d8bbwe\Images\contrast-black\PowerAutomateWide310x150Logo.scale-100.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\rsod\osmuxmui.msi.16.en-us.boot.tree.dat.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosMedTile.contrast-black_scale-200.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\Images\Square44x44Logo.targetsize-40_altform-unplated.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-80.png.fun	drpbx.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview-hover.svg.fun	drpbx.exe
File created	C:\Program Files\Microsoft Office\root\vreg\dcfmui.msi.16.en-us.vreg.dat.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsSplashScreen.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorWideTile.scale-125.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2020.503.58.0_x64__8wekyb3d8bbwe\Assets\contrast-white\CameraSplashScreen.scale-100.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-72_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-30_altform-lightunplated_contrast-black.png	drpbx.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.fun	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-60_altform-unplated.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-64.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\VoiceRecorderSmallTile.scale-125.png	drpbx.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MLModels\autofill_labeling_features.txt.fun	drpbx.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.tree.dat	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-48.png	drpbx.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-40_contrast-white.png	drpbx.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133735632691448861"	chrome.exe

Modifies registry class 4 IoCs

Processes:

chrome.exeOpenWith.exefirefox.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 4 IoCs

Processes:

chrome.exechrome.exechrome.exefirefox.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\jigsaw:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\jigsaw (1):Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\jigsaw (2):Zone.Identifier	chrome.exe
File created	C:\Users\Admin\Downloads\jigsaw(1):Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

4412 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

4832 vlc.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1204 chrome.exe
1204 chrome.exe
2008 chrome.exe
2008 chrome.exe
2008 chrome.exe
2008 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

4832 vlc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1204 chrome.exe
1204 chrome.exe
1204 chrome.exe
1204 chrome.exe
1204 chrome.exe
1204 chrome.exe
1204 chrome.exe

pid	process
4412	NOTEPAD.EXE

pid	process
1204	chrome.exe
1204	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe
2008	chrome.exe

pid	process
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe
Token: SeShutdownPrivilege	1204	chrome.exe
Token: SeCreatePagefilePrivilege	1204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

vlc.exechrome.exe

pid	process
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

vlc.exechrome.exe

pid	process
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
4832	vlc.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe
1204	chrome.exe

Suspicious use of SetWindowsHookEx 41 IoCs

Processes:

vlc.exeOpenWith.exefirefox.exeOpenWith.exe

pid	process
4832	vlc.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
2240	OpenWith.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
4588	firefox.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe
336	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

jigsaw.exechrome.exe

description	pid	process	target process
PID 2868 wrote to memory of 6128	2868	jigsaw.exe	drpbx.exe
PID 2868 wrote to memory of 6128	2868	jigsaw.exe	drpbx.exe
PID 1204 wrote to memory of 4684	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 4684	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5640	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5560	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 5560	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe
PID 1204 wrote to memory of 3460	1204	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
"C:\Users\Admin\AppData\Local\Temp\jigsaw.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\jigsaw.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:6128

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\UninstallBackup.cmd" "
1⤵
PID:6040

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
1⤵
PID:5580

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\UninstallBackup.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4412

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OpenGet.mp4v"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff939fbcc40,0x7ff939fbcc4c,0x7ff939fbcc58
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:3
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3128,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4660,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4620,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4592,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3604,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4504,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4440,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - NTFS ADS
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3784,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3380,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5316,i,7396776818813844749,559056668365510565,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\jigsaw"
  2⤵
  PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\jigsaw
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of SetWindowsHookEx
    PID:4588
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1672 -parentBuildID 20240401114208 -prefsHandle 1788 -prefMapHandle 1876 -prefsLen 21583 -prefMapSize 241323 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a84ae5c-4d23-4e05-8849-5e793f2b6a46} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" gpu
      4⤵
      PID:3344
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 21583 -prefMapSize 241323 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {117b63e6-9c60-48b0-8546-82a2095f29b1} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" socket
      4⤵
      PID:3932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2896 -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2936 -prefsLen 22336 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d887829-aeda-4ed7-92a6-e871493d9170} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:6036
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4200 -childID 2 -isForBrowser -prefsHandle 4104 -prefMapHandle 4180 -prefsLen 23926 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82750a5d-6944-4f34-9ce3-a1542aa120ee} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4580 -childID 3 -isForBrowser -prefsHandle 4572 -prefMapHandle 4568 -prefsLen 29567 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {727c1f9a-3dc5-4bad-b640-efc49a24ba72} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:2032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5448 -prefMapHandle 5444 -prefsLen 30588 -prefMapSize 241323 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7131cdf8-4765-4c6d-8948-7746ba7cd54e} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" utility
      4⤵
      Checks processor information in registry
      PID:232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5596 -prefMapHandle 5484 -prefsLen 30588 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6b22fbe-0fb1-43e9-aee9-2f0fa4b782f3} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:3604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -parentBuildID 20240401114208 -prefsHandle 5792 -prefMapHandle 5800 -prefsLen 30730 -prefMapSize 241323 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3aa4f352-067e-4e51-8a17-82c0e3c5bc92} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" rdd
      4⤵
      PID:1460
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6432 -childID 5 -isForBrowser -prefsHandle 6448 -prefMapHandle 6428 -prefsLen 28775 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c7daf53-6c95-4245-99c0-1ee4c6ea7aae} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:1348
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6588 -childID 6 -isForBrowser -prefsHandle 4380 -prefMapHandle 3640 -prefsLen 28775 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7532620a-ba32-470c-b9ab-9fb5711d960f} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:1640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6680 -childID 7 -isForBrowser -prefsHandle 6756 -prefMapHandle 6752 -prefsLen 28775 -prefMapSize 241323 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e233de1b-cb81-4f97-840c-36a8568565b2} 4588 "\\.\pipe\gecko-crash-server-pipe.4588" tab
      4⤵
      PID:5232

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.fun

Filesize
32KB

MD5
829165ca0fd145de3c2c8051b321734f

SHA1
f5cc3af85ab27c3ea2c2f7cbb8295b28a76a459e

SHA256
a193ee2673e0ba5ebc5ea6e65665b8a28bd7611f06d2b0174ec2076e22d94356

SHA512
7d380cda12b342a770def9d4e9c078c97874f3a30cd9f531355e3744a8fef2308f79878ffeb12ce26953325cb6a17bc7e54237dfdc2ee72b140ec295676adbcb

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\invalid32x32.gif.fun

Filesize
160B

MD5
580ee0344b7da2786da6a433a1e84893

SHA1
60f8c4dd5457e9834f5402cb326b1a2d3ca0ba7e

SHA256
98b6c2ddfefc628d03ceaef9d69688674a6bc32eb707f9ed86bc8c75675c4513

SHA512
356d2cdea3321e894b5b46ad1ea24c0e3c8be8e3c454b5bd300b7340cbb454e71fc89ca09ea0785b373b483e67c2f6f6bb408e489b0de4ff82d5ed69a75613ba

Download Submit
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
283KB

MD5
2773e3dc59472296cb0024ba7715a64e

SHA1
27d99fbca067f478bb91cdbcb92f13a828b00859

SHA256
3ae96f73d805e1d3995253db4d910300d8442ea603737a1428b613061e7f61e7

SHA512
6ef530b209f8ec459cca66dbf2c31ec96c5f7d609f17fa3b877d276968032fbc6132ea4a45ed1450fb6c5d730a7c9349bf4481e28befaea6b119ec0ded842262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c123cd62736b051868333d729f4adda4

SHA1
db00fed33f3649a8dbb077d9e57f8dffe16d0627

SHA256
bf6b192f32ffa51a515b4b165ea7facacdd656f4cafad1aba53b6a7b9dd14a79

SHA512
620d35d76fdc932cca51910746edaca8940caed94bb5eba02c7d46ecf855535c6281bf77d355ea5dd1f8644caa6caa2b140a30a12b8124b5e110190c7e79f2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4f6c7be99e581dcb9fee673f587efbc7

SHA1
a1c65d2ace8603deddafe71c3162928b3b4f78c8

SHA256
b809a9386dfeeccb885e6d85f5ba1454ff5ca49654cde7c2b486e39a1d75ab4c

SHA512
029559bb43f601135b5e16e2dded49a53956fdc3161c6f2de74f6f2d40c993dee6942323b41bbe9f8858c9c826b606a859b765bab3c4bf36c64e59a4ca4395e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
540cc8481d4d7de4b3b1a18568016ac2

SHA1
fb6ffe6abe77c3a98764eebb18943449b806c7c1

SHA256
5c35a1d246e55e49a4c359600cac82d7af0a682f88d1349d3064d40e1ad3c2b9

SHA512
c89c08d7dcfc5a35182339e260e990b6f48177cd3c5e7ef095e9401507ba00d644a17df4c25abfcb13eeeeb8508f68a2d9eabf53aec253eed8cf49acd4e126c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3f6729dfafc96bc9f82b9b8c0f64717b

SHA1
6c469b9ac4afe9870bbe5c1b79d9f995711682f4

SHA256
c13e80f152f9e9e00761eb8e83e0a28563fe73b08f685e3ce04c9a579c3e4e4b

SHA512
7215fc7232c1bc687b01af3151d05ed7fdd738f70ca058490869adde964a3714d72fc720c8a36062a2ce95d32f9cb29d979bbfd1d3cec69ebefa6c9a8e55c8d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
332338e98221711c270cd609e4f76fc5

SHA1
3f303964e7330ccb0681b92eba09d91c982e3e7b

SHA256
fd0b5d7ce6ef062bd7ac627445e15520771a4b437a0d6be6d65d55e88e2cf01c

SHA512
fbd2870a5c705a31c249e0f23e46f1788d4290b896e1c6b7fad67a2925a3cdca3f1a0858594f6635ab8e7bf32bd4645026a47c4d2bb5a56e303100df0d1afca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
849bf1957267a8854d8edc8b0300a223

SHA1
1c55708e68a9df8b8d163bc14527ac0385d19edf

SHA256
67afd0ba386737c0ab513a49b2c2a2c0ec274a2eb5de09d869f26d61d0c13471

SHA512
4c8e2c33815cb1fd52835927995a422f9e9003abb6956d56a368d074e1b13cc26716c33b92e153239ff5e8dc39c651c2ea9dcdbd2c4c56f1842dc43e58a4b263

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
11761ebe3abe9cf32bc402089b136657

SHA1
5f67f79552ff38fa6dbad11b7ead06f47c288ab0

SHA256
6ed58e6fed5ebad73b5f08dac824b53f8e91f7e0413b2c57a44e5fa1a35f1b3a

SHA512
d70bac87abb2e39081a37de23246d730e80fe3f53fe7b07c6f0578f4df2d13fcf03c9c3b150b24546a30655ef97d1c57044a3b15d0137a0d63524ae5add26971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
e923ec5434ce33b1a3d36999a3928be2

SHA1
1a33f5e9a111591016e9659e7998242d713ae197

SHA256
1bab95d8818f7d95215903dd4829a35533eafa9b996bae742bc9527bb78ca057

SHA512
314193ae37a8d4b265095d099fe093e505ccd3c71852057daa571ce3fc2d41eea20185a1940abb18b0ed5344de8c9ef9ff0fe2852d32bce582e6674c02515762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
0fd38a7683a8bd0187985ba4b598d96a

SHA1
851ce66c1c8f3cda2dd7964adaa71e7ff00bcb1f

SHA256
71f6ecfdc9dd7134a3f0c0aa201190f8370eb1c633cc9faf20903b3d06ad7a1a

SHA512
64e9496b0ce881d46cc0a8ba0f30aae53f304f755983bb3806659d5c8ce41d49ede3b55e5f3a584b0d20340a5474389aa4e191cccb58f763a7f6e2d5be68dc4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
67abdf77f544e7d21a0f5da7ed5b94a0

SHA1
2de27189afe33ff5d1e6037c16147590aa6492f8

SHA256
5300a5b0cdaa5ac48184fb39f90c398f81c4fce7cbb9589fc490d430c5bf72d0

SHA512
e07f69f6dbc8a2703a93449ad02ca8050992e652ce607e83d285562927b9f70acd05c9d9ad066779863bb21b8ae530e636a662afe64fc7d616f8fa8431395083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
331524f3661f3c786039ce1fdb662c66

SHA1
feb18a7698ca5fa3cfa546d57d56dddce0cfa782

SHA256
20711518883c3d6099f7cf940bbb149062a615eeec5d2744c257abe56aa17c5a

SHA512
a2b1d28067c9749b643037732f65c8adfa80cd792677b737cde159990958919dc2024b6e2af514168fa6c10e34f1c72bf1a1c39ad210a155d1f8c53b7cdd9321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25d411d77c4767fc29d509a52a095af3

SHA1
dbc41dae6a1ecf670603f79cb661b254bbf96c18

SHA256
bfc31b5849e632e9ea870e5732b39fa6fec47d103718f5049b655d4e77bb3d5e

SHA512
48a1109342587616cc24a30b28d4e55f46d6f7bf2b2fca44248a9e12db30864a0ffe5cfbc42597ad382ef61f20cd0f51bc11a3b76c18c9379f723e8adbf97735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4e79920e4b48a1ffa97915a48031bcd

SHA1
d994abb7818f4f483d5c8ef9b5604c2f414a006f

SHA256
e0bbd43e143800fe27407dd6e59f5b1e4b3dbefcedf6426460b7fcbf82bf6f1e

SHA512
41ade287c60f9bbf0816dfb1e23bac800ae949014be822400c55cb6f7f9803189797479e87b8c064e0d079590379a450fa66a46a0c0f8a160b910fb18203d126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0047871d83be627705126f6705a56c63

SHA1
c9a5a8a8bdc45a870ff2b3661260618ec55acc8c

SHA256
bb58ae4b4f1cde2685809df25a5d2c3e1012e6548fce66885a04650ededb9bf3

SHA512
85a3bb64bbc67b77970d610e65154093b34eaffa32cc941e2254b4304b2f62e7ea8ae1adbd59348e6daf21368dfb8bda46bbc0284a720d73edb1c1b86056d7b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2557f755c3e0d5968acf58faa6deab76

SHA1
0451b8d242d515d84adc5427fe9c6942bd53695a

SHA256
d2c25f024e30a2a691bcbfa22cfb6ec669c2bea8da1e98beaadc9a8653a42818

SHA512
2f8de6cc257b53bc3d0bc81e65a9b178f3864389547b11b99c033463e900b3b6edfede32f6c9185dbbc16a79cea4d769a94dc38ec529f9cde1ea10a1ca917e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8083054a3823fea8f43bdcf85100b935

SHA1
e55b4acd43819f7b757427e6e5625e2764e01db8

SHA256
deb03abcf1be0f234b5fd7daea366431aacb86f632ff18004921579c0e456df0

SHA512
e2c3a279e52d8468ad34b0ab46e07be96046196df59105ad18d5870628836a6d98f5a257fb31be3ead058dee60c8d3a6854c53c61bae95d5970dc5137a67ce68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2cd6dd480357da7cb3c587290f1553d

SHA1
b2b76a6a8b70fc22a32af37e4924d33e651bec5f

SHA256
4b79eae2bca81e835ece9de95e317ee04b712a7f14761fef37dc55d09fa8a104

SHA512
6ad108c0cd8adbd9187d20f3e91938bd6c573974d14272b97c882d97cc12e926efea894da9cb6c8744ca46d2feb7a739915dc3b487df37b1d479499720cd1880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fea11b290bf79bc770f44a651a87317f

SHA1
db303400369f18ee7493bb39c2f2ec82492afca6

SHA256
518be3a1dbb7ac303bafe7e7be02d2dfd85d26a46cca1a86097c3c20a521f07e

SHA512
6172cbd2d257114b004a6f170c9ad344c5024d3f56b1ae29bd4037bcb8c0df32b376b43bfe03b74f01a59a97a0ed13ea65d8677525773235e7232606836e0c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4b277658fbbe465284e16ad11b87602

SHA1
ba9c88e93a6a5c4b322afac048efe4fe9bb18b4d

SHA256
fa52d39bb925048f9a52e5e54bad216e6887f9b1d69167fa298d5f467bf6eab1

SHA512
0860dc9c962c1f44fc1ce89493eeceb37c2355412b6853de5cdb98f12564eb4977b3fb135617b0bf5e651d5e903d1e0c432d9384c241ec143aceb1c9a597377b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f73b912f0b0912b53a81566d66f62e77

SHA1
c4296d36d39e155f9976530d9ede5bf9c66deedc

SHA256
7e732176b636db68e1c26a21a8f1b3fb13d960c70b87ce255bd4dc887e549887

SHA512
0a237600aee69b5092b56d5a828da826bac8268b8d53c1bad45b23264967dd30d98e2b0b68ca5e26505fa8748c4bd0aefc2a299bff9531f71733eb5ced517ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4f564b7c0c4df921535f00ee67b01633

SHA1
9236f187ed6fb0201ac75beb45bb54f74845b50d

SHA256
042e04ad1332582622cc867a7a9024de21768ae052dd901e3c68c3fb75de7dd1

SHA512
b8e3900bf652a9d3a54d11b00e6674eb547fdeb394a933fe7fccfa9d0a1586c89995bd505c6f20f103e795b9e9e2be7880144de926e730570cd275f5585e42e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
65ffb5e4344eacb80fc1ba162e585167

SHA1
2f462dbe9ab666c1425c583e6d0b52e2743b666d

SHA256
1936aa5e70e58647a8b9cc95bd53aa89e33ed6cbd6c1e0e896c10cf98ad4d58a

SHA512
b1bb9588910d251e2b7974a2ea762ad25de366088c064ee8af472e574193d9f8286337a0025ce124278553ae8702c8b32da045acb1b9cbbee2a2c5abda4afb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ac1228be889bdb63f76945f227679dc8

SHA1
a78afc9314afd3cddf6d165a651c48343f62daeb

SHA256
b4535f6831afcdb2e51fa2f1a57943931fc2d8fccac179adc655abfdf4d3e2b7

SHA512
7e9193a7e9d31c12fbf9ba4da7e2d8f70c3eb07027f5b7667a37b55df0fdbe65373a0ae932d2e5af1fbfae8e5cfafe5195328d98ad76fd810d4e2e3feff8d0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
3484ad9e3e38b70e35ae2effcff37c76

SHA1
ce4f427b8d0c455ab6c63618f1545d1504393336

SHA256
987fed92e5333482abf6df0338b1f7089e5cfb3a31607acaca5680f47ac384b5

SHA512
6c4e52c9ade2507bbce4777e61e3fef8ae150bd38d501857a5f81a968f9462ab453a2d3e437aa59c0302b1bc57fa0c283c247c54ff5d226f60d40a3c87676e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8be10156d0a74168c25bf069defd639e

SHA1
672a3b112f264bad9d5da11cd5f19f7072debbea

SHA256
a17da935d735afb03e273ff0c154680747b4cf4aa0acfca62239d06d3af142c4

SHA512
4797a4adf5a99464788afc171d49450fa1ee05edfe144c05ed6c874fc1e95cb020ad2177f3c2e3f75e7a3eb2787b08309620f6d291fd87066818bc354972ade7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a26447379d30acfb01126332649d0876

SHA1
09adb05a48333f18a2c78489a55707483c8a099e

SHA256
f15d840248bed6f7763f69888f714446ac301cbd0d1bbc92497c5138b0dde3b9

SHA512
4fec20e734ebf66488537d533766a973d274d9cd61134b627aab9c2a5676b123d6027a0a2c8b306b0114561efefbc592b1c3ad4555050b2a4608aabfb8a5350e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
52f7ff699b4c7b0df99852255e2476bb

SHA1
59bb6645d14c40abd39d14143c4814bdcb7cd6cd

SHA256
2df7ec4a79c99507621a0d9831536483db543214cc0ac8c122509c981b76daff

SHA512
040d3218de241adf313b8c29f311d10978d2c3813eeb966aaac096f5e08b5f9f4fc49e9d847079b6b561b3e782af995a7a524336264d88e3c77a15990aea1758

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
77acd0e6c1fa88a961cfd736ab60c47b

SHA1
0e71319b4689870a52a2db61aa24771480b35951

SHA256
132adf540f1bcb091762e1e9693a4748a1dc1b77e9a3292867acb7e17bad7f50

SHA512
e5536679403f657ab650535f3deaabddea709124ff08736144eaac2683f59c24dfa768cb35a1a9bef6d928825401a0fd5cba66c1e0e246dbaba710588d845b6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\E3430FE298F82BC616CF4B109ED5743162E5145C

Filesize
13KB

MD5
8a4c0ebdbb18cbfb98e365981ca6f821

SHA1
d16538f627b5e291cc1974c33b86984e532d2bdb

SHA256
58047d33ed65eba1163b8fce0cf3e738d011d40c3ad6ad4d302c515bca83cfd2

SHA512
139620bf680435e0d94c4f0e9ea9b025a80360f18d2ef4b64e2a3e3c317969c090ba071f18d9ff609f7ab96aea1a9815ec297bb282ede640b68553bc9b8ddb70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\ads-track-digest256.sbstore

Filesize
1KB

MD5
9257c6d7a11efc7a942eff10952f2aa9

SHA1
a476fa1ce6ac65601534fc49c5ef39fcc9852645

SHA256
3851e32284e0eaf5687e6b55c6fdc5ad0b5020b81699bde6faffca570016cad4

SHA512
52aae9e5a565d08d54db74fd9c5ec6bf831ad03f5901d6212599c9c6e554d22d475a7c169e4068f13eaaa247b4562008fd658a5fb7e287646945f6ef30a5d084

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\analytics-track-digest256.sbstore

Filesize
651B

MD5
758e863d90671e7e3012d8a9d6169aed

SHA1
70823c8b77ae98e04dcea417964417e4bf1ef301

SHA256
a6c2d1e172f62c8557fd75f5185a937d46433f03221c7221e59ebacbf2f0bb57

SHA512
e8cf425b22040ca8338587bff3457af50871fea4496b2d27a827aea615f645acb76bcb1cd73d5ee77d07f139816dd390262ee231adc661c5a1a272c1c9828197

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\base-cryptomining-track-digest256.sbstore

Filesize
315B

MD5
11557f274f85b0333bcff2c463cee9d2

SHA1
88b800807da2b404578df9c6613960a0dfbb88a6

SHA256
24c953cf01673aa81f8086034ef32f6bbd07c3419162e3d5fb08ab37f854adea

SHA512
5c4d9cd85dae2ba90048eecfdc2987f4f5c5d1e8bc5964203b30f562d66bde5ea8b3059ad1cdd19fe06e814480900e533318affe873b68cbcd810e9f4e7c9ede

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\base-email-track-digest256.sbstore

Filesize
461B

MD5
c37c7ecc6985b9eb6d7784961b74d418

SHA1
d068cb3b4683de553b0cbbd5c4d11ad828b6c9cc

SHA256
bb61e5b90f654f3ca95299d05d4888d125e5de44ca8b53c86eadd225af3bf5f1

SHA512
2c61b87e518f5a51efe0cb3f917fa7ad2acb96a4c398971da4cabc0cb705a56501f5ca84121ba58eb8e82149eeafa3795121845df5ff9aec35cb4ea409af0fe3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.sbstore

Filesize
367B

MD5
be7d2765def13d5a252cc963f62e9dec

SHA1
4055e5b3ac7581e27eadd02560d7f30e9df4caa1

SHA256
06eee65e89c04b4e84a983437d9d98295dc2fe629a306244aacd7d2a787e5bcd

SHA512
a7f5b82eb2688df0255a7e04a330bba2adeda4c7990fddc9f0bee5447285d2de93c6cda2d24f1708970f2596d66be3c4e1942ed3f974901e97297c5bcd2a006f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\content-email-track-digest256.sbstore

Filesize
523B

MD5
f6276772def3683c8d6423267b2fe006

SHA1
f91130954a74daa0465cf73d23a84ec3ea0a89c2

SHA256
0cc8dc4b43ac791ba56ee47187c4dfecc6bbb4830fa6427e87344f901d5d27d9

SHA512
4628533e13b4850056ff8b0ecefd6991a6fc45ddc46e28103bbf06767342ddf6324462f0644ffc5c503370769dd4865226b1440bd2cef238fbf892148e1d502b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\content-track-digest256.sbstore

Filesize
511B

MD5
51d0037241fd968870f54ace34821097

SHA1
1de7bba79b592fd60ce7996625aafb6850cd4030

SHA256
c0d2ff4a77d7b1383af6534b54b0bc3e5dc9248447246d77bacc07d645587de1

SHA512
5d77a27ed7a82e6106106860b50ef389656250d012fe3810b2e8c8a481357ce8475cf41fc9c56228dc3bbaee80151c9fa99ed9e77c7b4c675cc38cd95bbfeab0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\google-trackwhite-digest256.sbstore

Filesize
43KB

MD5
03e14be9bc0a656037a3b5942a546b9c

SHA1
27c8c966f0c0199c6790bc3b8156d1f018b8c5b0

SHA256
6b768a574930c00b1ae0da8677c98b99efb66d81d2bfc7bc3856ba3dcaee73e6

SHA512
33aadd19c593b005d5940d26f65f135162a161631218ad9ad0741549fb81ebf3958375b4ee4fcc154cbc2694e621180670c9a485828862af752de557e9e82b89

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.sbstore

Filesize
9KB

MD5
4f1db84b523d8fea02d102c3a16332d5

SHA1
321f249d1a4a9773def0685f3329deefcc23f09c

SHA256
e08084395a8e1cda6b8468242bfdbed772031758abcf9ed2d35bd676d161dd5a

SHA512
d9c1caf61c4e0337b15c9519dfa5af72761b44f85ea05dfbc5ddded8b660cb572bcd450a367e643beb4437bce7000b79f9ab0b798ff6db49a6dba4aae3b0c61d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\social-track-digest256.sbstore

Filesize
312B

MD5
8b43d39113c80a060f79bca4cf917e35

SHA1
0b17ca32ccc5c7670c8d51b7c9a88325c80f3490

SHA256
88c6a99c31843bf96caddef9256b0f5ab4e789cb14d921ffe05708db35961be5

SHA512
16111c5b337a4f039c22d35c2736061e6d4eadb7ef781e1be887f9dd02566eb0bca79cd5c5d05ce96dfbe6fba09f5e250fd101d3a8002c553af2f025e0d7bf9e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstore

Filesize
257B

MD5
b4229cdb076df6f4f59a6ef909cd8a66

SHA1
f94f3710660171df83b7bac1ab0e8c0cf997fb33

SHA256
485b156b4c5756577a36d077cd74d1aa62fcbb3158f45c31bea4c64b02d443fb

SHA512
60bc953bfc9d4effcd66a10955140fe18d1329bc2092ac7d165c1d487bcd2dd6120936e44b3b3c4044e0df3a08b29b9bf0eecaab4618b670dc60e2bdc3a3c06f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstore

Filesize
248B

MD5
2cbcc17325808925e52d4da835fe498b

SHA1
9cc989930cbff54e26bef5e309ede3424eb6ac0b

SHA256
0e1911a712c9cde4e411312e8f347c8b3560b19a2b93876d153efaca52f486a5

SHA512
2c8257ed723fab6d1d179db03308f0135955c6ae7af879c6f2ef3ae2b761975e9fd19586e860e94e7038f4477871351a8b93a7dd59662ac07ff3b059eef64e81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstore

Filesize
249B

MD5
0964a62ba48341ebf35698d9be843c20

SHA1
d8600ba6315a263b3fa6c90b9b2220e2f19db7a1

SHA256
32268c5b4bcf04231379bf024615c86d7136c71828009eb350d038fb63f6989a

SHA512
a481e4ed4fca1a85284a2ce6d0730e847c975f7233372ac52ca8a0398f0181c5feeeb42cea61d8398080ae4ab1c821a89d4fcbc52231eed0b078344a0032895c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\ads-track-digest256.vlpset

Filesize
54KB

MD5
64d20d05a5e1dc74631f0b7efeda7ee9

SHA1
567a2116f2a6e7db0306485e64b170e7c8b6e3ae

SHA256
b224780de64479dfe67affae848dff9e838628ccff1d9515cbfc8ee074bd48ff

SHA512
529b682913b709af8eed4fca911224b1b691e94aeccc99951b8c970dfa8a7776f9ff2caf311ddcee44910bd7e3c419fce01cd8f32f41aa781ef3e020569fd3ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\analytics-track-digest256.vlpset

Filesize
12KB

MD5
01c9d44786c5994b56eccfa294d701f5

SHA1
1f1ec326e812ec296f97c675e39c60794920ffbb

SHA256
f3560ed7c826289cfd01f757d3e20273ca261110da70eb32c4d32d3c2e4aa2fc

SHA512
ed6742bd469d7d20bb94e5339f276a6b202706e04c34ad5ceff99549a6632fbcebd7bd5510843c0cc589b508cc80f45ba6bcabeb330d2bdcee9f1ee38f662a03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\base-cryptomining-track-digest256.vlpset

Filesize
2KB

MD5
75030fc0c97997338ab538b7615fd829

SHA1
dac3d0bb59949f922b99e4c0dcc6c705842fd6ad

SHA256
50780f9fd932d7707a4bcb454c7bf031205a22fcefceb5b9cbef3fc43acb9bcc

SHA512
21ad8d76b2a24d5cecc065ba9b5250cfc0f29265e741ece2fc30958662f7f820ebef5db476636cccbe5ed632006ad0fab22c42a05b714cf89a2fd93a89790174

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\base-email-track-digest256.vlpset

Filesize
6KB

MD5
213325f07445a473bc8b8e39ddd01f1a

SHA1
20008e14f24d114deea0193f3d4f41926a1d42a5

SHA256
27dfdce520faff676208952b08a0c4fdeb47eb8b506f69bf5ff2344d2b1b5a8c

SHA512
06ad311be8844db4d42250046aa0b875239ab6c31b5540d056f30ba1ad262eed0baf567717249574b558ddf0e0814f08554dbac4331b08abde7b1293c023342d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\base-fingerprinting-track-digest256.vlpset

Filesize
3KB

MD5
616affa2edda8a3e06dc1b85387d4246

SHA1
432e6e9144cc96cebf9f1b25b169eb0c6973dd44

SHA256
b2e4bb7de736b399f2caffb7274579f46bea111966ecc459ea6a6c02bc2aeb85

SHA512
98294b41e7a6020c2a6623d3b6e7b6f4b93f5545f4aa39470c6f588176d36febe3ff6fed102e215f0da811fd3d8926e81ea670c4d4bd952d62f7cbbd26ff98b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\content-email-track-digest256.vlpset

Filesize
8KB

MD5
af57a9620d86696b2bbffd0b7499e8ec

SHA1
0313dc7c50eb67d5974a95f8ad328e6d418751da

SHA256
ee6ff9bf6173569890e1d04556f5d25799898b3f18b7ac1f5a019d36e5d4e2ec

SHA512
cd5f88a80a0be1bbbb2b90b052df13dc6b2398e09eb4f20d613f81b86873701e959a2c33105730e338c693ceb1fe51c0e3f92b7df158c754e2f17c97a4c1db9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\content-track-digest256.vlpset

Filesize
8KB

MD5
68aa5542abf4f84cdf32f68d15ec7d87

SHA1
d19e327117566e16129319bcec12b11db1c42e47

SHA256
e80b6d551b6b93cf01fa2774746bcad9d365f509776659b84835f30e0aca1ca6

SHA512
7679f7a14c2bb7351789d4acb2b8edaea2c4f613f70492577d2c91afb71574087088c27727dfe0765cebd19dcefd0738234f64bff242a75948c61e066e37baaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google-trackwhite-digest256.vlpset

Filesize
1.4MB

MD5
c0e1ac752cb716038a8245aa68af4c1f

SHA1
52152c6f058aab68f996311e424dd30341200fdf

SHA256
e448d98c433f007a572960b5a956b474528893020773110d6921767becfd3837

SHA512
a44670bb0e64bbc28bb647716e000405688cdcf62b841619fb00307b29163d9477c79260485d0a7675bc0f943fa343ac01d2225baf01b27ec098e2e2354b1150

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-badbinurl-proto.metadata

Filesize
67B

MD5
24a30858a60fa746e4c4d9fd6d2dacb3

SHA1
3a187859c916561efb94718209f69f8a54e8fd11

SHA256
471335f55933ee17c3528ca75690a7986b4701f28d564ffd989bfc0a5cc07920

SHA512
fa5e5d20251541f40efc0cd7ef705e94e6d22d9784953e554d513b50a8e82c8f1bb15e5f34a747ebe80297a28d143b152c407d8220d76ef604e20fd9ac498164

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-badbinurl-proto.vlpset

Filesize
574KB

MD5
7926a43b13650c42ccdddc4dff79b6f1

SHA1
99e5605c73e0184f19cffa03709848266716ab79

SHA256
79c6b9f1da38eee4840f9372ed65bf5c4df97ec8cd4527e55d1302867cc0a22a

SHA512
a592a38811ce30e1e5316935d2a8e67efd4996a7f7d7587689acf3bb0b61838a467d7a437b49a3508eff7c4a58d2a6404e89fc9576bc57470c64465f47eb87c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-downloadwhite-proto.metadata

Filesize
65B

MD5
639209d63c098e7d0ee9724761db96bf

SHA1
06341fc444c932cfe5bdb617b3e1a42ca3c79de5

SHA256
a81ed422102ed48c21fe46c5696dcfd66e289c88de2d4517e998a4f82c18ca43

SHA512
1267752a449c7d40bcd3db7f2c743d2599ce78b1d3279ef1b382d8067c95b23aca2f37ef6ac04030162c9c2b14ca92ea73d0a9676a0d9c153f7dee6768053e81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-downloadwhite-proto.vlpset

Filesize
36KB

MD5
cf3989ada19750f5bbd46bc8adaffb7a

SHA1
0708f2ecb06362eaac117090e4c8be323922ef03

SHA256
c9c80d8b5b9464fd22e1c8b84bb80792fcfe69fa56f52f7b491e7fcb6da6c8f4

SHA512
90e9d108a2a645dc1b97a26c225695c1db7572e94f88e952e122b44731ba5cc59882ee97f3f2e0489ada295942212f13436aca56612a6fe5faf5284fb3ae02fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-malware-proto.metadata

Filesize
67B

MD5
3e7b839356c50d98fb0361f8c02ee396

SHA1
00dedd4a5f53016ce5f2bc266c400939f7251d76

SHA256
489e2762dbbed7ef271b00a949cbfcc2bc8b8434f42baec0ac35d541c4310231

SHA512
c4b2c2ed21b176f4ab8a1430b76213abfe6217e8ead09fbabb64f1fe7dbefed044ba23a33927fe81adac98e47708a7456f08efeab600fdb0d808f3f2925f4b94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-malware-proto.vlpset

Filesize
269KB

MD5
dfed64869dbe81783e791aa392400bad

SHA1
82f296e7521bdb9b6ee55693d1134c0697f844cd

SHA256
1d86cd3d8f1412237bdf812770e5e63216e20d05dfb05c47b1a7663ceae77f4c

SHA512
3f5d208b490ad2074d4054b09a3864d713e8ef957a526e53a327f3df6639b5c264c4a60e344605d02163e9867146f6aadba5a5c1cb1958489f2d4a640677365a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-phish-proto.metadata

Filesize
67B

MD5
ff500546a8084e91bab4760116621982

SHA1
a3f1c01b4051d653a7d8d051004adf240502479a

SHA256
725fe9468679561b20987145487488796f152726d95279ba7afe2cf9aaeb78ab

SHA512
df306415fff21b100c0b43545a20368a07f73a7e27f2b874ac48278a851b52009a42c675818d6d9e464a7237a5e504efe2ab152095fd8e2c769dfc8f9bf9cc4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-phish-proto.vlpset

Filesize
8.8MB

MD5
6ae751f02521d82d65e610e15bd5ede2

SHA1
5406cebcd218889f595c0be2debd9beaf780af47

SHA256
20f81322fb03dabee9826845f2f3837d2683dc50ed1eebe1ad5fb9389d11c18d

SHA512
6e8ffbcd671ef9d135e6fc0bf95087eb16cdc0f80bf88fa12ac1e634dfbac11c48c6b83f6d6d14874b724e2e6cd81ddfa6eab5a389543c099aaf2c5ed4922778

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-unwanted-proto.metadata

Filesize
67B

MD5
c00751dee71e475af31fe7de059cdda5

SHA1
8b51189e319505233b87004c35f9d9498d2c959f

SHA256
e569ce082909811bcad618eb6dde20ec5f037e5520de6e159c31fcc49f141daf

SHA512
a556b370dcc215b737671bb1771e076516eb7e5c04e62aa72ee8b05ee1174760ee2bb7e3629e95673169935c8d10db215a86e50153ad39713688cb04c8e837fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\google4\goog-unwanted-proto.vlpset

Filesize
125KB

MD5
6419c1c4b354131fe347b822cc23c03d

SHA1
79d55ae742f99a4a4c85c7243a7f9ce6f6b09b7c

SHA256
1be02c788d04044ca1cf7c529ef6cbfeae648cc44773c3f47217ae65312bff32

SHA512
8ae34a6bddbe4c56d0f1bb7b304bd7c8e498b454e73bd2a23dc3ce8d481dba264f10b0fa924385d06726351726ccb3db1ca38dfe12c30a4361d968ef141c86f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\mozstd-trackwhite-digest256.vlpset

Filesize
290KB

MD5
41fae052da51d99364071f405c6c003e

SHA1
04c88b9e06fd189859e283d0e8f945ccec7272db

SHA256
32fd3723664e71d8b405ff333c9140dc5cd221b7d20572255a41609a95001db6

SHA512
a47ef3facfd5ec05e8579ad1759b131eb2b53f55e47daaf7924d11d26c2b5867b489b0fc510245f13e960e7485ee1ed3080e1747033ced720485a716c119282b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\social-track-digest256.vlpset

Filesize
2KB

MD5
724e72a447fe71f26bf2d238b74ae4fc

SHA1
f523d76ca8dc7cc125572e3d72b142de0ab3b387

SHA256
239eed59fd36f00c99db1e31a50aa8b0151e4c9a10c73b2eda66c7370c591e60

SHA512
dca33c41afba5474411fb3f5e0a1b59aff4268613ac04c9ac9eda1a9c6dc705de300a9b8343dc7aec4f1cdf2dced5e6ffc8c48485f3554fd4497f7dcda4442a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset

Filesize
485B

MD5
daaa03bd7519da1744f99811880c2e54

SHA1
3712d23c4138e87c8213678d0047968f6539eeb4

SHA256
3de18607bf87948b854949674e41d74373a8f8def1fd4e84b33a61bab84de49f

SHA512
cd65857f2f7c8f967050671b91ac85b7497fc2887332a5f289ec747ae228e4658d1b8b6f0f856b47a5d2d8346436000370fa85af9038e1870dec32ac62af34e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\social-tracking-protection-linkedin-digest256.vlpset

Filesize
165B

MD5
530d70dc8f251c579d059f5b1b73fa9b

SHA1
78b2a695f8741ed92e534ed431494d1adc566de6

SHA256
db7ec6c7001da7cc14c7814fcf8ccb76f689d20adba407d0a2b90febe1260863

SHA512
3e69371ec0801f952072ba0bca007b6e433eb744fd2aa8228d5ae0a0ed11943eb6bb035e44d05a013803eee063740fd34fa02a5bec18ef5175ae2472734f8148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\safebrowsing\social-tracking-protection-twitter-digest256.vlpset

Filesize
293B

MD5
8347e3838b3f176a0c4f78364fccbecc

SHA1
d68d4ff0bd768fb685bbeafe39187110c6ffb32e

SHA256
510dd943627bc1e62bd8d6c01ff3b448934813084c00390d33c9e60772bb529c

SHA512
41d7235a324bf27bea6cbb31271f20b132ceba2e6fb5a3f9acca132ac12771237b77acc7f5dcb8e11571beee1d7d6315ac1723476cf4c0bc3cb01307e8b22e1c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.fun

Filesize
8KB

MD5
f22599af9343cac74a6c5412104d748c

SHA1
e2ac4c57fa38f9d99f3d38c2f6582b4334331df5

SHA256
36537e56d60910ab6aa548e64ca4adafdcabde9d60739013993e12ba061dfd65

SHA512
5c8afc025e1d8342d93b7842dc7ef22eca61085857a80a08ba9b3f156ee3b814606bb32bc244bd525a7913e7915bdf3a86771d39577f4a1176ade04dc381c6d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\BroadcastMsg_1728302781.txt.fun

Filesize
16B

MD5
8ebcc5ca5ac09a09376801ecdd6f3792

SHA1
81187142b138e0245d5d0bc511f7c46c30df3e14

SHA256
619e246fc0ac11320ff9e322a979948d949494b0c18217f4d794e1b398818880

SHA512
cec50bfc6ad2f57f16da99459f40f2d424c6d5691685fa1053284f46c8c8c8a975d7bcb1f3521c4f3fbdc310cf4714e29404aa23be6021e2e267c97b090dc650

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8M96XIGBLTYN36W975NX.temp

Filesize
7KB

MD5
28ea9d44db565699b6b3f26076685019

SHA1
4d54fccc317241e84886acad25387a075c829160

SHA256
6d9f34e8226b9d7ebf3f43941e06773f00487ede468616f77a9da4c962fe7a22

SHA512
8ede08d1caede29f50855406ee722bb4ced4f0c11dea166806633986d757827ce67a96023ce888cd877f1a14c137e78c8bd22ad2a775329c737bdb60dcd2dd20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\AlternateServices.bin

Filesize
7KB

MD5
f52cd9c0b40dcfacc1e8a75f4abab340

SHA1
f314a39d482a283ab8c150f44b1ef0d8e9ee0637

SHA256
12b45705fc6a89d0af0194c518e03a9101a641a9fd01565204cf308c282d36bf

SHA512
dd21e3eb0b7bb66275ff2a9861cc8b49cfcfd718e34ac5ca6c31966b293cc2115c1162a41be9a23d09504f817ecc662c91054240cb7bfbcd3c95c26075cbe06c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\addons.json

Filesize
24B

MD5
3088f0272d29faa42ed452c5e8120b08

SHA1
c72aa542ef60afa3df5dfe1f9fcc06c0b135be23

SHA256
d587cec944023447dc91bc5f71e2291711ba5add337464837909a26f34bc5a06

SHA512
b662414edd6def8589304904263584847586ecca0b0e6296fb3adb2192d92fb48697c99bd27c4375d192150e3f99102702af2391117fff50a9763c74c193d798

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\bookmarkbackups\bookmarks-2024-10-16_11_HqHz5fhuf3bPXr744nsEAg==.jsonlz4

Filesize
998B

MD5
a1992523a27b3f65bcf577742be2c5d8

SHA1
c20013067a013b3022da8653587d8bf8e3b70065

SHA256
66bcafc875b286cff7e4e6ae5f9bc2352557a03753489a189af156d25d011188

SHA512
e4eda6e5c02425e0bf2ebdc9d13ebcd67f8e4d41cc9d4b16e60b514c9830e165f4f6cecded34de9d0eb0cd773ff52c744b9c55e351372b43ea05eaf12b92c33a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\cert9.db.fun

Filesize
224KB

MD5
f03995270550d2d23d739fede11fe6f9

SHA1
9c283fdff1076002d25ccac43c898c6b751971a3

SHA256
631702eabbcca9f02bd472b9a4154e13df0447a3263bfe855b00e4e6a184f23e

SHA512
f49cc9458accad2b754343b946d1a65173700da2f80aa70e265d66bcfac38d830f260d81a4f7155f2bc8c5bc4411d4ba2e2bde2b3a617d84e038205f11b8b5da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
280B

MD5
24da6f26e25171c3012fc01d38ff95f3

SHA1
b25867a42dc30eeeb147c641d579f01663100432

SHA256
22b1604e3efd4c10298f1b428a3da791598215964264cd0fbfc9506a408689f1

SHA512
fe358d184fbc0aafd5317c301877413f32a9289bcba9a7b9b17302d5b84ee4ef86deffc04f5e3a0d30383e6802ef6dc41b939e74662086c9be0202ab4704a5f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\deletion_request\831b5e3e-47f6-4594-8c61-2032b1662472

Filesize
575B

MD5
f4415ea1253415086a47299bf97165c4

SHA1
15500c927a0c50b20498480339feb30143d492eb

SHA256
d01c8a9b44da1536c9a360e535766ab5b9e28a2ddd67985207619f7e9e18ca16

SHA512
882cc13d8d3e72e3dce9ce06595f248ec38b3e51c264e2f745eadbe714c264fa28b091d38615465a49d800ba0652ca5327b113ca759246185b3065b4cac36640

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\extensions.json

Filesize
37KB

MD5
432611d3d75b590960078defcc96a091

SHA1
5930588166d3be39a89a6e0ac0a6dc75c373d920

SHA256
24d489f1361a43dff5e370ac237a3db4101830990b7d384e8bec699b87a0e5c8

SHA512
3bc9f686e612e6f9b6037e87214dae24950f241dde007025885e5ad89e7d6b84740dea15cb18a5ebc8b1b16cbe0317171bf2e384e9fd0270788c73962a62cd45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\key4.db

Filesize
288KB

MD5
33d987790f50f86d2071419f1a3549e5

SHA1
e63d4e2d468d88219de5c4c1f688d15e406ebd5a

SHA256
17ebfddc9306ffe7dc6a69fcc9eb3ad0c23489bccd792d892458c8c861c38db7

SHA512
43efd12b69770b3b43952f75bb8d72d1697d239e0353fda83c648daff6600a282427b6a741fb3569e8e6eaf450e0f36979c201b5d4f43178273c5677856cf240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\key4.db.fun

Filesize
288KB

MD5
e73c7c3b2e3189a2491fea8fa807145f

SHA1
50bc761bb7161f011d33437e13409d9b9bc89c96

SHA256
e65aa62658e93ebda296723f959bf6371044fee506193c4ea7cce219c448b66c

SHA512
802085acaae00f7b91cc5c03f29efc21c2112e02a8ccef1a0d1b6a2ed7246beefd5ef95dede7a320c67e8b611b535c6676a3b5a7ea00705ea6d43795da013eeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\pkcs11.txt.fun

Filesize
528B

MD5
66b6d54d2552e2c76525dd3e3a93df1b

SHA1
fafcaffac0ebf0a7257aa78bed6a0e94665d9229

SHA256
8d59348d576b9f531ca49203c948a78b5d6d13e24bbe744efeabc6578fa131dc

SHA512
6c34716202a54ff8e2565661c8f9a3d699951b860c5edda9bdfb5dc9d24ece8218d12a91080fbd82f2e8bb1201b9eac8f63c1ef02d4d151bce56631b1690d73b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
17KB

MD5
2cfa1263a3e540f80e8aa7eccbfdac28

SHA1
f2b9d948eb2cc1d9d6edc58c70638946d53880fa

SHA256
92c77e93d189aea1367a8fc4694c47522e77e84800da047e8877af2cff91089d

SHA512
184efb2737da0c7655ddf941f722d4f3cd386248c3616b054b0fded7de6ef4972d9819f5f5e0e54c773537fbaf14906457de22488380022baea32bfc552a1188

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
17KB

MD5
24d171fca99ccb602d4afa7b349e2938

SHA1
bab2772a2c3ebb069b894af8647c29eb5ab5c714

SHA256
61015b94dcf957b85fd7bd9c9de4136034377c45327d7731aefc6f3da7eb4de2

SHA512
d4e2c7078f7d39f8a89b462f2b957a8ee4915d69c652969d9da0306d66c254e4276e23ddff7ecc3b8ddc7bbb2ba996554adb5ac52d4329e80d2d67fcba99741b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
11KB

MD5
176aa6124cb2af176161162a78066ecb

SHA1
e33ce9ed5362f448ba480bd7d265ba30045f5636

SHA256
27b3061a12548b7eaf7fc516b13cdb88aee5abb21dadaf1c4854a3c97495448e

SHA512
586414b8a8165a871bafa3731d2fe40dd5267da59e5b0761dc1ba21ac0857a7a86ce1bacef212a1bc42e0034dc1b94ba3065feda6a8422fb87377bd64249e689

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
11KB

MD5
8f030f06aedbb977cbd4e72c482afef0

SHA1
a3e1319c3f2a2d1c71f6210b56bb475c449101f7

SHA256
7dc07b778cd374bbf0d77f7652b1a86662b89d91e6c419316d2447820fdc07ba

SHA512
c3a8563a1c4041bcd467104fe77531a57510eee0552aed06933c6bf75931e53f6e59abc0bb2d87edc2557ce5836be9113bb5d2396fe6a22abf27f7e6af4e9ee2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
12KB

MD5
1de615313fd71c62d7abb46f2bae1b92

SHA1
7b9232125c962a9a886cd3ffc97a251e9188358d

SHA256
47fc29f82628ed2c9ce7489ca13d6032e313ac521eb21e048ef225b78bfb9719

SHA512
f20be9b9d5be2cb2dbb64dbe9cb78393163d32dae3ef96117fd751c60affd2e92f7a9fe58e8cb5649aa1c11427bbb0dae4357b8db76f872c06d0d6dcf7c42103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
1KB

MD5
c63a4f990930851a1a6f9c42caf2c7bb

SHA1
a0e12a326b926bb0a8d29279b0e5bbc7f05adbe2

SHA256
894ac3ec56acf0fc0c0305856629a760ee1edf1288b4824eb94b7eef8a49f25a

SHA512
8b4392d98e00ffd19cf0d287a41a959e110ef87eaa9c790ae67b45fa0e0f1881a01975b5f9d0b2748095fe68d216670fd32d8be56b627adfa9a6f7f3fa8b6676

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js.fun

Filesize
10KB

MD5
f9e5a9192472e2701f0e3d6bb21bb4f0

SHA1
1c3943d8dc17ef06c0a9e4771f805172a8425946

SHA256
aab0fbf2f23664bbc50cde8a080c862eef68d2c1475ebba1b60f38ef3ce01be6

SHA512
25b80a8fa18d5b53bca056b3a3eb1167989f70dda4953eb6807e64f5f35389f3fdefc6c265d09563790bc4d0408ff4fb6623c338d8a92086c2f4a55a10e6d945

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
d59308bd9f729b3b3b3e69e1c92c82cb

SHA1
e6cde6b212d01e91b9199a0e5ddc732a67efa34c

SHA256
f87a5e251cefcba72a287ee0405c914067484cf2fc79fb552bdbb2b7b78c8397

SHA512
d597d4b771aeb997b38d3071ce67b3bc1be0f7b5b65e9a929010dc11b80814852053bab19710ba7e7d243fb153e8378875f27620a1498560a4c6a5b60313197c

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
74B

MD5
a1630abd0ccac13420601553b7654baa

SHA1
abafc4180be23436bb8ddfc8eb2b6a534deeb628

SHA256
26b10ab6c79ebd53d22c62fcd946712029603176473ba422d0960d668feea9b5

SHA512
b806d425d893e0f510a48b97a02a54c50b9143d8289550db708f2e84f3ae9b743a4c11ee9f03d2ee947ecb43db754544756a63127e0760bbdca2772ea3be7abf

Download Submit
C:\Users\Admin\Downloads\jigsaw (1):Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\jigsaw:Zone.Identifier

Filesize
654B

MD5
86ad91e2c2218762441c8cd64ec33b8d

SHA1
29ab58da2af3cfa935b1711407014190c32ea3d3

SHA256
4e834b7494f9e48395c94de0e6e04f6abd958376adb875b98aefe97a44be0143

SHA512
5731ed575b19f714e93e6e87b71b171ed0c4063c8b93cb8eeac65a998caa89cb2c4fad0edb4e8bc2bd7a80dbf68ae2eea61b85e765141663b704421702fb7fe8

Download Submit
\??\pipe\crashpad_1204_TZNFUMFIVYKWZXYB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2868-5-0x000000001BEA0000-0x000000001BF3C000-memory.dmp

Filesize
624KB

Download
memory/2868-2-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/2868-0-0x00007FF9201E5000-0x00007FF9201E6000-memory.dmp

Filesize
4KB

Download
memory/2868-3-0x0000000001890000-0x00000000018C8000-memory.dmp

Filesize
224KB

Download
memory/2868-4-0x000000001C440000-0x000000001C90E000-memory.dmp

Filesize
4.8MB

Download
memory/2868-1-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/2868-19-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/4832-1527-0x00007FF91CC60000-0x00007FF91CD43000-memory.dmp

Filesize
908KB

Download
memory/4832-1540-0x00007FF91C8D0000-0x00007FF91C97B000-memory.dmp

Filesize
684KB

Download
memory/4832-1514-0x00007FF72DF10000-0x00007FF72E008000-memory.dmp

Filesize
992KB

Download
memory/4832-1520-0x00007FF92D450000-0x00007FF92D47B000-memory.dmp

Filesize
172KB

Download
memory/4832-1519-0x00007FF931110000-0x00007FF931132000-memory.dmp

Filesize
136KB

Download
memory/4832-1518-0x00007FF935F70000-0x00007FF935F89000-memory.dmp

Filesize
100KB

Download
memory/4832-1517-0x00007FF9373B0000-0x00007FF9373C1000-memory.dmp

Filesize
68KB

Download
memory/4832-1521-0x00007FF91D0E0000-0x00007FF91D470000-memory.dmp

Filesize
3.6MB

Download
memory/4832-1524-0x00007FF91E480000-0x00007FF91E552000-memory.dmp

Filesize
840KB

Download
memory/4832-1516-0x00007FF91D6A0000-0x00007FF91D956000-memory.dmp

Filesize
2.7MB

Download
memory/4832-1531-0x00007FF926440000-0x00007FF926466000-memory.dmp

Filesize
152KB

Download
memory/4832-1535-0x00007FF9265A0000-0x00007FF9265B1000-memory.dmp

Filesize
68KB

Download
memory/4832-1534-0x00007FF930C80000-0x00007FF930C91000-memory.dmp

Filesize
68KB

Download
memory/4832-1536-0x00007FF91CA50000-0x00007FF91CC5B000-memory.dmp

Filesize
2.0MB

Download
memory/4832-1562-0x00007FF936060000-0x00007FF936094000-memory.dmp

Filesize
208KB

Download
memory/4832-1542-0x00007FF91DA30000-0x00007FF91DA42000-memory.dmp

Filesize
72KB

Download
memory/4832-1561-0x00007FF72DF10000-0x00007FF72E008000-memory.dmp

Filesize
992KB

Download
memory/4832-1543-0x00007FF91C8B0000-0x00007FF91C8C1000-memory.dmp

Filesize
68KB

Download
memory/4832-1544-0x00007FF9151E0000-0x00007FF915425000-memory.dmp

Filesize
2.3MB

Download
memory/4832-1515-0x00007FF936060000-0x00007FF936094000-memory.dmp

Filesize
208KB

Download
memory/4832-1541-0x00007FF926420000-0x00007FF92643B000-memory.dmp

Filesize
108KB

Download
memory/4832-1539-0x00007FF91C980000-0x00007FF91C9A5000-memory.dmp

Filesize
148KB

Download
memory/4832-1538-0x00007FF91DA50000-0x00007FF91DA9F000-memory.dmp

Filesize
316KB

Download
memory/4832-1537-0x00007FF91C9B0000-0x00007FF91CA48000-memory.dmp

Filesize
608KB

Download
memory/4832-1533-0x00007FF930DC0000-0x00007FF930DDA000-memory.dmp

Filesize
104KB

Download
memory/4832-1532-0x00007FF9209C0000-0x00007FF9209ED000-memory.dmp

Filesize
180KB

Download
memory/4832-1530-0x00007FF931000000-0x00007FF931018000-memory.dmp

Filesize
96KB

Download
memory/4832-1529-0x00007FF92D420000-0x00007FF92D44F000-memory.dmp

Filesize
188KB

Download
memory/4832-1525-0x00007FF91CE40000-0x00007FF91D0D6000-memory.dmp

Filesize
2.6MB

Download
memory/4832-1528-0x00007FF92D3A0000-0x00007FF92D3E1000-memory.dmp

Filesize
260KB

Download
memory/4832-1523-0x00007FF931230000-0x00007FF931241000-memory.dmp

Filesize
68KB

Download
memory/4832-1522-0x00007FF934CF0000-0x00007FF934D04000-memory.dmp

Filesize
80KB

Download
memory/4832-1526-0x00007FF91CD50000-0x00007FF91CE38000-memory.dmp

Filesize
928KB

Download
memory/4832-1563-0x00007FF91D6A0000-0x00007FF91D956000-memory.dmp

Filesize
2.7MB

Download
memory/6128-21-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/6128-20-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/6128-22-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/6128-23-0x00007FF91FF30000-0x00007FF9208D1000-memory.dmp

Filesize
9.6MB

Download
memory/6128-24-0x000000001B6C0000-0x000000001B6C8000-memory.dmp

Filesize
32KB

Download