87f7d09819760c5e12228d9c7e8807a93ab9de03d6b4711de11186b4b92799b8

Analysis

max time kernel
425s
max time network
430s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-12-2024 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unbranded.exe
Size

7.9MB
MD5

7f9da6ae8a49a4e897c503536a915230
SHA1

cb830d6327ae2da9988645514b1bdcf4f3a3304e
SHA256

87f7d09819760c5e12228d9c7e8807a93ab9de03d6b4711de11186b4b92799b8
SHA512

dd78fec81abf88c80a195f036a8646829725cd019c8638f7d0f8919e69ad137d2a5778a07a4b094834439f1acea6ec0ad88db57ce99e330c4fcfada8805c9f9a
SSDEEP

196608:qPPrBAsyVP3qo0xdxKHIiljDN/eeTqNRsxvChmY:qXre1P6XMHxjDN/tION

Score

8^/10

microsoft defense_evasion discovery persistence phishing

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000\Control Panel\International\Geo\Nation	VC_redist.x64.exe

Executes dropped EXE 3 IoCs

pid	Process
4364	VC_redist.x64.exe
3688	VC_redist.x64.exe
2620	VC_redist.x64.exe

Loads dropped DLL 5 IoCs

pid	Process
3688	VC_redist.x64.exe
3904	VC_redist.x64.exe
4832	unbranded.exe
4832	unbranded.exe
4832	unbranded.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{804e7d66-ccc2-4c12-84ba-476da31d103d} = "\"C:\\ProgramData\\Package Cache\\{804e7d66-ccc2-4c12-84ba-476da31d103d}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in System32 directory 51 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_threads.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e5db52d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA9A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBBC4.tmp	msiexec.exe
File created	C:\Windows\Installer\e5db51a.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB847.tmp	msiexec.exe
File created	C:\Windows\Installer\e5db52d.msi	msiexec.exe
File created	C:\Windows\Installer\e5db542.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5db51a.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e5db52c.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{E1902FC6-C423-4719-AB8A-AC7B2694B367}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB71E.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{382F1166-A409-4C5B-9B1E-85ED538B8291}	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\VC_redist.x64.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x64.exe

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\29	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\Version = "14.42.34433.0"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\Servicing_Key	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{382F1166-A409-4C5B-9B1E-85ED538B8291}v14.42.34433\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.42.34433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\ = "{E1902FC6-C423-4719-AB8A-AC7B2694B367}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{E1902FC6-C423-4719-AB8A-AC7B2694B367}v14.42.34433\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{382F1166-A409-4C5B-9B1E-85ED538B8291}v14.42.34433\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.42.34433"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\Dependents	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Net	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\6611F283904AB5C4B9E158DE35B82819	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\Provider	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{E1902FC6-C423-4719-AB8A-AC7B2694B367}v14.42.34433\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{804e7d66-ccc2-4c12-84ba-476da31d103d}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\Version = "237667969"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEADDITIONALVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819\Provider	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76\VC_Runtime_Additional	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\PackageCode = "C115E40EF1D73624BAA68F6193F24D7D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1\6CF2091E324C9174BAA8CAB762493B76	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.42,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433"	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\PackageCode = "C029B57ADC55135439F2BCC435C9148F"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{804e7d66-ccc2-4c12-84ba-476da31d103d}	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\PackageName = "vc_runtimeAdditional_x64.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819\VC_Runtime_Minimum	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6611F283904AB5C4B9E158DE35B82819\Servicing_Key	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\SourceList\PackageName = "vc_runtimeMinimum_x64.msi"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\6CF2091E324C9174BAA8CAB762493B76	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{382F1166-A409-4C5B-9B1E-85ED538B8291}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6611F283904AB5C4B9E158DE35B82819\AuthorizedLUAApp = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\6CF2091E324C9174BAA8CAB762493B76\SourceList\Media	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V14\DEPENDENTS\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1798060429-1844192857-3165087720-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\VC_redist.x64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe
5400	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4496	firefox.exe
Token: SeDebugPrivilege	4496	firefox.exe
Token: SeDebugPrivilege	5404	firefox.exe
Token: SeDebugPrivilege	5404	firefox.exe
Token: SeDebugPrivilege	5404	firefox.exe
Token: SeDebugPrivilege	5404	firefox.exe
Token: SeDebugPrivilege	5404	firefox.exe
Token: SeDebugPrivilege	5404	firefox.exe
Token: SeBackupPrivilege	2944	vssvc.exe
Token: SeRestorePrivilege	2944	vssvc.exe
Token: SeAuditPrivilege	2944	vssvc.exe
Token: SeShutdownPrivilege	2620	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2620	VC_redist.x64.exe
Token: SeSecurityPrivilege	5400	msiexec.exe
Token: SeCreateTokenPrivilege	2620	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	2620	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	2620	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2620	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	2620	VC_redist.x64.exe
Token: SeTcbPrivilege	2620	VC_redist.x64.exe
Token: SeSecurityPrivilege	2620	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	2620	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	2620	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	2620	VC_redist.x64.exe
Token: SeSystemtimePrivilege	2620	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	2620	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	2620	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	2620	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	2620	VC_redist.x64.exe
Token: SeBackupPrivilege	2620	VC_redist.x64.exe
Token: SeRestorePrivilege	2620	VC_redist.x64.exe
Token: SeShutdownPrivilege	2620	VC_redist.x64.exe
Token: SeDebugPrivilege	2620	VC_redist.x64.exe
Token: SeAuditPrivilege	2620	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	2620	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	2620	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	2620	VC_redist.x64.exe
Token: SeUndockPrivilege	2620	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	2620	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	2620	VC_redist.x64.exe
Token: SeManageVolumePrivilege	2620	VC_redist.x64.exe
Token: SeImpersonatePrivilege	2620	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	2620	VC_redist.x64.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe
Token: SeTakeOwnershipPrivilege	5400	msiexec.exe
Token: SeRestorePrivilege	5400	msiexec.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
3688	VC_redist.x64.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4496	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe
5404	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 5104 wrote to memory of 4496	5104	firefox.exe	100
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 564	4496	firefox.exe	101
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102
PID 4496 wrote to memory of 4892	4496	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\unbranded.exe
"C:\Users\Admin\AppData\Local\Temp\unbranded.exe"
1⤵
PID:2852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1812 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c43a8e31-05de-40bb-bf46-5f7f5cc3726d} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" gpu
    3⤵
    PID:564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca3e971-740e-4640-bb92-af9eab6e80fb} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" socket
    3⤵
    - Checks processor information in registry
    PID:4892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 1432 -prefMapHandle 3020 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac7800b-1b3d-4371-9a02-d0c5f6782533} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:3148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -childID 2 -isForBrowser -prefsHandle 3976 -prefMapHandle 3648 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d78c6fde-91db-45a4-9912-f93efb36be09} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:2380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4832 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6a210af-4a80-4590-b26a-fa8a8cdddbdc} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" utility
    3⤵
    - Checks processor information in registry
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 3 -isForBrowser -prefsHandle 4780 -prefMapHandle 5296 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {168ae868-32e9-4d9a-a320-fec6e1972d32} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:6108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {476e7b93-c41b-4e3b-932c-5f793fdad787} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85c2fefd-444f-47ef-927f-d09a3c21bc48} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:5468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\unbranded.exe
"C:\Users\Admin\AppData\Local\Temp\unbranded.exe"
1⤵
PID:5952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5392
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1912 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf63c84-072d-4e37-8dbe-7a5251bd001b} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" gpu
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd62a5d8-fd69-4896-b96e-3aab91da27ad} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" socket
    3⤵
    PID:1496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3200 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {390bef05-5118-4bdf-94c4-87fd9b9756bc} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3976 -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0fba4fa-0da3-4868-8c37-8f3467357dbc} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:3296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4868 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4848 -prefsLen 29145 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {738a5b13-ea7b-495a-ba49-10a534963756} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" utility
    3⤵
    - Checks processor information in registry
    PID:2884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -childID 3 -isForBrowser -prefsHandle 5216 -prefMapHandle 3640 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1126ef9-a1e3-418a-9320-2cc2c2bb6c64} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d791070-3554-4441-84d8-ccef7d4b76b4} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 5 -isForBrowser -prefsHandle 5128 -prefMapHandle 5080 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61bebe0f-60a3-49ad-88be-54db38902348} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6064 -childID 6 -isForBrowser -prefsHandle 5424 -prefMapHandle 5792 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {511bbd84-1e83-4c4a-8b92-b8df572e229c} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 7 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27938 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ed40f1a-3969-428e-bbd0-d174cd2dc3d0} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -childID 8 -isForBrowser -prefsHandle 5928 -prefMapHandle 6796 -prefsLen 28159 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3dd7d7c-c158-4e03-a489-ea3db7737b70} 5404 "\\.\pipe\gecko-crash-server-pipe.5404" tab
    3⤵
    PID:3704
- - C:\Users\Admin\Downloads\VC_redist.x64.exe
    "C:\Users\Admin\Downloads\VC_redist.x64.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4364
  - - C:\Windows\Temp\{693DD648-AC58-4BC1-929B-82AD4204DA34}\.cr\VC_redist.x64.exe
      "C:\Windows\Temp\{693DD648-AC58-4BC1-929B-82AD4204DA34}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\VC_redist.x64.exe" -burn.filehandle.attached=680 -burn.filehandle.self=688
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      PID:3688
    - - C:\Windows\Temp\{8CEC3B1F-2309-45F7-BA75-440D490C661E}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{8CEC3B1F-2309-45F7-BA75-440D490C661E}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{4E3AB280-8DE7-41F8-BCBF-29DFF90D93B6} {D297D339-C689-4B64-9F70-D65047C223FE} 3688
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2620
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1380 -burn.embedded BurnPipe.{D0D99AA7-1BA2-4D97-998A-87EECCF51E8D} {3B7D5CB1-306B-493D-8636-A4E48B36C600} 2620
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=564 -burn.filehandle.self=584 -uninstall -quiet -burn.related.upgrade -burn.ancestors={804e7d66-ccc2-4c12-84ba-476da31d103d} -burn.filehandle.self=1380 -burn.embedded BurnPipe.{D0D99AA7-1BA2-4D97-998A-87EECCF51E8D} {3B7D5CB1-306B-493D-8636-A4E48B36C600} 2620
        7⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3904
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{B2FB8BB1-68A9-4E10-90A5-C595B3B3CC00} {BA59BF9B-B74E-4EAC-AEFB-9018D6FE6B5C} 3904
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:656

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2944

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5400

C:\Users\Admin\AppData\Local\Temp\unbranded.exe
"C:\Users\Admin\AppData\Local\Temp\unbranded.exe"
1⤵
- Loads dropped DLL
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5db51f.rbs

Filesize
19KB

MD5
39ffb0b86a146c046a5aebc08e57a50c

SHA1
de2cd0b886b5c5b83e71cf244e51e9f9d657cbc3

SHA256
cef3de1a2ac73d219fee6d2a6ec0da0a8391ec89b0a99033461e7ba11845dd79

SHA512
dfb5818e1f34b231e860d1544116bcfea456651456b363459ca0a9727b116cc9c77d8501d0ed4690220af2257a4948fe358c1b5cbfbea9791ca139a69048d8ba

Download Submit
C:\Config.Msi\e5db52b.rbs

Filesize
19KB

MD5
5b2b521622be75f683c590fa3b87c58b

SHA1
1586e5f8b35bf3eb6e42934a5a32002ad2ff0f2a

SHA256
f7eeeef04879479d1bc1426e026fe53c5d224529e7148ca1d14321bbde7222f9

SHA512
207b02bd73e04a2e98d6b1a5b28ce70b6580f337fffec28c6e1b888df132c9a20a2233f50b27858e4fe1b8a46cd3e2606ac6bc5ecd5bb7a4d8e0a203eb9ee04e

Download Submit
C:\Config.Msi\e5db532.rbs

Filesize
21KB

MD5
5ae78e1328c21cb31b029de0da28d11c

SHA1
a39629350bf626be37680b2fac7b7a024439cd5b

SHA256
6fa6443cf82f0eb96414133911cc0b89e97c8e11fa6fbae306ef3b2559383906

SHA512
5016d6f72dc2fd7ab55348d93343f11fe326a3d21536c57ffe91bd2e42b8d82cc4a05ecdaaf5f5b8d471f7f93e1872ea0ce34a666096710e2ca6fc6f12ddaeff

Download Submit
C:\Config.Msi\e5db541.rbs

Filesize
21KB

MD5
6af27d2fef04b8addbdc7227b09bcd71

SHA1
d1d7a5e163e57d45de14f7d1f00b4d1848930b33

SHA256
459891dbab81e9b8447d95135f3af98cecc768b3656994676d67989ccfa54f54

SHA512
734cd6bbbc54f096c691b304e36e722fbcbc3a3d8a6b303eff2c39fba4839278bbbafd1825b44c0b42dba380a0736ef13d44d9d7fdaea821c80fcccc91e9c88e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
0139ffed4a2488b6d18d0f7672dcbff7

SHA1
4f49353c82621c8875b9afd310239104f10e6d6c

SHA256
686f600bfbf8fd1992599d9166839ffdb97f88ec6a0b63e90290d720b4a238a0

SHA512
7dcd567bf3db017a8dfa88396e69a82c8091675d2c5345ac4d853404921b04d512d694be89067d998b45f5590508d4292454171b1fedf6c4e36487c2d1a75e05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\0496E33B07BB9340090B6FF9A653DA5443DBD403

Filesize
224KB

MD5
6d9ac016d9a913e8923d6757c64ac5f3

SHA1
3e49d6259b538cd1f1fc3bcd7203dbfda9ac0004

SHA256
0d98d0e19638e757ac09f3b4697b0cf09b4093840388f5445ec6183cbbb00474

SHA512
c460770f388f00b62b6071b085ff4b24d31d0227771844f9b9e1e8ed6f7061e08cfb9d552c10ca432cf4ecbcbe64f19fb5dd7b78f398dbc68aaf132b16bddb54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\094A5FA25D56295058D77CC5F86E2D4A73ACC96F

Filesize
16KB

MD5
39c7bcc9b0de373f8f2f2bd75419fbc0

SHA1
4863c1292b2446987e64d813f9fd43d441ada09d

SHA256
1d0236fb1f83d271b5fe026f07ddbd7360381d2a579438203a353005956e9516

SHA512
2190f58c93f995c22d9a839de34341fc56232266d98732889804b90e6fc186bca80e5894dd9f18d7743f8460bc498977cd4122374530a65e1173fb7502822f38

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\109D080055C1548CE320A422FD98DA1D5E1A5BC8

Filesize
10KB

MD5
b17becec378cbcbde341f9c540d06285

SHA1
845183f333455a625060988ea83bb640f5001366

SHA256
95f1929861fba446d5e94d5426926233a1cc570e35173a32629e7dd40daa7f05

SHA512
e54efa109cb731ae92a3899c1adb7dfeae326cd3a9ea7864e5aa01827a87a48c6796a585f3de49fc32df4128c6146817250ffad6f1afd1f8492552a51dc19de9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\11E28E677587E2CB091E68AD17AEFEE7EAFAD23B

Filesize
14KB

MD5
a54706e65d0c20f9dd75294dcb7c1559

SHA1
009a6c3c24b09b1d915d598b5467b5b28a900164

SHA256
950bbc8e4fd8e9c363bade373b179eb75013fb38428c4877d4fff469ddd2cdd5

SHA512
14051455c4ca205354700a54c3896a33fb9b372801bc070769e4e4f284fbe45a7ff4203ca184833068dc189aa3f0018fd3f90b8956b723b134cff0490648e8a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40

Filesize
103KB

MD5
d7302eb85c72e095aad767085064fe89

SHA1
231323c8dd0c4ba48da72def423baaead6269384

SHA256
3e714190d0035a080085ce84a671fa21916a509744a7400e8c8304bd0b42bf3c

SHA512
c0b395e33ab6573fe1886ba8e177866f354c03042f0d481d3c12acd7b8cfeb9d3048d908fe3ebc25063d33c81f8b27e4efd84277b922ca252bbac092067b5eb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
50455750ccad492df5b59edddb726b4c

SHA1
7239d26ac28daaea5322c05e6c434e2a1212918d

SHA256
d9dc1481336b9baa0d870d0b43fa22f163ccaa5083fdff8094e98f21d27244d0

SHA512
a4ee5c6b157fec9a00e5b9b631841d3885e72fc2de98d44cf8929d40e0c2d163238f5be9b9cad0c41befa1061eacae9d3166eb0fdb67638ea80fe7b7ee4ff5df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\27C08C65D8CDB1DBC615476FEE1F0DBC153731DD

Filesize
10KB

MD5
6d6d413e75229be751f4f3bec2aa33fb

SHA1
ad75a6fc52a3d463d08cbfa6317f34545102c5ad

SHA256
15ce3b91b996c2ebc2d67e418ac1ef323ea9dd886527f04b514c6053e3ee7e04

SHA512
f8083aa31b0b54d39aafb41be778f385576fc8105dc5b4c4d63761715dd2296f859f9004123ae4f9a40ca0c05da9b8bccd5746b0b06a3205f8c5f377290efe93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\2BB6924390CF59B96D237B36266526F42E539CE4

Filesize
25KB

MD5
cb597454848406a21620af7637cbc135

SHA1
fb1c21877bdfccae749c9bb5b803979420de3b7c

SHA256
ba5ea52fb341a29f288cc9f9d96d029847dbd4333996cd083ee28053837a3439

SHA512
1e5b9dad046ee663e7a229f466e74e40de66845e0efa1419e7e371a82edaf99e325e41c9fc7963563d9032fd7019084b50dc3740869128bf50d1fd48ccae94c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\2BE972023C5A094BB5AAB42202260D22B4E3DA74

Filesize
9KB

MD5
452297d728bdbcfccb5d6ce1d2951546

SHA1
7b753fb94c101f65e2ee9c1aabcef2271c299992

SHA256
d892097c31bf4ef824b1b6aef8ee16ac12dff5a8cc13a3e37a36a976d2435227

SHA512
b4ec3afd016b8bf2a13e141d03180ea82f5abf8e0e2af72ccaf6920ac6b46af55c947856e50efe83f02810b72991ae39768e9b21245b673e7195850c1ae71dfe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\30F8453575F09E9EA57C17DF9FFB3381D9D40650

Filesize
10KB

MD5
d5b8c70b69023e5d6d424a205cc93b69

SHA1
19fada8a6d85a719fb64f01bde4281e50db16e69

SHA256
0c92e9e2bba8c8f6b5d91c62525aa914d7bde50074abe2336ce2e85c8cb3005e

SHA512
fea4b044b64a72eb2a1cae25ca1b76b7601d94b8c4aaa249f7340a4f2985b7d7db8dfd15dd2d1da7e858887cb57859369cb4b0ef932e61e4335c287de9009925

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\314822CBB28F926E5106B2B480E05B5F4A8C3C3D

Filesize
13KB

MD5
c300c5177695b3bf256669feecb19172

SHA1
f3444938b69b503d1e34e2bcd691504f63533c06

SHA256
217b4eb0d12cda2e5aa03d2be2dd1099c42250599739c7575cd29293a716d7ca

SHA512
5c6a42d781e3bef6e915342ddf4c1d52d509cbf9f919fd239edd756b30374a66dfc4a8f829a3c77fecc6d33b39526cd9cd9880183b081d3dcafcbcdf0907c1ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\3C9B2D192D535C347CDA9FB12BFC88FD40CF0382

Filesize
96KB

MD5
fa3d811258865aa7d496a596d7edd1a2

SHA1
20cd5e12da0e73096a4483d88cf86fbe1dff5008

SHA256
dce6c1e3cd4ed7391ebd0d2df9a7797f695a332b6a0657c8bb7e8c066b64961e

SHA512
855154c96f0aaa10f6b7d4f680aaa0643771a56cab62a8183524800958113f81e51ca31d79531c5e8a95ba47437c4f34b408a8a48b3140e0d7526720b47331b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\526B30A29EA99452AC422DB412F8DC1D951B8607

Filesize
23KB

MD5
147ecd312ad9f4d3b25218bb0ff68803

SHA1
62b4cb2c607890f1c74943a76c389789a4be5a5f

SHA256
64495e4a3cc9f21ffc6e8af4b1a604a8e59329c783e29c542c4ff9bd31aa2832

SHA512
96a6dadddd9f8b8418e1ab03e9412a535d8f338117ae262bb0d056dd97a90fb8ea86599273f5ba5e58cb5ae348f664d4bc582a8609b5af7a16514d95b1b50f01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\60AF6138C31AB7CBC0258FC85F36526A60597A84

Filesize
10KB

MD5
0c0194d69e4f3407d7cfb8fe4dec6c80

SHA1
eb1a3f21e1c5f13ad7e1a2813ba27f811cd50f8b

SHA256
54415d661e867786514b0d1e50088cf84014b5a33227bcfab50704d08daf8e21

SHA512
091f19114b75e17a041e60a28d3529cf24a204f17730edf74e754b5df123c769282eca7abe0158a196d2eaa850d87d93c1b2e9b2d4736da7ef93090d8805bda5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\6762E24BB9F66A6430B9C774503510453B4EBA21

Filesize
11KB

MD5
74ec26a96a425b2489f29a9b6e1107bc

SHA1
04b673c9b5dd9468fc8267ff81a3b9e8018de875

SHA256
288afa635c4e15de4e57a5df3b119459ca4e4acbbd9111da7b15b95b209d91f8

SHA512
6daa957f18ebaec5a6e2283d7842104ad50a2609e03be5976b9a90774d1df7bbca1c537d838a72445ce77f43e8031327662f5ca0fd2875a547f0c37be51f60e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\6C3BD2D877245E717F772DE39122C43D9F05CE80

Filesize
14KB

MD5
6e8cfb2f16a162cee589ac96db42aac5

SHA1
b245abf2fc660f9a18da674dc0a7fd3dec95509f

SHA256
6a92cc4eeb0ccc75b6bfec7a18ee49cabd38ca26801bbd0f92fc8537986c5a1e

SHA512
dd78e868c6a772a7bccabac1bb9456723d55fd4d5e2dd29e6eaa1a472279c636ac777bd613f249c72a57c505bf01ac3ed8493e0c27189503d1ab8fe7263e528f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
448d35201ac05284c5b6590cf28d0f73

SHA1
3da72ae65e3fab791343b4a905c9a41ec925c634

SHA256
012f2cb67cc943fa46401cbe94f1932500f13607e44f8a0c6bdcb9298c7e0d2d

SHA512
acbae16b4c7cfa62eb57cf65b7a7b5342f04312d6aaddd9dc3747e2a6abfdaa793199df0ba08bc3a87afda8faf874ec3cb2cce6e31574fa9ac280aa21b82e3b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\76554F8FBF56F947910A8264985518A50CE61BBC

Filesize
15KB

MD5
91d8533dd04cabd344f1fe70baa44c91

SHA1
642637abbf73986368852d1aad6f6824aec57b22

SHA256
67091b9cb67bcf613d6fe24a5a57f60aa4256f56c52569bae48e7817048f3893

SHA512
b48366ddf6c58997b4823b4d920c09ce3f70ddae486472b4ce04e86b85e307589a47fd431fbd8d81c7d1e81d4eed10eb8da0b733765a101740ddfcb3dae54cf5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\77E0EFABCA0E3F8236C740423A24382E3AB63333

Filesize
35KB

MD5
87f3f21c284e06229e1af6eca23b2b6d

SHA1
cebb3437bc55f1e92d43c493262f81f81ea4fde6

SHA256
1ed66a5801cea634ddc569ebab41e3955c6b54d026d2898ef47d5ff6e92ac881

SHA512
f4562e8633948dde749432edc5666c735c038bf63cfcf9815ceadbed941f597a9bce070c42e43594eb75e33f33ef8d8e971d13d3a3c740daa9ec94b91c70c071

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
b3a56a79b4e53c4ec0ff887e1833115c

SHA1
0a3ceec2aee1efccff53fa5076dc29291dbced52

SHA256
0ed50c00807ccd45162c1cfee241032e8da414f06318ea25659c139c1f3cd04f

SHA512
4dfea35abb2bf997423e46b1f15317513a31ca45de242cba7ba4e70803c690fb11dfdb3a4486583c77eba99a496ecb4a62693fcb79cfc750c54965754d91cb96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\876344A99082D1460ECBDBC26AA2AED8AAB2D0B7

Filesize
15KB

MD5
d1ee85fe3d6c6fbb9d5c9a2388b2055e

SHA1
eb377ac0b00fea1139c0c0953024dec9706aa9e3

SHA256
568789d33589b6ea7cc3703a0f7139cc5b9e348c0bf109bbb48380a49395e70b

SHA512
aec08b9c7f1ead5f5c37b402cd2182069b015327539363b013e14bd3fcce3e47a2ffcde5e2dbc83d7c8c9d57834cff3f5c32503e338bf7f361b00868ac5ad205

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\8FC2AF2E603226592635D45317CB2D4AB17C3721

Filesize
17KB

MD5
361ccd62e1db62c97d9414a377479ee7

SHA1
619427d4c4b048dddca11204155af45946be1856

SHA256
d677c6b303ce7845434b36109909dfeb51e99e46cf8ab6cb7427cc06d10bc345

SHA512
622193a92236617210c8548b6742bc7ccf529b49e62690de258f34487a5394e426577a2abc1c7472973da1778b6fd7259fb90a1062e8ee5e00234eb9af593897

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
385528179bf416c5b4e7707dfed6c475

SHA1
dda1cc92b5e0470c9bcdcbe7a4eda0349b29bd61

SHA256
30ed8fb7268b9c4fddf2f70f2efb23294662c102d7fd270beb13dbbf812c448a

SHA512
8552e14661797e6e8c2590a46fe0fc41ffe541090785f761629cf9a428af38251efdfb1ffb6bd841948f641130cdf1a9d4d76388ab169c801b652580085ea18f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
0f8a52658b3868ebf8239406bdefdc83

SHA1
813e588d24bbeec2b413869f6ecfb514b4b41491

SHA256
589a57b66d7a69a8b1c4d0347bfcb37a407cf2f1fee774e61382cae42b36bccf

SHA512
86c2d489d7ac3aea1bb0a48b15f030e96d540945f7b75b2cb933ceaea0eba57b7054ed96955296fb9d9da067067c12ac17025e71a43ef0359f686568432ee9f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\9DF4EA96868EE4C4FF82602AD995911CE7E8ED65

Filesize
319B

MD5
a54b55d59d29f1ac39de4d503157d683

SHA1
74165da9ab44b74dc44d1fd1ea85fc062ea99d51

SHA256
ec4bdb337ff5c1072dc0206d97cb1ab0dd18dc044544ec267e214856a67cff26

SHA512
865645b69ee7fc8c853607fae303f29cc6b56bdfff61d264b7a48add3d0a312a27eb953951acac1a47029f50ce6bb49ec15a97dcf30d696fe130b032f80acb92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\A0E7779AAD8E89DB2EBEDA165BEC5801E728BA5B

Filesize
40KB

MD5
288cd2488f6bb776e052862c1943881d

SHA1
682743a048fd1817912005c06bacf5641b6aa4b8

SHA256
dc1061117a1f77a3f319ff02dce4984c78b3d3e09b0e4a6f5813de3aecbd87a4

SHA512
dd37c93157b59e3be8ec0dc56e209e755485cd7b6756a4ee00533094f872405bbf4c362afb6044bd69d52b3ecdd07c7075f392ccb90a6a19b9687992fb2ca827

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\AC4388372EAC9A2259E1D3C023707BF0229591EA

Filesize
10KB

MD5
b5dc183dbccea82169d61586f335160f

SHA1
c0c2b8351f44168f79bc30bcd10d6da853302d16

SHA256
dd516db434ad07d1f5ab12264fec5c1a001f4c26868f0c6ad4230c264c1588c5

SHA512
e3ee1e7fe4d7e21e3e8ee4559cfa9c2d705960b68b99a86406088bfdb3b322302915d5615ee5392ddcd55da9ce994b8300e23bd97508733333dc9a009f6f3f82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\AD66DCE798A676DD10E21FF44227D9DA28893051

Filesize
10KB

MD5
4c466ac8675e23b85a64bef12e771129

SHA1
2646d0680657021001bccf07e5e711de5ebfe9a2

SHA256
4c1d449cccf1194cd0692b310616d69043bbc898a8c33ff7ec0595b6dacdfd7e

SHA512
dabb6d31b7ae15dee6d08443387995cf3eeadf173c5529242a641e0348550bf7dd06ff3d6f7b3aee5150644b9d3022646b89f3f4a040fbc410e48a41fb70712f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\AE9A9BCC75FD4C03F7D256CA512C6C69AEAC782E

Filesize
10KB

MD5
1b7c2d20e40128f1c0ae7764dd3acb4b

SHA1
5bc519c3bca1dd8e181d12c649450833e54031e9

SHA256
8db14be0136fb6dccc7a2793413d337056d077401fff76356822a7f092d2cfee

SHA512
7a1ae119ed60e6b932c1863dbdd02cb3df98b2699bb7e983dd04d94fe2f0ffff0a8f7492cdf27d879dd02800778e438844ed49bd159d9d4d7253b00ad1aba0a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\AF4A7FB08A6E57D770972461BB4CE8AC2F4544E6

Filesize
12KB

MD5
4fcfad45d5865c54c0473905ca6c7da1

SHA1
3b9378b785eed794f636cb15c4eeba39ca29a2cf

SHA256
4342204d34b82306adc19b505246850379c6c4678393bf2c4201ed4a1c7ca9c2

SHA512
53af3b7aa3ceb722450eebf0e5e9bfe61d233fcedaa3f1768cc2691470c9d5f3f557b7cd61ff9c4e517634971186d18c2d2c7ac2e06258b3b39302fbe67eaed5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\B22897D55E550E1B26C768304E68F325A1C10002

Filesize
13KB

MD5
955c78518f6b5264a4c4f469593680d0

SHA1
1d833e50d4fa0e8ddec579237628ff8d06ceaabc

SHA256
5147de287c15f2acd4c3b2101226ede0007659e561617193361cf3ec3a4a7949

SHA512
7072de7cac841e18cff9c457fd1dcdc8c4af0727e4f3d42247bc76e4eb0c65e7b9f9deedac161c2fba7a1760e30e746ad09ab0a73939741ffefee9624187bd42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\B9667CA87D8670AA1F2F1DB55C609AEF195F367C

Filesize
14KB

MD5
c21c54107d1542f3dffdb0a666cf3b9d

SHA1
82bd02fb50ec01e45c27471cf520f90073b597bd

SHA256
3ef70913bb99078ea7b14dcd02fd92b8b83f90635602bcbcbfd732f816f77174

SHA512
f218e7fe1957285aa718966f89f9f19c34b58e492a6fdc7f79ff2d425ebc1434698c88d6b371bf01594e6fe452d0e8bc90e4714078ed8de2a580eafd041c2784

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\BBBA4A95CFFDD1EA054E878774B9866A9CEAA7BF

Filesize
35KB

MD5
09f4deddecb3c3ee2fe1cff930b4d8b7

SHA1
d2195106fc11b7f2bda392f29471bf0b46e0de81

SHA256
64657ef5da91cf02d654cab3f1fbca578d00c19e44673a857a73c8c4dc300514

SHA512
0e97bcd84c3aec9a96ba77dbd01325abd76a7b7283597afe7a0f80f6e3d8ec326bbdaf0e7a534daffac61c907efc5fe66d8bbe1cdf6dbcab92dc6c8077987abf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\BCAB76E69CA1DF66B66052641FE6133B916F6575

Filesize
13KB

MD5
8879c5bace171f63f41c01f3ce65537d

SHA1
2212b705d91bf4f32d0aad51162f973e0170d974

SHA256
717c47fccaca34cc6cc8670a5907399874a861f2539cfcd7f4463b9c63f4f4fe

SHA512
c7e28ee9b1c4c974216a17a7ba7271c62857acf9eb9fcb6ffbd97be2c78fc335ee5fab0931c03bf5d84fe339ff852c4b49993cc11ef1128d99ba75bf1bf07d4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\D059FD0322F695507887307109721C11AAD75FFF

Filesize
14KB

MD5
6a21c61b0f003e347d05bbaa9e787b21

SHA1
54a747e4b421a33c9fe87a78f7c70e25bee60520

SHA256
b3b00855f8f71c30871e3bc7d0f7ee23aa9d41ecc07c696b3840aa5f29925b76

SHA512
4f77352536d4d49a8009ac5d0ac5e3f6517e489e5ccf0b307e807b0ddc836bece3fb5167e400ee81fb44da1ca2363e9a2a8d414e1ba3dee3f56ae16464416177

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\D154E1CD66DAEBBC055D1D367858E65F2CC266C5

Filesize
9KB

MD5
58b7ae85e5d07742026a044c1dee7989

SHA1
d3b2631dfbc086fef45b36566c0139c742b02c70

SHA256
4707315a15c20e750247a9d6b4a90401dd07b7883b6d65cb87636790edd5299a

SHA512
d3bc3988779c37769bfd57081acb762b9d450eed9dcb53b1cd3f5fb022a58218f05d159c7aaae8678704411159c9f4071dc06918dfeb7aa2d1a8f8a6929f3ec5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\D1FF561AE013C76194548D53AD0BDBD1AEFC21E3

Filesize
69KB

MD5
ef689ce74ebb3d854afe0977eefd9d22

SHA1
51ae15d1aa0b5d33047e4066771d52ebc38d19c5

SHA256
d12ac7500a5db21ed2a025a710947163e7650b61c58a9ae0ff9435dc21ad38ca

SHA512
abb46537873cc994b5470d42a5da463489ee1f196cc7bf5cf9e9c789d2662708dc32a48ef3dd3d1ff259660a56213d7ddf935c00b0c205ae9723b511a5c645c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\DA7234D42461BFC01804DB85179E79B2F90776E8

Filesize
98KB

MD5
06183f3150b150f0c2885b27f8306e5e

SHA1
5fb6a7af60ebcd86b242383548a6ac69735cf634

SHA256
433ebf8ad1a133aed1e1f28b2199eb1c715f7c58b08e0f4ba4603223a594895b

SHA512
ef9b896a480da93e909f9b43aa11c0acc7a810be8d3e1a03c6606462d7e22832edea4fba8ce8fc716524c56361d6d38456f317fccc6f1c5e111d9eb813968eca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\DAA46BB4C0961523D9B5D1AF636A0E4AFBB79477

Filesize
10KB

MD5
247555560ab204e7ae056219f48dbb23

SHA1
c112b6e452ea70a67fa69261d2ff807a37fd0e02

SHA256
bdec2f826b3827a4135b504ab85a7d7510b564cfdf696e24deb793396ff0dc98

SHA512
1cfe400c06ba0f1577687f8a11744011e8bfccccdb36ab9d6d4b397119aa424172d71d488dfebe5bce4744ff30376340fbdab99fe948933d23c323a09ef6cf54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\DC9722E7FCDF5BBF61188025B8AA4C1FC79C3743

Filesize
9KB

MD5
728369868fcf2dd09d37b2840b76fca7

SHA1
fc718cd242853dc39ac96e1988b2358146bd1201

SHA256
1c4a7f3fd375b70334568ed244bab621e54afb6afbdb1835e16b72f930b863a7

SHA512
78f67e990c837c943bc5fd00df4c16d6e5a18c102641146fc2345ff4f510db4d740b7b948ca104e392ccaa0d1420572a7621bad92ab2562fc00549fc0b79d667

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\EB921352F352981E1630D05B67EE4FFCA81B0519

Filesize
317B

MD5
f23c813d3ee00162bab3bdfbe2c58756

SHA1
9fc265cc50552a3eff4d429671ad43f79e1ab045

SHA256
bcc64a50801d97788537d7eb85101c9392e18fc8c3783e9bf18fb120fc9a1190

SHA512
110fbaeda435106b4cafad91deaf58ac4880e4e9314af29fb6974c128fa55ffe1705d5a27bd820d9af688ce0019e25e641dffc737fc098c78822b514532bfc4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\EC0A3A6853A0869F9D939D379166329D18964FB1

Filesize
26KB

MD5
e52aa066d2241f96269f611b16e7fbd0

SHA1
d24a30f6020027874102dc95320da0f19e92583f

SHA256
feab06b2837647c13edd15df26b4f7b416b43d3855ac031fbb5516d90da8f776

SHA512
ffb4e708571c39f2d1a3ed1f8903af0cfa2685c619314948d56772e841e6f56ddfce7490a0dcf598a75e37dad46daa5064538e79ca448e17bcb5695799f540c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\EEF9A531D47CAD5FFAC50832E07BA00B257C208C

Filesize
66KB

MD5
b494c42f2cb07b4f124fee4d1732710f

SHA1
0a9dd648733210eb5bb2f8d13b2dd0597c2d9783

SHA256
4721991535998dbe17f2824bc78b66ebfab2585e4bf988eb50d82ccfe21a8d77

SHA512
448c66902286818bbce165944c61ccd1a4cf36864fedc979bfd94b74d9b729910a0d934c157a7c437ab0f330899f474164af9dcf7c8c9aa654810a2f8bde036b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
ebe49385dbf769b7433aa84ae25e20bd

SHA1
71e7747b953d76296711c74043feeea3ffb4b749

SHA256
02c42122873e592f67a38a5cce3fb064dfa69e34a494cf409e140885a315eb2d

SHA512
e04fd196cefb1004d2e99a7137e96cb7de1d16a9f066aa38211b44e6b2c1c732dd6bba7d4db4218fc39d6bcb122f3b84d50c2a046b5ec8c5f241a18eeacf08ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
15405b40b11396456243a08ab4c1f30d

SHA1
eda1aaf4281a3f6ac05af57ae91e37f6faf3048f

SHA256
2aa3c813af62320d33d79d971fe48ef775ff66a716658e428b043e2425e721b1

SHA512
e7aadce7de8ac6ca2243cfba8ab242ee6b7e7590445c4d8bee16d39cbfc2b74f0095230ba2bf70db70eede4a3cf1be98372bf79c3bb0db2826608a5da4520618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
d3e76d1688e606b4d128955891c4566c

SHA1
415fb072c098df811450e4a44210286b1d17cdf8

SHA256
6703d3d48dbea0d8dd04460348bfa90f6c9503efab1586594dcb3d613055c104

SHA512
cf89cd9d62b5abc0f269fb094c5e196f5954701b8fc5e200a1d0f087ac781398c7a73540a7dcd2fdb9d1219ad0a45781fd5b99128a8181c09d14316b6104556d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
1b74916736d99e951b7a784be79fe61c

SHA1
cd1a03c52617a0f57e506c1932a69cde0f42ff30

SHA256
f5d4529ac63649f8948ef017809bfc362ca44b7ca6a847d2f57483593b41565c

SHA512
d1507690bf5b52c6a46475d54e90b22ed2eac75e7aa5e5bdb110718f952a5fa7e683bc61ff6586476e67d9361774f1a605c7ec2f3a91cd395cd0df7692af1f22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\agdhwm6k.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
7f183c2a43d619284e345fa4be399d88

SHA1
efb03410a7b404e0e0e7cd22c68fbcae044f187d

SHA256
6e46943791538d57c496656249f27bcf507f28d4505d95cb7efe586e6a0fb9bd

SHA512
784561e326cb35cc414c8c03d4e485267d2cbdec22482f1e05024ad03d3b56ae4f11ee1d53b9ef9b34d7c5b5f6b31f035222b92caaf88004fc2aefcfcb002bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\EUZIUWV3510G1L17I84U.temp

Filesize
16KB

MD5
246b36620bf7b9a8d1403c23143d5a3f

SHA1
4b027284f8bfa9bb0e392968013f402155e14a96

SHA256
34e0ebf1f7ee8d784c0e7dc870142443a742aa65e5230d6df6d9e211f48fd2e3

SHA512
4661d299cfec4acbf1a187703c43f933369cedeb24d6099ef76a803610ee6a3f145e6e5ee1d07a0b8523d6a2649a468b6bb110760fcdedf9fb924c64a101ac49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\AlternateServices.bin

Filesize
6KB

MD5
026c597ef8cf4dc3ec208a736f799f93

SHA1
566af799c69d964eda8aaee524b23b8ccf202665

SHA256
30e5f5fd3a4b1ed7546de544440b9fcbd78891450abb2ffbb40c7d804725af8e

SHA512
22c675d956367be9f3f76cb91d7354989ece39894292079128c4a1d6dee1bd47bcaaa67fbf05ef9c81ac08ffc506881583cfa84eebd639f01dc0ae0d7a5a65c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\AlternateServices.bin

Filesize
8KB

MD5
c8d8f6db8fa74ecf185a055d7dc92292

SHA1
025787c8287e55733e20165c1f2e3d9d7212f097

SHA256
3e2a282d6f0dd0ae497354c5d3099e3755b11bee7655942d6be8f0263279143d

SHA512
4606c55550625525c2f7e291644df3eef011f2974b73df55f921fd13a94db1fadb69ae2004d50d7c9186c4849c699e32689898112ee864e96fe16dd370c4eeb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\AlternateServices.bin

Filesize
12KB

MD5
33572930f7694cc856f693b4e1d798f7

SHA1
060b2977dd93e689e4e5584a5ecd5ae502691eee

SHA256
2b05547c6fa586f3a3ee8946dcb9cf4f7143b48b65f1c5b1a80218b3b64ff585

SHA512
f49dc38b111f821126471473a847e16c1da829877c4256139ca764b3e026e13fcd52d878e8e8c7a2b658e67c8ae78a18b2a989579cbcd0a16a609b0e3a3cc8ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
e2c8d9ac6d7aed20d87ec25d2cb42c3b

SHA1
62a1a39167bd031d68b95323ac122dfe6c780575

SHA256
a3ab52005724003cb28b2454084a6cfeb7b4e6e463267f2b0ea5013d8552b03e

SHA512
a0667fce348def610414aca23bb475689d343681d0c529afb7ab49404b6ed54e1e4b675db6f97455c37e681a271ce56eabe865258814d00a5c420556fb9da74c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
00d641aa259c44c328b9c0c30cb09fd0

SHA1
76fed288d1f7592b4746b50cfc209c48b031b13f

SHA256
0f2c14fe78edb751295600d570ec25b6e88a2e6911034f4bb1e351c2c811c9fa

SHA512
3e652f36869ac70e52661a08bc77c8f2667f3f1f9757e66a229134557a18e5ce205c7894e9d9c80e53044426043aab7ed9056b6896e4a5398902817e71d65d39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.bin

Filesize
30KB

MD5
95f9569d09d51bb0916d4acb5a4812dc

SHA1
11962b46a5ab64d71174dbd16146544155acc11f

SHA256
9d77295557746957ec8b3b9d77c3e69192732e32d04f9c3e92e6c362b12c1aa3

SHA512
97bbd4aa85e7d689d20ee445451f735a270d9b3b78800cf92ce9efade4c403fc6100b9e8d0fc0b7ff15e484cf78eb24965bed4ef23d5c6be2a136e550b9ba071

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a6b7650adda4d9d3b92a7869731dbf3c

SHA1
832eb70b8d793c4ef607de5f586f8e145f6a35c6

SHA256
f9a0aa29cea2a8124e4810fb5a67dc29f1d54dc40eb5abb7c188b782b8ab7a1a

SHA512
a6d14e86409b906b4204f3b8235e1991e498b99f467d8bb00b42aafb6033f6698149cd0d015b45fc9bdbc464cb3e7f080fa9ad4a0afc663ebe2961aa2a6a6c61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
c8fe4e28bca046f2e8cb3e1fc1f1d126

SHA1
50b80ab10c1e3b3746338b0017fcac36764fd81e

SHA256
d7a90f690cd1b89538a5f3e93bc90fd4b52e2a79385b9813022ddd1520fbb54e

SHA512
e99c5e8fd22a30d55b3faa3ae9fcc475c57d94e84558c2bd7e10c0fe1eb41ebc5ab301411ab71eecda9bb477055511c72ad9c9425f5aa13651ae70fbf3b76ec2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
65KB

MD5
783da80e1bc17bf29a5bed2ba59c75df

SHA1
9eb95b0e3b09ca3959b7b47e5601504f5a82ab48

SHA256
372345df9fb252b5c659fcd06507255b99b0c1899a23c9ee7efde999044e6973

SHA512
efb55923786f343b56702bbd525cfc9cabfeb48f3dfcef4ced389ff4ebfd50759f6a1f0c70d0de5e106801036eea625a65aa763db2601b14dceb3033b8746a90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
52669acfc3b12d5ca7d7e1d45b25d955

SHA1
e020f1423debf19c5f391fb4834c2e77e0d772f5

SHA256
102a6d98a1ef44ed7c2f609cee73cb03708af34ab7d8b41db7704a55c84cd039

SHA512
4705d63d0bfe23ce367f8a31bbcd897f9705d5a3eaa8560dfd6037620d1fdbebee81d1e4e3156f8de14a3acddbeea788e135a1d5d002a8c7e36024a45b3fcd07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1882e3a27a705f11a59edc9601c07742

SHA1
53995123c53ea693bea1ededc9d46e4bd39ef734

SHA256
be824f9fb8b4b012c983a9f6b6edc44ff9830ac843163863e4c4adecca6987d6

SHA512
8658d3e40c23ce687fcba624577fb0009ee702ced19b8aca2eadaab5ff6c08af71053ef34ba1cb4a30f97da878d041076636fdb1b260fc7a6ad4091fc97666c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\events\pageload

Filesize
376B

MD5
b7ab437df4d4324192e09c1c6c35fb52

SHA1
d54e35cf82ccf59366c46a1ddfb5947b773cf89b

SHA256
a05dafcd8a227eb932e9e016a473c6954e76fa16e9eb0801431f9fa691c25201

SHA512
68cecb49b90285471f1a4986441d35eb95ccd4de0a9d704017cf8e5e19920e7cc3efecb5193b14b7dca9d432c204421773acf15284c1671f16e4fecdb3082bd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\0030927a-3725-40ec-b792-0ace08cb9797

Filesize
734B

MD5
39cf72210a6ed5ee5cd6459bf4a5bb3a

SHA1
6c7e543a119146ea64841c66ef0ce6549ce464d9

SHA256
779a09ea56b7be8370363157ee12a52306d7273e511e8df3bbe082bbe73e27ab

SHA512
480c8c4cc15ae6dfd169e039aca0518f60f27ab4069c9d679dfda5f02a94ea146e75a9abb2ebfcfd84ba553af6d200b00e4d5dffedcea691ef4af948cc416745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\09bdf0c7-0514-44de-8c03-7ac9d19e0b72

Filesize
982B

MD5
4b9e35ff6fd8cb105d85d5dde0fabe12

SHA1
bd99421ffbec64f62465cbcd64f640361424c43d

SHA256
82c7f1a1538a78a48572684e3aa0e3365d626e4818042f0316a97f7c367b8e5e

SHA512
07cda425f897de8402edd65019be9b72b8849481a87063a373fb90e34b75728bb750b1e98ece648ad091c614068a53558e8f6fb22c16c147d17bedf170d0ee47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\2fc63a11-af00-4b5e-84de-10348e8745e9

Filesize
5KB

MD5
0c0bf5d6999e9c25cd67612823b0be4a

SHA1
d10bc13e53ece5d271ad5c5c6dd580e197f7b257

SHA256
9d6f1564a24e78cba8d130104d94431cdb00563f4ae43d4f18dc1a9b95826c2b

SHA512
0e3aacb638cf3c1a623ff7ce72d2bdb11501cea83ead71644ed5c7751e1e6e0ef1c9f0e58bd93623fdd9d1a1cccac1485dcfe92d0129a5d1c670031744344c3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\33834f7f-93ff-4dd4-a3c5-58495a8d9a51

Filesize
905B

MD5
646785aa3d40fcc4872281bacdb4b468

SHA1
d79bf86c7f3fddda9922c74b19bd91abec4d029d

SHA256
6f12bc7b32c2d07dbc3207a33757446f5e6ff74fab9d372f4f02d8bdf0792891

SHA512
40a9b1af2bcfeda4d51827fcd3339a4b08058524802f939e4eaf2ee1d56407fc7ac23c0346c1f28ba5bed869a6d6538877c10209ba462b07fb78f7355b3d5656

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\6eea8648-3d18-4461-ad82-9409bde91f87

Filesize
26KB

MD5
8caeb492e64d9818af97b7761852f5e2

SHA1
faa692b2798b4a2478090a653792d567db19ca4b

SHA256
007f29c44b71f6555a171da2d39afd83e978d4f13c46d531fb5078066b48fa5e

SHA512
95371d890d6e12b8fbde48f8f237232da2d01be18c903707702425878e3febe836fc7b69d4610f307d881b2858070e03f6375d3275609ffdd3d27d97fe47dc65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\6f7a2174-7946-4393-a32a-6d95fd40c575

Filesize
671B

MD5
914b82566bf578c8aee9b1e70739357e

SHA1
18e5c26a73c42105684f21f39091c79b6f8e80dd

SHA256
0ef3b0630bd7329f7577048964c1960683cfae69afcca8a8a2cf348600c2a7c9

SHA512
a50860101294a639c5b0de7a4bf5f13594e5d5cd30a87d89a92d05cee613a9f0a95731555dd57534a331ab4c736707efc04235ff3611511f6fc71b627e949863

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\datareporting\glean\pending_pings\e39ea3c6-8ccb-4006-b194-3e2d15af2692

Filesize
766B

MD5
2d8a57d69e898be8ed0c98fa2a6b9911

SHA1
37bb5ac94bd2c8095bc6f580e8a77b4c27baab00

SHA256
b9ae383d11f7989c982bd9da438d375ddfc589ee2ee8bab97ebc00fea8148642

SHA512
fd56ad096cb3b41d06ba09a8003cf47783b26e99faa25f7d1a69088fc7b134c04d7f5ff3d51f114a19486ece175006dd8c3eaa63b662a90c7bfb160be46c70f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\favicons.sqlite

Filesize
5.0MB

MD5
86911b69cd97a0743c2fc56459708ac0

SHA1
e647a580366858b6cabd84ce6f5c791a449773be

SHA256
dfa007643ee90c558ec9784f1c8a97308ace2d5296cc842b94b8186adfc21306

SHA512
be12bad6ff8cebfcf68518d8d6da24ea81b6cff65b660244a1b0cac7e9b77c3c65a75c4d2d40201e0207398a0bfa35b344ddf6b5b959b0d8c2b496908abac3fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\permissions.sqlite

Filesize
96KB

MD5
fbb381d80163fc33785a9a87166eed82

SHA1
619582c994ffaf63a97d0aeb71f283d1a61e8f39

SHA256
287c01a90b1b62adb0d7af6fd3dcf8df7bea75779ee0f2341dab900bcec09526

SHA512
e9dfd3384c3456b619b8dd9236d050d69da7140693d5981a376c5131a9d87427a65a3ab501a22feaa4e8027cb991101091e4dc37ab543d98eb286f5eaa0be0bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\places.sqlite

Filesize
5.0MB

MD5
50f4551730f6661e6ff4a9ec0280c895

SHA1
5f037cd1fc533c3c9add439a793a8a148a27a125

SHA256
ff8ef32604acab3397afa5b550c1344d0c6f83f81bf8d86cc6b5a5c12cead23d

SHA512
d1f9a6c7f3fdb0333a9aedc9e8ab9b226a619a58b691a8b379a0517788de84d86474a1c77337135dc7ec8a9a8116621ebb434a67a1501fc581cb8636afd985d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js

Filesize
11KB

MD5
17b5775ba45803c362f093537b14802d

SHA1
e03e47afaeec15f90247f4e29d7d9d2553810420

SHA256
2a641914409373edff0eeba1fecc398b65cdc7c479816ec79c375fb473a8b705

SHA512
6da1c2024e028b34651fbb576a52e71e0d8098557df7b41b8467d769e16a2a5ac8d81a8b6ea6ce9d053a5e69c017e2fead22827746385eab119559330b6237aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js

Filesize
13KB

MD5
bd6c5bd847d2e2490933f5e065cd7613

SHA1
156fd2ac7bcb371c97db0a5b1f41086734825aa1

SHA256
c6128ff882145a6f5d81f854631af2a7ae480ed616744c7aa70dc6ab07535bd2

SHA512
a41aad578223916a210a63c361668c111f30d1e9f483d7aa73b2113ba78130e92a953eb2ea6089f2f23b3965a98221b0af09be707767e661b0bd068463566488

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js

Filesize
11KB

MD5
5d2e369251036dc5bf08f1dfadcf5b3f

SHA1
4e3bd27618bf94a40eda09a1c5c44954ec6f66ea

SHA256
15b42e4ed0f902a7f9aba2366317a0622310d14ed0ba78f7f55e18418c02a47b

SHA512
6e1f2bf71fba331d0ee1b8453450b272ecb2e13401a1e1314ea558f962cae5e6bb0f9265a586436e30a868480d5c336201968fa7d08278888c5519a0192eef31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js

Filesize
10KB

MD5
5dd1288410d3459d03c3746a2690d485

SHA1
91a32141bfef810d753f9513a624998b77cac5e2

SHA256
79a1bc22b3b95739c6675256e3140e50f29d68f35bb3100848d26e050f2fd396

SHA512
2433f37f87483bc6f5635927ddf472943aaf4ae1fee1ee49ecf641b1ec9e0dc8b5cc0eb007d1a4efa0fb0c8344ccc529968cbdce98727d47cf91862de3234462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js

Filesize
13KB

MD5
b41cad85588f2f6eac76ca61b044544a

SHA1
459cf72253d5758c1b27de2546f88fceacc65e8f

SHA256
4251f07b3cd14d3f50a394cdac4c91cf51c5a60aa1ef737651ff10ea1018f32e

SHA512
dd62711b0acde7d4b0cf50fb31ea385b856d60161c677e9e8e8599dfe4e6d5a79af4a9fb8011954c1dd5958d06417a96aeb4a99a6e7f474c09844b2851c96298

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs-1.js

Filesize
10KB

MD5
1be49e08ee5cefd171e6a7a386ec72de

SHA1
2ba3a8d606c395f1fd1ef4ca09988b2ba2f01237

SHA256
eeae7f2170b980de919c86c1a9dffbd3ca60640c6c92abda37031feeaf753efb

SHA512
a7edd9518c3f6a0a848056375f7d1147ebd0259f97306e788aa9fb8e52797a22228bc2064a6de4f36e2cd4c8396db78b37b6cf2e02b60464ac07ebb477c0a764

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs.js

Filesize
10KB

MD5
03d2af403fc2ec1a3dab75b6dd25141e

SHA1
6a2c24039b3a4e72fd175aed3ca2158698b8794e

SHA256
1f6939a6165f1a4fe3657c5b6a5ff383edad4251b255c9462e181165146e3737

SHA512
78914517fb02543eee70e308aa7725ed9f9d361dfb4865656d2bb0fe0ca003d51368a369a4eab714b4f3d4260bdbfe4594c4d4744c23eb4733c510103bc6e542

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\prefs.js

Filesize
10KB

MD5
7139ba032cff4aeedda80e5607f4f748

SHA1
2d28b275400f078233167a9c0cb81c25d66b0a9e

SHA256
7cb54f246c224f8c60cb5c868e1a77de6b5d88c1af957aa62854bb7d6cb29abd

SHA512
80034657666a2230034a3b38ca331e5f6133fce9be19e109a14dae7883ae4761caf810f5077fff9cf0728d92fe8456ee56001156657dffcaea4c491a0b73af52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
d1b1b749e1e41495ba604b5824f1d416

SHA1
d9cfd59a16d0128f89dfa2b5b612d7593ebc9dc3

SHA256
6cbd7b9cd78ec040c4637df9f94a5f120399d5eee67165cf3616f28296df3cad

SHA512
d65023d6de973d52780d6c76037889ec79bfcbaec2d68165bebe65120339ce5d75a79215251ac153d5b62b0618534859fc1fd15a71eeaaf58be0426aee7cfb23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
8c8274255b1f0389c8d3f6f065253315

SHA1
6166c70d740bdba6505aa9d09e30f7728943734c

SHA256
e4f7b6901405b411d243e72dea01387000c7f14411816f9c11249da1d18b34a7

SHA512
db209fa62aee5017a00419287a9be92b725d646fd04ec71d13b8af2b6aaba8ca5761339fee381b13bff956942b24a460f55f0f9f0b790075026bf404048751b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4

Filesize
19KB

MD5
14d21f1cc87f1ab6956287f348f82417

SHA1
2bd56d2b9cafc3f20fc67a8b84850483cfc2b43a

SHA256
76c7ce96de1c3d96df924044679c02c08bf389119f85c1fe98b4d74682e11651

SHA512
7e81139981a8ab32a99041209e1a1debc3805a0daa812eb7e4e0c46f5babf78c84189a99501d567490b4051fc574c6c0ab72222aed3a88217522234a2e2c81f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
1e37edca8002fcfc779ce388c7282b96

SHA1
4d671a0209a378a3c578d5ae489537f269b5b7bb

SHA256
f871deb943dd45ac9aa5d92b58456df6fda1e1b3ea7d4685c32d944e8c1ed969

SHA512
04da595a7f137228705ab76d3b3bab0bb68acbf4056c83a8ec695f1943faf8fef90559be95d2277a68e37b8b6deef6617900445b770b765f24f5da0b33c5519c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
778f2470a33ad1763203136112493ed9

SHA1
7c2304fdd350a48031fc09840f16619cb2860339

SHA256
edbf6a9db64f10bc71758940dd71d2c688884f54c942c55e4a262b62e1984e10

SHA512
df61bb8e57dfd117d0a5adb1a8e95c230ae8c8020e458397b4cc1ee6be2eae5a82717107897986ef4799fa4f328a6037b76c9fdb4888f055d5b0377afba72ea4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
2574df7d2cc988051bd4ae2cd8308be5

SHA1
1dc1d4c9c471a845b65ce9b16dffe7bdf70cb898

SHA256
8415d8691cfd3892f6a80ff507a75699e8074f547d7b95204a5792b3e588d40e

SHA512
d44541ea3eae4c37949dbc4e2ceac85d07da0d60fa7430232b27afad964f57b9045b04ccf69b288d9d1cdc9c2795068820bf8637ac67c983080b1e31939d9738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\sessionstore.jsonlz4

Filesize
14KB

MD5
a6ad3d86067830a8a24561a6fda4c628

SHA1
6574f8889032e9e8f2466310b9e65a7238206963

SHA256
2f0e584751fdbef0c6c14044e6132cef4eaa68556d6e732d7e87efbf393fb718

SHA512
aa08c1605283cacfcbdcebc744c358ed7a29d30d992df137da009ceec9deb9a8a0438929b93c046e5b30fef0b63357cd078f47c197c55721db0df065c2577975

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
5cae9316b95535bb031c5b01d402df85

SHA1
34b2c25f3bd5b271b3fb88a339b1af18a262f1ff

SHA256
8db09da9aeef3b0a3bead0c55643e912d4ccd32ac40475c845aa7723986e19d5

SHA512
72c3fc54ae7e61b7a99ee7a4dbb19dc0df2ac7b153bce8d09fdbab0122c9f1c2be27c77dd4ecbeb8c8ee9b1698ef28d5dd4219257b8be433ad316e961024424c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
624KB

MD5
456898a20d0c7c22a085adbb6a597110

SHA1
e88084c77e999e0c4ec5272b3131a36345908484

SHA256
59296ff04017e93f1cfa77c3ccb80ad5a732f88e8390f5cfa65038a0fba2095a

SHA512
f6f72c7c7209d8aadb42f617548912bf4dff5424a9daa2b9aa4828ad3aba49797f3e8e17ee60279cee7c74ec666c68e7b65a1343babaa45cdd175785b847e032

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
624KB

MD5
a589e42cc0335d2adf06a2a3908ddb34

SHA1
85d949801f95de8f2527f913af6f4668c30b365f

SHA256
4505c40d12127427bb2d1291c94033589c82dfd753564aca6dabd6ccf7b6cd1e

SHA512
56299ec2882a2a91fac390adb4d8a163b9a858955b231acc390c4b8eec61b741f97b8cd6ac902de03c893567697cd7951fccc1af4c3307e742db229d276099b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\agdhwm6k.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\Downloads\VC_redist.vG_7TWay.x64.exe.part

Filesize
24.5MB

MD5
223a76cd5ab9e42a5c55731154b85627

SHA1
38b647d37b42378222856972a1e22fbd8cf4b404

SHA256
1821577409c35b2b9505ac833e246376cc68a8262972100444010b57226f0940

SHA512
20e2d7437367cb262ce45184eb4d809249fe654aa450d226e376d4057c00b58ecfd8834a8b5153eb148960ffc845bed1f0943d5ff9a6fc1355b1503138562d8d

Download Submit
C:\Windows\Installer\e5db52c.msi

Filesize
208KB

MD5
09042ba0af85f4873a68326ab0e704af

SHA1
f08c8f9cb63f89a88f5915e6a889b170ce98f515

SHA256
47cceb26dd7b78f0d3d09fddc419290907fe818979884b2192c834034180e83b

SHA512
1c9552a8bf478f9edde8ed67a8f40584a757c66aaf297609b4f577283469287992c1f84ebe15df4df05b0135e4d67c958a912738f4814440f6fd77804a2cfa7d

Download Submit
C:\Windows\Temp\{8CEC3B1F-2309-45F7-BA75-440D490C661E}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{8CEC3B1F-2309-45F7-BA75-440D490C661E}\.be\VC_redist.x64.exe

Filesize
670KB

MD5
3f32f1a9bd60ae065b89c2223676592e

SHA1
9d386d394db87f1ee41252cac863c80f1c8d6b8b

SHA256
270fa05033b8b9455bd0d38924b1f1f3e4d3e32565da263209d1f9698effbc05

SHA512
bddfeab33a03b0f37cff9008815e2900cc96bddaf763007e5f7fdffd80e56719b81341029431bd9d25c8e74123c1d9cda0f2aefafdc4937095d595093db823df

Download Submit
memory/656-1525-0x0000000000690000-0x0000000000707000-memory.dmp

Filesize
476KB

Download
memory/3012-1563-0x0000000000690000-0x0000000000707000-memory.dmp

Filesize
476KB

Download
memory/3904-1562-0x0000000000690000-0x0000000000707000-memory.dmp

Filesize
476KB

Download