hxxps://files[.]multimc[.]org/downloads/mmc-develop-win32[.]zip

Resubmissions

17-12-2024 13:27

241217-qqcy4s1mhk 10

17-12-2024 13:19

241217-qkp2gsznft 7

17-12-2024 13:14

241217-qgv4bsznat 7

17-12-2024 13:06

241217-qb3k8azlh1 4

Analysis

max time kernel
300s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
17-12-2024 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://files.multimc.org/downloads/mmc-develop-win32.zip

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MultiMC.exe

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133789145478011882"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\mmc-develop-win32.zip:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
824	MultiMC.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
824	MultiMC.exe
824	MultiMC.exe
852	chrome.exe
852	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
824	MultiMC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeDebugPrivilege	4712	firefox.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe
Token: SeShutdownPrivilege	852	chrome.exe
Token: SeCreatePagefilePrivilege	852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
852	chrome.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe
4916	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
4712	firefox.exe
824	MultiMC.exe
824	MultiMC.exe
824	MultiMC.exe
4916	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 2908 wrote to memory of 4712	2908	firefox.exe	77
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 5100	4712	firefox.exe	78
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79
PID 4712 wrote to memory of 2776	4712	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://files.multimc.org/downloads/mmc-develop-win32.zip"
1⤵
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://files.multimc.org/downloads/mmc-develop-win32.zip
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4c2f811-1d78-4888-b854-f32cd552f110} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" gpu
    3⤵
    PID:5100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {234a0d8b-0edc-4715-8b8b-6910bb62cbb2} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" socket
    3⤵
    - Checks processor information in registry
    PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2916 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3164 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11312582-cade-4e04-90fa-02e633a7cb78} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:1580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 2 -isForBrowser -prefsHandle 3784 -prefMapHandle 3780 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03e936d2-45e0-4961-8ff4-e6a5990eb98e} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4824 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f839dd75-546d-4fb9-9e21-4a3273985849} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" utility
    3⤵
    - Checks processor information in registry
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 3 -isForBrowser -prefsHandle 5700 -prefMapHandle 5824 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13524021-6c49-4422-a654-6e99f9aa82ac} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:1216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5944 -prefMapHandle 5948 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9eb057-bd04-4629-ac7c-40aa95e84945} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6112 -childID 5 -isForBrowser -prefsHandle 6120 -prefMapHandle 6124 -prefsLen 27172 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {928e6c08-6535-4830-8ec9-b52d487a0e89} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3116 -childID 6 -isForBrowser -prefsHandle 3264 -prefMapHandle 3024 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1312 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {057f8b44-fc97-489d-8059-91405f5559f5} 4712 "\\.\pipe\gecko-crash-server-pipe.4712" tab
    3⤵
    PID:2080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:4324
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Checks processor information in registry
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:4916
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1824 -parentBuildID 20240401114208 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda5f798-aec0-42a3-9ce3-557efd015e59} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" gpu
        5⤵
        
        PID:1212
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2172 -parentBuildID 20240401114208 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d553be7d-c124-4639-8a8b-6f9fa6c7ea4e} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" socket
        5⤵
        
        PID:5944
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3296 -prefsLen 25630 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68d33212-a103-4797-b20b-320d7f4893b1} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:3656
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 2 -isForBrowser -prefsHandle 3824 -prefMapHandle 3776 -prefsLen 26497 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8214638-0d14-4f85-ae34-ace80a370497} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:2848
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1320 -childID 3 -isForBrowser -prefsHandle 4176 -prefMapHandle 4204 -prefsLen 27775 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e61e80e-6c02-44ce-b27d-6b2ec5d44d9d} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:3740
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5104 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2984 -prefMapHandle 3180 -prefsLen 34376 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {457326f5-8da1-4e8f-b5fd-8ba89fad0904} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" utility
        5⤵
        Checks processor information in registry
        
        PID:248
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -parentBuildID 20240401114208 -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 34636 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a23370cd-6286-4af7-98ff-a63a0e5d5237} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" rdd
        5⤵
        
        PID:4392
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 3588 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d27b6d-6597-4b5e-becb-621c7090cb1d} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:4892
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 5 -isForBrowser -prefsHandle 5788 -prefMapHandle 5792 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fd83672-3b77-4ed1-981e-f59785ff1ac0} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:2072
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 6 -isForBrowser -prefsHandle 6040 -prefMapHandle 6036 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a70ce6b7-540f-44fb-95b4-be4103dd9d51} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:5172
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6240 -childID 7 -isForBrowser -prefsHandle 6252 -prefMapHandle 6248 -prefsLen 32804 -prefMapSize 241207 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22b4d2b-1def-4a22-915d-51fa91ad18aa} 4916 "\\.\pipe\gecko-crash-server-pipe.4916" tab
        5⤵
        
        PID:2652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:904

C:\Users\Admin\Downloads\mmc-develop-win32\MultiMC\MultiMC.exe
"C:\Users\Admin\Downloads\mmc-develop-win32\MultiMC\MultiMC.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:824
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:4932
- C:\Program Files\Java\jdk-1.8\bin\javaw.exe
  "C:\Program Files\Java\jdk-1.8\bin\javaw.exe" -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:2152
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:5072
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe
  javaw -Xms512m -Xmx1024m -jar C:/Users/Admin/Downloads/mmc-develop-win32/MultiMC/jars/JavaCheck.jar
  2⤵
  PID:5988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9df3cc40,0x7ffa9df3cc4c,0x7ffa9df3cc58
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4588,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4272,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4280 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4452,i,1417090676882633908,993837449940748037,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9df3cc40,0x7ffa9df3cc4c,0x7ffa9df3cc58
  2⤵
  PID:5856

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
883205c8c72a59af010552ad311f62e7

SHA1
626dbb16469339df3aecc88ece281291d1c9462a

SHA256
56028dc10510be6f9b2bc236fe26c790d3f3a851aa8a4420cb3bb74499d84c3a

SHA512
604ae32d8e37304b0b9735c225c5d50451796eea2526cc6c44b1d36a2af841d1733606c4797fd56a01f22922ad0094bbd7616262abf109e50ce332d916c444ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
181d0343cdb10d4cf068d80f989eab90

SHA1
39e3eab5d11e14460a8e2f66c62d244dd70fb033

SHA256
c8c2eebf9e2c667723898511bee143b780d8a99ed4c1b55f429bec35b22b78cd

SHA512
8005d5f336f3d139810a09cc644e95204cb98e4bfa87ffccd3145ac18b9050ed0150569f8a4440cb1c8af9c9eb2cb722c53c04af44136242da53b0cac92c87ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3a4ecd1a325950682041794c486bc55a

SHA1
0e697d47671c386a5849e93967f870bd9c759480

SHA256
6e52e9fcd41d62c02b6fa105b6d5319fa36e9ace7474b4972e9e5938063e53ab

SHA512
a99f2457df7902c67d9515af0489f7ff068507de648152cde1902b1e0658d70bff756a347659385a4183c2ff5dc492043dc76d6912acac16f4e83fa45a6d8741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
95f1ad2dd0f91fd7ad6cb4827e1a4b9f

SHA1
e31a2fc29c6fb2da2e1dfa51915998ee3bad173a

SHA256
39e598297f8273d73435391be88455b8370b5e986fa26abbdb3c28e0aa313a80

SHA512
e637b7cc102c30e084146446bef2610d3790d0794cf93c336352823c946ebe0a79645b6965d3a3d85f773226ce3f7bbdfb5b3b75bd555e79b2ed76c6f8a028c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e319efeab3255e837e5226dd49deae02

SHA1
79436fc289b2a9a744e4be2b7c342bc883e1d8bd

SHA256
8694e07f785b8b7b27abcb3fe75d99e8b7ae7932b1f97b27bbe1c948de3f83eb

SHA512
59f6670bfb01c96a7f79af06f4100f09519db3ace59af51a98b16c450c670eddc0d128e78d6215ed3cd180249fb0b62ed96bf068db5e6b808bcad8382732d48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9c408f8698878e8b94d1f2ea1b49819a

SHA1
833512039cdd893fad461520d99c5f3d9db582df

SHA256
682599e24eaa5e366744b8dde21beada2a4ab3bb34e573c5413fd232921013f0

SHA512
9a6979cf7be78183779f749b945088607554b3da8d628708f1a7273d7a5ba3bb5ce94acfa37ca240004e6f07314239898ab65734663201b604fb657b3e869205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
56d6935bab9b67224c209212e173647f

SHA1
e4c875ef396d1c0ba4f9699db14fb73eb8d3c83f

SHA256
ca196f5963e38de78d0b4a2030ac3edba0e3f9e76138cf9afd15ee7cebe6f95b

SHA512
d179ca391d40c4700637056add8522ea7c37334f1c176a3a0cc6b0a8feb6974411d84e59f3318ba3eec5655c0366db3eae479c2bcc37450beeaf502993841fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b776fb0ddc0d95e5154f5f587d89b6c

SHA1
4343d5d446aa61a9413a159f488d92a3beda9a8c

SHA256
9536b9a348ee06f86c5db1244c0b8a5123d3a9f771a891b0b9c49681eebdb6bd

SHA512
1cca00c1386001511ac021f70aa339619529f6dee53a7110f1ae67b8403f5f0c0fcc68e99728eb5707a3e4de2dd885b5a3e376e2b93d510a3a088a7c4613aca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36c10fa6afcea51a0cfb9c23cde38cc7

SHA1
f423427ed4df281bc9b256d1d2840fc25fe4120f

SHA256
3ce45d62c1287bf2f31918d56744c7db50535d1a8089a04bdc6b02ef2dfa03c2

SHA512
71bccd4bcece42472474eea15597cdfdf483afdc7bb4cc114c68264b8c7f6bc60b01bb4bb61159d2adf1c464238f1f0be574253dc8aa81aaeee52a6b41effe99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a99d46e38be978b3dc3decd5be3d3ba

SHA1
2ea563bf09a2721b0f002bac63d009c084cbcfee

SHA256
ac34179b819523c996618aa2f7e2a429613987638c2a04f6b07f3d099d886c94

SHA512
159b592eb437aaddda08ba449cb5402acf6dc39b4a5385c4b5f663a15edfdcb557ff4d83f60868efc6660b4921ca84d566f8b13ea76eac8fddd971ff409a4e25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6eedb1ac97bc6a080c3f0b4d7f8ba48f

SHA1
02f8ee996e83be7729e42b7cfb4120ce14579a9f

SHA256
d57c51aa043cd732ecb3df359864f4ea280b915e222446df5eeab86fa7ab216d

SHA512
d38a16477a29359301cf58b876b5b265af37212e840fe5c814f5d1518b435dd2ad08dd1ad2a47854e1e6abf1db667ff5e5d07132eea8a988a8d06bcbaf03feb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
558b8af87129287d3d7ca82a0f59d3cd

SHA1
08f6c548e6405575d8b6abba3caaba593e226ad2

SHA256
141d4de43333808626dcede256cc4f8a3e4ca160f3f00a79f2aafc15a8959ef5

SHA512
ff16417b31e074ae5627c243d6363af177eb82eac3c03e3785a71342f843e295122c036f3cf360a74e7f2b190204324b4075e370802cf0b81df651f75afe7635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
7b3411581c5df9a6137114b0c43dbbf8

SHA1
72cb8d72be2724c4562619bcc38e0449a4b524b4

SHA256
94694a457bc13f40e9a74cce3ff73aaaee6ca807dcee07ddfa81f5b3be3f1d0c

SHA512
fcc290aa360198a2d9d437f08cdde0a9fb53f9303d2c806048bdfb276ae2da1a8d1c50058ca3540434ab7340a6e5078d92dcfa4cc79654f86092a2f35260b8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
9348e27e76b2c79d9dd871cea5ae7108

SHA1
b6037074654e1ed704dac2cd7e356aeed9f95ffc

SHA256
799e6695ee67d86996cb96895705853031d9d45197342227489111a28b20b45f

SHA512
6c2de7fce93902d0f149d4d95f2d3aa6ec7a033e2fcd695d3057fd54bf6a7fdca91cf9002a245eb929c2f6aaae3e107f5a1100ffeeb667a4152751d34c00ff17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

Filesize
20KB

MD5
122c5b5bf183c443b40317238e326a97

SHA1
161bcb40406a498473494673bc08f4fcf10fa3f2

SHA256
b06270899978aefd67c21f329afd55659c23f2c4a5ff119ef4a6120585571e1b

SHA512
ad2f065c03f9df3109a6dc1aa91b0191253068025b6eb90d30a3cd38c25a54ed6e39d2392869f38d6bc98cc95c66912da6844a8bdd9af24db796e890759f7bd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
791c4df63bd5c65ffd73702991f8b925

SHA1
2489d608f1eec3dba993fd7d7339b50419810c2d

SHA256
e9baa76e56339cf3f013e21b94536f1087e4a6684922bff43b9efb8e5ff020c6

SHA512
f7d8d4606792064b2bc9db45163b27bb5cbffc21a5d751917f3c3fbfa5fba54622d81f0c7e3d8442b6388f287c6de0e72cadfd235ddb7e1af9d0260a3bc3cb47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\0496E33B07BB9340090B6FF9A653DA5443DBD403

Filesize
224KB

MD5
e843172f38ae6427cfe100aaaa4ebf63

SHA1
1610c78ec143969f98b7dc9403946266451e1c75

SHA256
087aff8d96e230600d36883b9b2cbb35dcc48d190799e181245e61fd764ecc82

SHA512
3f10c87c3fb2f861d317b2a6c39ae2ca9db919f359e72d02004abf20cb2522673bc4d37b31acc0e00b5794cf8cb4b2ab2380c8623778fa97526681f03806d68b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\0EA2E1AC3653A248EDE38E975FF2A4ADDA308244

Filesize
480KB

MD5
d34db379e802b559eec5d0f6f9578fa2

SHA1
cb97822470c47970ac938502e65cd92c6d53ae11

SHA256
867c88b99f68bf94ee70655bfc6de34be18dd11947ef2901c2766566ca850152

SHA512
224aa22959bf52b1dc531dc9bed833dc433386a4b9c518d4802d6dffb4105f89332dbb97833c2361a9c5c87e4c5e37a4fa71416d28c64dd9aac4c9303a1591ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\1028C0594A2905A51C9BE4B9198A912DA5F01823

Filesize
49KB

MD5
7e3a8df068653af0c78fce7683bc79de

SHA1
bdb44c5975933263ceabcadf964ba5fb51bc6d54

SHA256
c3a13a0d3567d796e0a7563c0b0c1e6ea362727c83c81b8e7ce7fa31cf6a395c

SHA512
2a195bb2e64deafbb3d2d7ad77e9fced4957c6a1916f708a7996123c88aa8a6c4d186896c6d42a19b0858c3b8135dd2e8a42c54b42485a8bdbe320a0d7d383b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\1CBEC5B9D34CBE344736CB8D5E677789F396244E

Filesize
52KB

MD5
e0b416316d3b190a81675ac81b68a81e

SHA1
70e1e07d8eb7ce7b91056d3597c77d2d1ecc0fed

SHA256
1540734cbb89e51c33aa259a27deefcd8e81e7bc87b259c2737dba6f31985f45

SHA512
455a261ce00db593676efa7d5195438356d960af5e08bdd9333a8a6a5d1f87b9f18c5ff923ca7ca21f9f2f09183cf0a8394c7579a3c03cbe8d13eb37ccccff96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\1CF1EC7867FAF8F0EFF6FB993A5C7848BC9B0342

Filesize
58KB

MD5
50e7c646d47d197dec43fcfbdd1e57af

SHA1
60a937c348744ff77bf7eefa9fd697f50f79182d

SHA256
102a24c42521462e8cae0b16499b134d4718175069360909e0f11a3e00616777

SHA512
6169806fdd7ea231369fdef51258700e04ec1279359fc6ae3430e6a97e8482a1452e9c36d8898ffe45efee454934e7375914f99ab4550ff3299bbb5bf05f3b6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
e43e6143ccd3d3d55e324c94001d64ca

SHA1
c44c85952dae01601c2a57afde14a02cc0fb98cd

SHA256
d732346525465e7387c0af46fc3d8bae994e5e4e41742eeebcd9730d9c618d8d

SHA512
f31f591f351e5a56c69c4512196310c13426e9ea472c17507c1f55bd1f27d70b653fd343c5134427e4c30e28b92a34356abed55cd6ffa3ed653eead793436f36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\8E62FE1C4AC561DFBA4AC7F80730418E5CFDF8B2

Filesize
61KB

MD5
341052cc16564f9d2e5e86ebc0337569

SHA1
195efd664c711915b2be4b023a39464ef9c88625

SHA256
873118d2e633423fca332e816d686ce802f873c2ee9b52e2321aa3bacae153d9

SHA512
54a295ef3f853ffc8fed526b1e3e8fd38d5e7b5b47db2e23dd2a2b22184c31b59a81b465b27e690a3fc23ea1d8bb7099a5ec8cf20dda879b6f1d437b4d649ec2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\startupCache\webext.sc.lz4

Filesize
108KB

MD5
fe5b15e27c296bf688db75d2130ee7f5

SHA1
b48f152d609b963fe2eb03b8b213717fd65abb62

SHA256
40052421a25d398e97b66b3d0eea6445bef0e5a2ea0b79471a136bc10865a318

SHA512
0927744ffc86bd6221b19fc5972db815315ca32a5868efb2e2b9f94bd8d0bf0c527a83d9099e205eda782c822f41420b17b7cb722fa30f28baabf36b5968d882

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir852_258195037\44f2945d-a5b8-4b09-ab3a-ba6cd65a1cd3.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir852_258195037\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
13KB

MD5
489f2e5bfa4e92a60b683b49f91fc31d

SHA1
948bb1396800fe994f8b631961c4db9b3a7c11e4

SHA256
db28e580706e430526ce9d8c41154bf0224f654bc90cbeee5eeb04221be3d2e1

SHA512
63277e5444aeb87e624580ee4a8e04fb2b17c86ff4e229a48949b285d9c01b50203551e8f5dc55f089070999f2c361a09ca4dc5e0e20d821a63aabe211670157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
6KB

MD5
622e15851fb891163314fe4e15d75a73

SHA1
7fdd0770f59ca82a316f22a3237e1043991fd504

SHA256
6a86c35a147ee1d82e66877a0f24d649466457edd9cb065202368ac1419f3347

SHA512
b6617caf931d1ee1d9ffedf4c0a6f788f76fa98c55b6db34d623838edf9a0cad37ffdc2924ee2764dabc3bef75309203853ae7ea7d98f53f659398f3e0a2821e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
7KB

MD5
39fdb5759aa0ff72392f9c67f0ae1ec8

SHA1
4bdac21313a02976f230d82ed4c3f009c38cdc55

SHA256
8dc571f8583680bb662c7a0d24bb7ea1d10d59e6978737b88a51ecd7c05d4681

SHA512
e5db498fe3eb5ade68c7bba2ae408913e34ebd08c358c5a70a3a72e04d890fd01c2a7c6fd7483cdf7e7819365e2a3d3c2efb4f426db7e06733350c51ac43f5ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
10KB

MD5
b05709e8c34704b847d8461c022be896

SHA1
937fe7c3f557fd01fd033139e29080eb0b225725

SHA256
1875160ba0eb905a6007a4d5670f5a409cff8ba006b93a89a5c136d003a2716d

SHA512
b388dfbf39be36207e0acfac8d35228848f7de0696cf51418cb3ea4b3a33137058351c18bb99898f9a6d3cb896d661f20b651d1e847476f5a807ecce4c49544b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
9447bd6ce4c45a23dbb74c1665128257

SHA1
3ebfe7247b812f5b7d52023ad2a7f16c52a092ad

SHA256
02dcdd34ef8a0ea4b26618e382807980ffb1202e30a5733d5aaadf5452b478bb

SHA512
971149c43511857eaa7d4019ad427bfaac0d59a3d11aef2b409931e6c381e2d08416c4e6bb730d91d9f53c74335f912ff4536b4a8ca37ed6cb2218689161e1cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cert9.db

Filesize
224KB

MD5
e29256e641b199c912c67c64b25d5a79

SHA1
667ba7a7e9bc34a20e046a85c9ba9fb13ccfb4c5

SHA256
2df70d6697793bdeda18979ab7ac02ec80d8032bf1a7c2814439fd8aae1af9d6

SHA512
c7fde1af0fe42c540cfdce0ec2e729e8f51990be7eca7ac2538fc4c44e1a85a7b937302ac3ca2564ba3962a62fd249e4ef69399139eab8ce2def3f8c08c7649b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cookies.sqlite

Filesize
512KB

MD5
1c7ea9dfe127fd370d26524a2cd04574

SHA1
2617b299a5151f7f4ea70753bade2d015edf5372

SHA256
dcc7f2d8c32d2117dd20cb59850dd8c1126c768d7572704eec9319d09a0c2e7f

SHA512
00fa684edde84940715721c67af61aee5d6faf5b23224e36f77b922f4cad3793b2f4cc8ca982f68d132549ee9bad5757b0458b45a3ef3ba7f624137784334a55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.bin

Filesize
51KB

MD5
fdfe04d2a4b0ef4068672b0371f52147

SHA1
aa7a605b318817e1a1024db99eae9a82f1d52a38

SHA256
4462b139f04654fdaec0b2ab42f0c439d30a14708763e31f08d6759607cd164b

SHA512
517d401d7654a316d9a9b8f0a0cf4e0e5bf985465b7e135c015d358d3c79a0d4927f954862fe0b0c7ab2d2a29221da3118436d83e96977a77bdd69fb21c11212

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
50ba1fa849924595f1617615f4ba7d03

SHA1
1fcaab34e34a87b767c77dd388989c51ef35c522

SHA256
65ed98648c7e2a13c8a946af92a72fca919fdf7a190a984128fefa5249d8b6fd

SHA512
656ae9fafc5bde0b38785c90a4ac3dfc1059ad6cf1cb91ba7c5da12a9a03f08ca63d4c9c5680e393ff3036fe3cbf676f65cfc309855b1d7ee71b7ad0c461d1ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
18KB

MD5
f8061d0c4d50993b8a2aa26e49519b3b

SHA1
e49db55239518b811db4db66b1568424d33df9b7

SHA256
59b2dbb8b31e03296f057606f5946c4a3f99ca5b35793de42087b02d96911995

SHA512
0a0ea45e81f2b1c469d629e1aff50f81918a91c03a4b120e33c425f73b5b98e794907ec7255ddca3025e13968a2b76b465ad364d84763cbf7a822f08ee9558c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a56d071800eb06d555169a87f33ea67f

SHA1
d97405d4a1b11e7cb3f796123352bafd34162a20

SHA256
042b924b7983ee47c64e55681ead1ae5675b1df6039c86612542cf7e7c1a8b29

SHA512
eb7589cd2be98f22dc2965928b417e0b5fa02ad1217eaff24ef678861c039ea816c9c6955c1cd50f98b5190415c2438631310efdeb3df72414b4f7345a337cc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
84fc4a72c05dbee9a33e79ec5b235731

SHA1
51cf583e3bc4890fa94ef4d81beaa2f3f5752ee3

SHA256
511b2e1f86629fed00a02497e872c42ca4c694fc389fe0557d6adfb22cda51c7

SHA512
3dbde79327d615b39676a954ed5caffe45cc1b915e54e58144e75fdb8fae4fca329c4f87b963b1b643346c573b3b61cd473fc4ab91ab6b67509a159ae7dd107c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\events\pageload

Filesize
241B

MD5
77c88d773d54efdf388f3a4af72834d4

SHA1
e2913ed6ba3ed90cfeec50284f5cc9894d6bfd0c

SHA256
82920b489d1afb5ac103c2eee66fe4ac9718724c4995b8d6f4da5b466495b83f

SHA512
891e3f9282cb9273800feb719d62e3333e5e1668c0d17cdeff374b6c172ca258ad8525aaaf2aa04ef0c7c6961c7cdd22583cd6a174a976380a19fe491b86aea5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\0e266d28-f1e6-4fbb-a6d2-9ca0f0dbb63c

Filesize
756B

MD5
476c5c7f57294cd5c0d0c703ad5b34e5

SHA1
3b7c800718894645291add59840a1856c934007e

SHA256
68884fe542a36c97d1af95f4e15082fafec4c029d3bc947193b8766eda7e9fe5

SHA512
245e45e1402e68c1add94f6d8cc34165817177cc00e1e9d22c9b08f1bda34837ab39c83f3572180a76b041e4ff48d1451fdf22438e2e29a99737eea999e781c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\1782f017-605a-428a-b126-db5c0d293307

Filesize
982B

MD5
f00beabae4ca58dd82eaad92f90de4b3

SHA1
f218dd898c7f6c54dc9c9955d4adfc32a76031e8

SHA256
2e8ff0a80554f0b5a1ef064d3ff3d7e5ab94558be25ee321f0f870b7575b4171

SHA512
6855a86a2f75140757e817a0d5a8e223087ad823719c087a488cf6f604788473752c302e0ae8b1e21bbad4cc058be67b954fc1ffaf0b5189aa5dd8f862229a84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\620bf15b-7cd3-4e82-9066-90f11101da0e

Filesize
24KB

MD5
ffd6b6e2e4507e717b8ac91e0cd4cebe

SHA1
bb5ac603ef863145446a1547e8798c33b5890461

SHA256
ac63bbdb5b227d75de91b87441c8c407ff94e9b4ff196aefd8874335b6be5309

SHA512
4fe732721a2cb194c856a256d7a9af7c04c1e6cbfd73833dcf538d248a56d5bddeb147a100c92722a427d5bfbc540824b0a394912473e32db5bfadcc551ea378

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\9e8b6e6f-0cbc-4bc4-9682-baed60bacad0

Filesize
671B

MD5
9e8490a382eb9be123cbccbe0a97c583

SHA1
71bbbc4d5cc32e2e76de02522a6e0c34f5a199aa

SHA256
6e371b511225d43aba697a06db87ae4640fea3a74ca3796cbd5d4d64d47967b8

SHA512
0bdf7706f1eb0310c30d82a4a5bec41dedf3a500cd4d6e31afd18b6a802630cac1130bd208c378b212f2385736d1671d991afe95ed05f6ea2473658246575419

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\extensions.json

Filesize
37KB

MD5
ee5f42762a7786605c8130865a030877

SHA1
14501adf2bbbdec1b839da7648d6abf2b3ba4b16

SHA256
7cd52f6d134fedd0358722f3fad6c242c6b7ebeba35a8ac02cec4a0d4c1898a7

SHA512
01351079deadb07e52c2a51d67c4107f29a38f85b35c7f04b4a78a6f029a5c5212cc44bb7ec168264fe59258a1fa81c7849e9ae07dc552930f9bc0b2523017e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\favicons.sqlite

Filesize
5.0MB

MD5
ee4b76864b1df8af3b9672c72d898074

SHA1
ed475be35a745f47e8efe414ff8f1cf3b197bd41

SHA256
789625a4abaa67abf7b1ed4b571f0ff4f1eb864610806d83ed99f0ff5f17952f

SHA512
cbd69a60c3a6e3bab941c76999f5c952e67935a20abd9b5afd70449e8748416b5018fbc888cbcff7023b355ed7c94b713fc68e9168a6efff87a6260d59c84408

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\formhistory.sqlite

Filesize
256KB

MD5
2f23c65f4310939ddfe8ec5cea46052a

SHA1
b6a6076b1bcbb3be096a5097d8334a38afd1e4fb

SHA256
7dbe71904ce104d67985bcc4048c2724bfb1f1cf4d007410c9ed6af7677378b0

SHA512
9f5709d04e464fa758103c48de24df9e1f6e22e42e22b3d36bfbb73756cf996c05b71213ac3d1fd553c0eaf7d52f47e5e9795bf76a1db3730c59e32abc17a01b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\permissions.sqlite

Filesize
96KB

MD5
cf8d7c4ff9021f8598ceffeca10e099e

SHA1
9a4f993082bb889fcb81e3ea416574e58a7f895b

SHA256
892c374046e22961f3a0de5608ce209e973b4012a9d3eb51f5fe2ba03fb65ae6

SHA512
4214c1a4f0ec8b5ddc3a07c7084614c2100db776803b73ab3dcafdada94e267b000dfb59cf061ae2cb820de0db6f20bec0497a6e81b3d5cf6d59d175b78822b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\places.sqlite

Filesize
5.0MB

MD5
77e2e091d4ab5229a66be2c6ffc5bdcd

SHA1
3764485d49b00c5383c50acf134a6919025edd03

SHA256
30d12c73d5581eae115caaf4dbde7dc9f8892a55e40c21a08dc48b4461f3e899

SHA512
aeae8743b0a90aedec05402850d9cab391916c1134c795a35d3ad6bd389e6c85350aab28ffdd37ffe7361913db5010643ba25cc48a9d438a6fe94db1646b769a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
11KB

MD5
994fdfdef698c26a86ea745175ecc648

SHA1
e2dfaf5d3dbdcf1c951bc79b22aefb32d8798354

SHA256
f4f3dd9c0a8a951ecb3ac7301a4a48929e668fac5b026c23869206cf5fb46608

SHA512
0a193931ff0e3517d594e9566d9efb2d76328a1fee91bfb5f4917cc527da8882317da6b5fff3a39979719ea976d0449a22ba147c65ac78626f97fe520b19d85e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
878856ce3992d31962914aae7cbc2c6d

SHA1
0fdb6733bafcd71f4e3517807255645919d12150

SHA256
a9f67b646235412ff1f1b856a57eaf9f0af9cf33678eea37e6fa4037fee96062

SHA512
b01f567489c00793be5087fad54d68a112d6fde238f834ca6aac5aea6f4064534d392655abb6899c88a4aaf09ce2fe3e4ae015182b9ff8e5ddf46e822f4511dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
b7e2e78cd2a6c53398aee7dfc35038a8

SHA1
8d12f5df4a93e76a32d173d3ca9ac01f477506fe

SHA256
6e0620ad10c4ab2dc655c087fa7ea14ab55fbede920a2053946119f5c3919ab5

SHA512
3bff44c3983e5f47e2e85b692419a96c8a5d4f55178df9bdb51ab21eed07d087be5d5f83dcf92ccb1e50f88b0a2bb096d5b35017176d27f2a3164fab15df5a24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
12KB

MD5
62ace88aa50d0f0414d1931cb5cc252a

SHA1
eccb72494dd0a343e677ecc8a909bd2abacdf964

SHA256
401e66c127d24575a9b679906c8b2350aa6e4884eeb706aa0c933ce89422dab9

SHA512
83304c840a29439aa1acf3c80dad590ed94c2ff9064789c0f72ee4bd1c9db00a277cee916d6ddc051782c4005978b8734a9db2d1d4c601a42dd05116a7326f82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
443f0304c08cee5c6ab3fe57f6b5067d

SHA1
5d81bd91f088ecc7a5e16db6df68a7e3fcb336d7

SHA256
59e1450eea1eac5ad9890af8453f0bec7f38b62b0a092d4d6fd6451e7c207a33

SHA512
86511c15abd4e8e070910c2cd06164512d19f3e8b887c0b5c3cb679446b7a0e206c8ea3911c460466e4f74d300f28a431c65d7456e4f2c89990f288085634c71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
9d9ae4eec30c55732dc62467bd34dd7c

SHA1
7f37339ba8346a8c28c4fe846a2e65c285202baf

SHA256
a17393064ea284100a0864bf5591612bbe8262491caec0ee041c9ac5edfebfe0

SHA512
3f9e6f6d2b9b98b3b74d3f9075d77375315a7bd7f98f69498d9ca220e38ff959d51f3fffa400803b5c8c91fde9bee22076505887a4919af1f22a8e5d7625aee0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage.sqlite

Filesize
4KB

MD5
7ce5a53d3008b5f6bd54f5990f652a6a

SHA1
c3dc82ecb2f4046b9059e6a33bd49248930f98a0

SHA256
e4f016e374e2e4fb2755cd577a91367957a176c4cf79d3f770ba5f5c07a22b8d

SHA512
b498ce683c4b8e5661619d2d55ae558f24d46289ba1f77963e6b4c89bb0d74e56e483345c757217fc5bc239ffb99a89f829e994485b0709c57ec4df3c4737002

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
52B

MD5
236aca83252e3f5b49801c1e88aeeac3

SHA1
57c2d07a4706769eca3330fc6a699edcb8a8b2e8

SHA256
eea7fe5692bc6a5f7cd6ca2fece5ee321f38cd21218a51491e60ca1a2e3bbf42

SHA512
c33ce0a6de4ac12efa5b3506b4437b8065ed1f2743be2a162019f7e63b59e58baa83bd77dff848afbf8e5450a5cdd58a777d4db14083db6a8bf51ad4306fa8a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
0b750ffe63d911210db266fabf010b25

SHA1
ede3ee240b6f72565a7507a74c49557ac56f8eb8

SHA256
f13fc7863ce5d7885381858ee7e2868ad2eac81748678c24c9d0bcb5747bf53f

SHA512
a03e6eba6026c02ecae9928891207b2aafe7a31f31dfe2e90c744294ffeda3b2d71d72ee0112a15b02685cfaf9cc0062804e1e567fd7e5ed4afb3bb5fb7470d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
0fcc9ca45becfcb1c35ee12471dd7efc

SHA1
caeeb53d8599a54963f63697b92f4a280aab1422

SHA256
1aacce17ed04ab8a3e30fcf89612ac917351e9153af50efddca91c21eacd5444

SHA512
72e234b6522991bc93edf9cdee6e08d91bb4f11f8ea1d9cc06a780aa61161253b32bc07db746e56e911f1dfaef4cf14b95f2132ae4bbea2275be6c9b5ff97853

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
ec65134c4f4be3eaa8ac6bd44b0118d6

SHA1
e9ffb0e348890a3cd705dcdb66fa2242445a4a82

SHA256
bd9b9eb4a09fde0b6b36ebec1df5c92a3e46c53c44394e5fa11240cf44a058f7

SHA512
559c0355cd32e6116776295f7d2e438b6374869a828d6cf8026d03750031e662506296958eacb902be71fc1a735dee690fda28892553d40e3b1f00ba2df4b291

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
77f14ee3c14f9c823eadf6cf0cf53a69

SHA1
c4bb764878c6c443dc692047bfc72cc7a7ad013f

SHA256
76b23ea33fc1a00e1a4a07bd420fa6a94ee21a27e31921d09b338ecfb9d14753

SHA512
8cafea7ee6981f25cc338fd0395e7299c36dfd85a7ac50fc5e96c4943c2c804b8b7308c6c7f591863ce269806cb4eae6640e6cd020975519b1b3723bb7754165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
ca7f3ce8c8ab129f27255856ecb8d14c

SHA1
b355d502ba77a264e843ab4b9e4b48c7ee2cb8c4

SHA256
ed4ab74a3b499fb350f3a9cdfb841f9fdbceb79db1403fecd99c4b33cff89257

SHA512
326d52ddebcf5b3fe2b00ccf5188f7f7bac7f31267e4e9a71ea88ada847f7b64c02097805c5233a24d9dd12eac5d2fe0f469f51a6a20e4884aaef484f465caa7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\targeting.snapshot.json

Filesize
4KB

MD5
bc19cd0e97c72e93636c50d54516fb90

SHA1
0273fd6508e4cf48403daf1649023a584b28785c

SHA256
4d4f3a0140065d93efa50db511eed15569040f94282f08a883ec67458e5a8fb0

SHA512
92ea041504dfe11c0f636fb57dccf3fbce439332aba4d1fec35a56af1160e4f207d4d67ddbb9ae9b1ea9d497c7ac93eb22b2e771fc85d88a347ea537e2329d11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\xulstore.json

Filesize
217B

MD5
4cbdfc4880bec82d84bce21747789706

SHA1
e11d96dba2f23684d3c47e915103fde230293a23

SHA256
09df9aeebf64843204519e11c0c2d42816576965866bac84aa1b0cb58945a910

SHA512
21ba56a3558b1f2e6dc2c2e6f7589d3d2d8371c924e066da961eed61b8423f520c5d1eb0aec3a00fb0032fa398d3cd3051d2f27976fbe5dc2a18777d8c71b456

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\AlternateServices.bin

Filesize
7KB

MD5
5bc8bf77a994dbb48e9f407a8772b817

SHA1
11ddbde611e0f8fd9091a357c8f8e265c6e6f22e

SHA256
f50c6d091aca936fa3c43f64b6f522b72f76ee000ee5c9bcae250ecb03c42dee

SHA512
b6a226a3a676808931f6e62dc4d662ccde22a13a48c1d3986a6a79db3b703cf9f38a9089de49bb068f8fbed9e53152ef64db6442fda79087e7a491aa6579ca36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ee1d5dec8e4d22902d2fc5673ae30a7d

SHA1
c97047f3e9482ddd27d9f3eeee4f6cb886eb3aa5

SHA256
0fa0fe40dea862d3a2d6944c533c62174f4c75db6381b32f3f548fb00c42101a

SHA512
296e3c59882dbb987713e3de072a8823121d7ca5a81da91bae5b19971a8bb922a082bece82cdba961f2fe87f5ef1d55259d642001c2d63a04fb6124883179e17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
04ff2ad67760b16cc7939dbdd819e297

SHA1
28c9c2cadf802a18a66c1809c8d19361a6c4606c

SHA256
786dcdcc92c27bb5157abc4cf87460a5d95fc3dd6b33efc227d3e1dda0c043d1

SHA512
ebd6d03daa97b9b37f8983e4ff7d136644a1392d230a734d29f6cc8ca171d9f7ffaca7bc34d0ed184618663b9f7aaa15d9c1e6ac0683ed046fcd67c0f8f5aa51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0f06125b6d0feca877096bc54c275342

SHA1
bdea69151f7e9ec854c05a8c33676cda12d761ff

SHA256
ca9a4bb8b9296ca236e97e9134f750cda3b75c137b9b51a4256232bd11b83f4a

SHA512
c2bab6c2ef02d3ec9530639e07e6faad2453fac55489e5fc51f88a4b53c49b563500355bccab8603fa196afedae094f42707f446adca448355024b923622ea25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\datareporting\glean\pending_pings\26a89b5a-b2f0-4e1f-920e-adbf558deebd

Filesize
566B

MD5
239e52bf970cab73990daf57fca7c4c0

SHA1
ded1173b21170a621b55c24ce7a850f158f41af1

SHA256
1b7195f976d54122c5c8011093ecfa935e58e3bf8fa1bfd26d3ba3787e983ed4

SHA512
a4ee02a2fd8c4452152d88d9605f9f99b3f06317b9dc72b815428f429cb2af6d01d5a944ddc99dd37c99dc69df5a89f297289c0b6e33abe726a9b83c7292785e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\extensions.json

Filesize
34KB

MD5
2d0e21f1df30f7540e1a36f430f0a53c

SHA1
6d82367b8128296f941a6d12349c622531729dd8

SHA256
7c5455fec02348c3dc1cbd9f2ae861fd4b7814fa63df2715da45b45a19598e2f

SHA512
b552d8303a5ed586ed90183464e09ec763b8c736bb742338af1c52860d9ffe73b827559fdb79944f1e0a864997f4e3ebe768cca39e3be7e9f6b4776a8f3d4d04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\key4.db

Filesize
288KB

MD5
3d1f051f3f4952cad33b86e3e83a4664

SHA1
5d1827be25fe15484e5c730707b7f1bb54f71b6c

SHA256
bba777e1718e8199174369b32bc339afe9f548e3acc972253eb1dd590eee536d

SHA512
0176fa1ec90e3bc90628dc40034b92b8e0e894a14220cacdd0ec8f490a1f1d26ad8ff49cc35d26c650989c37985dca0e18f2e5ea655afdae345e0886aa7874de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\prefs-1.js

Filesize
10KB

MD5
1093c87c537c9412a22d2e2c4b8bfacc

SHA1
6b3ed99492ef1b6f590aa4edd0a4b3007a39ce5b

SHA256
277704618ccad953be23f2124dc9fdc375dcf60882fc98b4e7db526027877015

SHA512
2e6473c75514859f895676704f5adc99a4cb59607dac831c0cb84d56a4b8f47b1e147dc6d009b52b795e2c16661115eab6ec334bd367d1cd9833b8f4a059c4d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\prefs-1.js

Filesize
11KB

MD5
b32c457c4b0109886c2f781d86ddc6c4

SHA1
ebbfc1ea7337e9166602cdf5fc54ceefb14c4cb0

SHA256
471e4be94f801ba62e90899aea4dc7e12286e5780a97061723398e71a0bf8e33

SHA512
7d0c61574d1f248ed1209d0852e64aa854fc489a1abadd39692c6a1d3964c9a4ba293be231830ac430abd6f7945264bfce5d8eb4f9a59941e5d09ad4e6a64237

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\prefs.js

Filesize
2KB

MD5
f37cee696c1c3944185e997822cdf8e7

SHA1
7c03bfaa610b14bf07db9c7d8fe0f8f3314672b5

SHA256
b4dc19593400abc545aac9cd5a02fecd4e98406548af7186157954f5302974b3

SHA512
acacc45da0072ba6a654dc4e169496b0b4098aa632fbe23951e60f232828aa3b4e42325fa8b187920581098f220d7d383060ce2e6d7a72d53051b18a892f92f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\sessionstore-backups\previous.jsonlz4

Filesize
521B

MD5
8d2caf86c4c5cd21aa0303095603cd2f

SHA1
2ea07f6e3d620ec2893d76cb7ba2b019b4ea2a83

SHA256
a1e317d9a9e111b1089680395292174c14e5ac17eb1e114774518f81e5404972

SHA512
f50c1616746e3f8d4db204e1ca6e9d9f11ebd9337aff73f73fa3c7bec896d5cd82096143a41f606ca357c80cc76c1d8429ed691a433b9124030c7a5b360456e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
65f706638b9a2fd394234e3b7cbb0816

SHA1
1c1f3be11b08a91a7072e6d022fce9544510e2f9

SHA256
800257c0eaebf5e77c6c7564e5664e4e27dd47d3c44ffa53ad562ebe9b98b243

SHA512
6e6a17ad2d34f9274ac22b8c1a4a06f04fb1f22f1373edf480e282936708af090545b26d89b0e909a942a4ebabd0091a642a5fc14682678690982d027eda1a64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
344KB

MD5
2c747d383ba59b2fd8e98bf33b8c4885

SHA1
b61e9c367833788f49b0017ee3bbce3895144686

SHA256
579006562f0c8b49fb0c87906b0f9859bf2d50ee87556f26762b97d5be6af46f

SHA512
46eeb5a6b6e1d5037806d947211a26076edabb791b017c64478d5dedbeb210127e7949e499e763bb434f534383a4f6ec224e9b7aa0bf69fd37adee7ab31cc504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\piebrir2.default-release-1734440969273\xulstore.json

Filesize
141B

MD5
7024f51e37c5a76ded1584389944e871

SHA1
0c71c385f2e5a161a786950b52b057fb4f765811

SHA256
27ac09531254471e6a1cb4cdcfb0874dd4cb0b780de99312619b5790f2c2bb3f

SHA512
0933405d483a56d585581215e77cf7bd4901965a037d0b354447cbb402df96b451ec98d82e899cd43bed9e49537b4228a43c82a07dfe451d3823286166049e68

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\ohbz3gv9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
204428f020093898b0d3318fee2ad0a6

SHA1
dc253b1e5ba514717d2c08e083d076c61844c328

SHA256
12634d2a7439318dc801777717423d7ff5221475c0aa381bb0e8582f57835582

SHA512
a79af49b6bcab8269538a02b8e9c199b8ae30fbaafac04d99604fbc453f492aff999ea31f21ae17cbf887e9871336d6067a844a44ab31d95c60aad9e7b8f8b7f

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\ohbz3gv9.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
3e81ae0ab87821a14d94efb360d5af07

SHA1
bd95b3271d811665aad5d352b9487d4099663140

SHA256
32f0a4580b1592665c436dbaa84641e24787a8542f06bb549f002812bbfb65ab

SHA512
5f511b53767ebda143706a60ef027b9f1a2047cf94d6a54d939bf7f084f43e79a8ae4205f7831fe1e5c30f310bc4353cb658c5b8c6a0b371042314e246b05405

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\ohbz3gv9.default-release\webappsstore.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\Downloads\mmc-develop-win32.vVfVd1lc.zip.part

Filesize
13.5MB

MD5
380be19040cb6a051b6723d8b67a5785

SHA1
f957c51199969d92f1f0c8889690da16d62938a9

SHA256
28061938a1282f8ec3d5e45b0780126e4db95de29d88c2d99bf7fc4767ba9554

SHA512
fb2f495f1a57a726a9ad68a1dd0633c2090c9f2f44002567d171e3d8001fc8bd15d57e92a837d9474cf52c4f2492254bfcf07d0a70c7c5638f7d05750b2bc8df

Download Submit
C:\Users\Admin\Downloads\mmc-develop-win32\MultiMC\translations\index_v2.json

Filesize
15KB

MD5
fe63fd70dafcc698fb6dfe4b3c012fc2

SHA1
1b810b3249886e27ce93750fcdcf1025d7e941cc

SHA256
e341cfe91c9d6be66f8804b4cb73b228225a307518639ed06e6bf7ed7bc70151

SHA512
ddbdc0064cc3196abb832c743d7b001373e9e74c44ba714ec16fc90ee1126b1e3dba3c8ac3b7d172182a5c3794061b5c1a321ef54ed8830e105ceaacb6a26919

Download Submit
memory/824-471-0x000000006A880000-0x000000006A9F6000-memory.dmp

Filesize
1.5MB

Download
memory/824-563-0x0000000005F00000-0x0000000005F11000-memory.dmp

Filesize
68KB

Download
memory/824-465-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/824-463-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/824-462-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/824-461-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-466-0x000000006FC40000-0x000000006FD41000-memory.dmp

Filesize
1.0MB

Download
memory/824-470-0x00000000001F0000-0x00000000001FC000-memory.dmp

Filesize
48KB

Download
memory/824-468-0x00000000012D0000-0x0000000001845000-memory.dmp

Filesize
5.5MB

Download
memory/824-460-0x0000000061B80000-0x0000000061B98000-memory.dmp

Filesize
96KB

Download
memory/824-472-0x000000006E600000-0x000000006E674000-memory.dmp

Filesize
464KB

Download
memory/824-459-0x0000000063400000-0x0000000063415000-memory.dmp

Filesize
84KB

Download
memory/824-458-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/824-473-0x0000000004B00000-0x0000000004D12000-memory.dmp

Filesize
2.1MB

Download
memory/824-467-0x0000000064940000-0x0000000064954000-memory.dmp

Filesize
80KB

Download
memory/824-457-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/824-456-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/824-455-0x0000000000400000-0x0000000000A15000-memory.dmp

Filesize
6.1MB

Download
memory/824-454-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-361-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-359-0x0000000004B00000-0x0000000004D12000-memory.dmp

Filesize
2.1MB

Download
memory/824-358-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-355-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-350-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-343-0x00000000012D0000-0x0000000001845000-memory.dmp

Filesize
5.5MB

Download
memory/824-482-0x0000000005F00000-0x0000000005F11000-memory.dmp

Filesize
68KB

Download
memory/824-546-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/824-344-0x0000000070940000-0x000000007095C000-memory.dmp

Filesize
112KB

Download
memory/824-545-0x0000000000400000-0x0000000000A15000-memory.dmp

Filesize
6.1MB

Download
memory/824-552-0x0000000069700000-0x0000000069894000-memory.dmp

Filesize
1.6MB

Download
memory/824-551-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-570-0x0000000070700000-0x0000000070714000-memory.dmp

Filesize
80KB

Download
memory/824-562-0x0000000004B00000-0x0000000004D12000-memory.dmp

Filesize
2.1MB

Download
memory/824-569-0x0000000066AC0000-0x0000000066AD0000-memory.dmp

Filesize
64KB

Download
memory/824-568-0x0000000067740000-0x000000006779F000-memory.dmp

Filesize
380KB

Download
memory/824-567-0x0000000061B00000-0x0000000061B10000-memory.dmp

Filesize
64KB

Download
memory/824-345-0x0000000061740000-0x0000000061771000-memory.dmp

Filesize
196KB

Download
memory/824-566-0x00000000626C0000-0x0000000062706000-memory.dmp

Filesize
280KB

Download
memory/824-565-0x000000006E840000-0x000000006E852000-memory.dmp

Filesize
72KB

Download
memory/824-564-0x000000006C600000-0x000000006C615000-memory.dmp

Filesize
84KB

Download
memory/824-464-0x0000000066C00000-0x0000000066C3E000-memory.dmp

Filesize
248KB

Download
memory/824-558-0x00000000012D0000-0x0000000001845000-memory.dmp

Filesize
5.5MB

Download
memory/824-347-0x0000000068881000-0x0000000068B29000-memory.dmp

Filesize
2.7MB

Download
memory/824-349-0x0000000068880000-0x0000000068DAF000-memory.dmp

Filesize
5.2MB

Download
memory/824-348-0x0000000000400000-0x0000000000A15000-memory.dmp

Filesize
6.1MB

Download
memory/824-346-0x000000006C8C0000-0x000000006C8FF000-memory.dmp

Filesize
252KB

Download
memory/824-341-0x00000000012D0000-0x0000000001845000-memory.dmp

Filesize
5.5MB

Download
memory/824-553-0x0000000061DC0000-0x0000000062404000-memory.dmp

Filesize
6.3MB

Download
memory/824-555-0x000000006E940000-0x000000006E964000-memory.dmp

Filesize
144KB

Download
memory/2152-515-0x000001A7870D0000-0x000001A7870D1000-memory.dmp

Filesize
4KB

Download
memory/4932-513-0x0000015385900000-0x0000015385901000-memory.dmp

Filesize
4KB

Download
memory/5072-516-0x0000014FA9610000-0x0000014FA9611000-memory.dmp

Filesize
4KB

Download
memory/5988-530-0x00000253CAF30000-0x00000253CAF31000-memory.dmp

Filesize
4KB

Download