wannacry | 2b2ff0f08c60f44ce321573ce0f00a44e336538775735a8f5d6644a12b46124f

Analysis

max time kernel
413s
max time network
395s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09-01-2025 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlayniteInstaller.exe
Size

248KB
MD5

216721738f08fbd3b233e07619950619
SHA1

08c9849bfc78aa4f8f358cbf2301598fdb48620f
SHA256

2b2ff0f08c60f44ce321573ce0f00a44e336538775735a8f5d6644a12b46124f
SHA512

24d6f3e6cd9b823169cdcce8977f03b38a7b9579ff8c65257570de9aeb440cf966fc2c571d9de363d10eead47a49c58bf4d55f9ae2860a0fea76cc84e77426cf
SSDEEP

3072:xNi5RzqbBZCKzSU/8+xFO0AtqtCi2yJir3YgECNWmkCK2yJir3YgECNWmTN8lQx1:7iDzqfoKtO0Atq6Z

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD94C9.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD94D0.tmp	WannaCry.EXE

Executes dropped EXE 30 IoCs

pid	Process
2224	installer.exe
4564	installer.tmp
792	Playnite.DesktopApp.exe
4644	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
5800	CefSharp.BrowserSubprocess.exe
1108	WannaCry.EXE
2964	taskdl.exe
4880	@[email protected]
3652	@[email protected]
1536	taskhsvc.exe
4468	taskdl.exe
5504	taskse.exe
4832	@[email protected]
4292	taskdl.exe
3576	taskse.exe
716	@[email protected]
2192	taskdl.exe
5756	taskse.exe
2560	@[email protected]
1480	taskse.exe
4424	@[email protected]
2748	taskdl.exe
5124	taskse.exe
124	@[email protected]
6028	taskdl.exe
6064	taskse.exe
5320	@[email protected]
2724	taskdl.exe

Loads dropped DLL 64 IoCs

pid	Process
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
792	Playnite.DesktopApp.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3720	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bqvuhzmmkvuc835 = "\"C:\\Users\\Admin\\Downloads\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
123	raw.githubusercontent.com
126	camo.githubusercontent.com
131	raw.githubusercontent.com
270	camo.githubusercontent.com
1	raw.githubusercontent.com
2	raw.githubusercontent.com
24	raw.githubusercontent.com
271	camo.githubusercontent.com
272	camo.githubusercontent.com
123	camo.githubusercontent.com
125	camo.githubusercontent.com
130	raw.githubusercontent.com

Network Service Discovery 1 TTPs 4 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
780	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
5800	CefSharp.BrowserSubprocess.exe
4644	CefSharp.BrowserSubprocess.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\_platform_specific\win_x86\widevinecdm.dll	Playnite.DesktopApp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\LICENSE	Playnite.DesktopApp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\manifest.json	Playnite.DesktopApp.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	Playnite.DesktopApp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\_platform_specific\win_x86\widevinecdm.dll.sig	Playnite.DesktopApp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\_metadata\verified_contents.json	Playnite.DesktopApp.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\manifest.fingerprint	Playnite.DesktopApp.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 42 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Playnite.DesktopApp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	installer.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CefSharp.BrowserSubprocess.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlayniteInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133809347949352385"	chrome.exe

Modifies registry class 27 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite\shell	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\shell\open	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.pthm\OpenWithProgids\Playnite.ext	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite\shell\open\command	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite\shell\open	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.pext\OpenWithProgids\Playnite.ext	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\ = "Playnite extension file"	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\DefaultIcon	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Playnite\\Playnite.DesktopApp.exe\" --installext \"%1\""	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.pthm	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Playnite\\Playnite.DesktopApp.exe\" --uridata \"%1\""	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\shell	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Playnite\\Resources\\playnite_extension.ico\""	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.pext\OpenWithProgids	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.pthm\OpenWithProgids	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite\ = "URL:playnite"	Playnite.DesktopApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite\URL Protocol	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Playnite.ext\shell\open\command	Playnite.DesktopApp.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.pext	Playnite.DesktopApp.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
640	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4564	installer.tmp
4564	installer.tmp
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
780	CefSharp.BrowserSubprocess.exe
780	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
3540	CefSharp.BrowserSubprocess.exe
4720	chrome.exe
4720	chrome.exe
5800	CefSharp.BrowserSubprocess.exe
5800	CefSharp.BrowserSubprocess.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
1536	taskhsvc.exe
1536	taskhsvc.exe
1536	taskhsvc.exe
1536	taskhsvc.exe
1536	taskhsvc.exe
1536	taskhsvc.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4832	@[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3996	PlayniteInstaller.exe
Token: SeDebugPrivilege	792	Playnite.DesktopApp.exe
Token: SeDebugPrivilege	4644	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	780	CefSharp.BrowserSubprocess.exe
Token: SeDebugPrivilege	3540	CefSharp.BrowserSubprocess.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	792	Playnite.DesktopApp.exe
Token: SeCreatePagefilePrivilege	792	Playnite.DesktopApp.exe
Token: SeShutdownPrivilege	4720	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4564	installer.tmp
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
792	Playnite.DesktopApp.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
5264	OpenWith.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
4880	@[email protected]
4880	@[email protected]
3652	@[email protected]
3652	@[email protected]
4832	@[email protected]
4832	@[email protected]
716	@[email protected]
2560	@[email protected]
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4424	@[email protected]
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
4960	firefox.exe
124	@[email protected]
5320	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 2224	3996	PlayniteInstaller.exe	79
PID 3996 wrote to memory of 2224	3996	PlayniteInstaller.exe	79
PID 3996 wrote to memory of 2224	3996	PlayniteInstaller.exe	79
PID 2224 wrote to memory of 4564	2224	installer.exe	80
PID 2224 wrote to memory of 4564	2224	installer.exe	80
PID 2224 wrote to memory of 4564	2224	installer.exe	80
PID 4564 wrote to memory of 792	4564	installer.tmp	82
PID 4564 wrote to memory of 792	4564	installer.tmp	82
PID 4564 wrote to memory of 792	4564	installer.tmp	82
PID 792 wrote to memory of 4644	792	Playnite.DesktopApp.exe	85
PID 792 wrote to memory of 4644	792	Playnite.DesktopApp.exe	85
PID 792 wrote to memory of 4644	792	Playnite.DesktopApp.exe	85
PID 792 wrote to memory of 780	792	Playnite.DesktopApp.exe	86
PID 792 wrote to memory of 780	792	Playnite.DesktopApp.exe	86
PID 792 wrote to memory of 780	792	Playnite.DesktopApp.exe	86
PID 792 wrote to memory of 3540	792	Playnite.DesktopApp.exe	87
PID 792 wrote to memory of 3540	792	Playnite.DesktopApp.exe	87
PID 792 wrote to memory of 3540	792	Playnite.DesktopApp.exe	87
PID 4720 wrote to memory of 276	4720	chrome.exe	92
PID 4720 wrote to memory of 276	4720	chrome.exe	92
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 1156	4720	chrome.exe	93
PID 4720 wrote to memory of 2812	4720	chrome.exe	94
PID 4720 wrote to memory of 2812	4720	chrome.exe	94
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95
PID 4720 wrote to memory of 3976	4720	chrome.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3896	attrib.exe
1828	attrib.exe

C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller\installer.exe" /VERYSILENT /NOCANCEL /DIR="C:\Users\Admin\AppData\Local\Playnite"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\is-KG14S.tmp\installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-KG14S.tmp\installer.tmp" /SL5="$B0104,119543666,420352,C:\Users\Admin\AppData\Local\Temp\PlayniteInstaller\installer.exe" /VERYSILENT /NOCANCEL /DIR="C:\Users\Admin\AppData\Local\Playnite"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4564
  - - C:\Users\Admin\AppData\Local\Playnite\Playnite.DesktopApp.exe
      "C:\Users\Admin\AppData\Local\Playnite\Playnite.DesktopApp.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:792
    - - C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe
        
        C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe --type=crashpad-handler --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Playnite\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Playnite\User Data" --annotation=platform=win32 --annotation=product=Playnite --annotation=version=1.0.0 --initial-client-data=0x85c,0x860,0x864,0x838,0x868,0x61e3cb64,0x61e3cb70,0x61e3cb7c
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0 Playnite/10.34" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Roaming\Playnite\browsercache" --cefsharpexitsub --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2844,i,11992342459708158196,9981808065395311323,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=2836 /prefetch:2 --host-process-id=792
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0 Playnite/10.34" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Roaming\Playnite\browsercache" --cefsharpexitsub --field-trial-handle=3136,i,11992342459708158196,9981808065395311323,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=3168 /prefetch:11 --host-process-id=792
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe
        
        "C:\Users\Admin\AppData\Local\Playnite\CefSharp.BrowserSubprocess.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0 Playnite/10.34" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Roaming\Playnite\browsercache" --cefsharpexitsub --field-trial-handle=1660,i,11992342459708158196,9981808065395311323,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version --mojo-platform-channel-handle=752 /prefetch:14 --host-process-id=792
        5⤵
        Executes dropped EXE
        Network Service Discovery
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:5800

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9dbfcc40,0x7ffe9dbfcc4c,0x7ffe9dbfcc58
  2⤵
  PID:276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1748,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:3
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5352,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5464,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:2
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5452,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3132,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5284,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3412,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3448,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3260,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3140,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3400,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5044,i,4194735003068036703,16509913238202680095,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:5784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5860

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5324

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5368

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
1⤵
PID:1092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd8ef03f-0955-45a8-ae44-5b2acab538e6} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" gpu
    3⤵
    PID:5796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2231bb6-3323-4d9e-a08e-0fd364159ced} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" socket
    3⤵
    - Checks processor information in registry
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3136 -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3124 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9e2121c-fee0-4437-aada-11ef2625bbfc} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:2176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c2cb141-779b-4864-b01b-464600124b17} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4492 -prefMapHandle 4416 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef7c473b-9f8d-46ee-8a11-d26b9c20a891} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" utility
    3⤵
    - Checks processor information in registry
    PID:5620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 3 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4bf59a5-50fb-495a-b94a-e9dcbbd6301e} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:3460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 4 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a86c0f7-ddb8-4626-9025-3d41cb59d103} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {140d47bc-ffee-424c-a9ff-279473caf18b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6252 -childID 6 -isForBrowser -prefsHandle 6236 -prefMapHandle 6244 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5369739-b649-4b74-a917-22baa0cfaf94} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5992 -childID 7 -isForBrowser -prefsHandle 5600 -prefMapHandle 5596 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46d97a88-18d7-44e2-bf89-ac0f8ed96fef} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3484 -childID 8 -isForBrowser -prefsHandle 6620 -prefMapHandle 6600 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51162a2a-b15e-4432-ad67-2f0471f5c5f7} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:5952
- - C:\Users\Admin\Downloads\WannaCry.EXE
    "C:\Users\Admin\Downloads\WannaCry.EXE"
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    PID:1108
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +h .
      4⤵
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:3896
  - - C:\Windows\SysWOW64\icacls.exe
      icacls . /grant Everyone:F /T /C /Q
      4⤵
      Modifies file permissions
      System Location Discovery: System Language Discovery
      PID:3720
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2964
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c 297471736461337.bat
      4⤵
      System Location Discovery: System Language Discovery
      PID:6068
    - - C:\Windows\SysWOW64\cscript.exe
        
        cscript.exe //nologo m.vbs
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +h +s F:\$RECYCLE
      4⤵
      System Location Discovery: System Language Discovery
      Views/modifies file attributes
      PID:1828
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] co
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4880
    - - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
        
        TaskData\Tor\taskhsvc.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1536
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c start /b @[email protected] vs
      4⤵
      System Location Discovery: System Language Discovery
      PID:5380
    - - C:\Users\Admin\Downloads\@[email protected]
        
        @[email protected] vs
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3652
      - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5140
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4468
  - - C:\Users\Admin\Downloads\taskse.exe
      taskse.exe C:\Users\Admin\Downloads\@[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5504
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected]
      4⤵
      Executes dropped EXE
      Sets desktop wallpaper using registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:4832
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bqvuhzmmkvuc835" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:1312
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bqvuhzmmkvuc835" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
        5⤵
        Adds Run key to start application
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:640
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4292
  - - C:\Users\Admin\Downloads\taskse.exe
      taskse.exe C:\Users\Admin\Downloads\@[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3576
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:716
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2192
  - - C:\Users\Admin\Downloads\taskse.exe
      taskse.exe C:\Users\Admin\Downloads\@[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5756
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2560
  - - C:\Users\Admin\Downloads\taskse.exe
      taskse.exe C:\Users\Admin\Downloads\@[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1480
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4424
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2748
  - - C:\Users\Admin\Downloads\taskse.exe
      taskse.exe C:\Users\Admin\Downloads\@[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5124
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:124
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6028
  - - C:\Users\Admin\Downloads\taskse.exe
      taskse.exe C:\Users\Admin\Downloads\@[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6064
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected]
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5320
  - - C:\Users\Admin\Downloads\taskdl.exe
      taskdl.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5160 -childID 9 -isForBrowser -prefsHandle 5724 -prefMapHandle 5912 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f89fc83e-8af2-44a3-94c0-9664083f3f59} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6104 -childID 10 -isForBrowser -prefsHandle 5512 -prefMapHandle 5488 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea45e2c-ef98-45b0-819f-d4bd7cad4f2b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7324 -childID 11 -isForBrowser -prefsHandle 7332 -prefMapHandle 7340 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {294bebb7-2ecf-491b-8ec1-4f7bf39edb20} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:5224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 12 -isForBrowser -prefsHandle 6488 -prefMapHandle 6496 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28ab31c7-5147-4c30-b161-c141bf1eedec} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" tab
    3⤵
    PID:2504

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9dbfcc40,0x7ffe9dbfcc4c,0x7ffe9dbfcc58
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4376,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,3278291794109388134,11934628838930364363,262144 --variations-seed-version=20250109-050117.839000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:5960

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1064
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1856 -parentBuildID 20240401114208 -prefsHandle 1776 -prefMapHandle 1768 -prefsLen 20468 -prefMapSize 242804 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c5116e-b684-4f57-b8d1-fa5f944237ba} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" gpu
    3⤵
    PID:328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2208 -parentBuildID 20240401114208 -prefsHandle 2184 -prefMapHandle 2180 -prefsLen 20468 -prefMapSize 242804 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62050ef1-262e-47f7-a205-d7cd51e1974d} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" socket
    3⤵
    - Checks processor information in registry
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3332 -prefsLen 21807 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6c02251-2155-4e34-807c-c76223ab6882} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:5436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4184 -childID 2 -isForBrowser -prefsHandle 4132 -prefMapHandle 4172 -prefsLen 23097 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d513194e-9b3e-4263-8b63-4a8890ba711f} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4072 -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 4128 -prefsLen 29579 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1361fdc9-253c-4795-8ca2-eb92b19e565a} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:3064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5000 -prefMapHandle 5080 -prefsLen 33393 -prefMapSize 242804 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c22457ab-bb69-449f-bb3f-02056cd891e6} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" utility
    3⤵
    - Checks processor information in registry
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -parentBuildID 20240401114208 -prefsHandle 5304 -prefMapHandle 5320 -prefsLen 33566 -prefMapSize 242804 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4014238-77db-4e84-af7d-0b64ab4a65d9} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" rdd
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 4 -isForBrowser -prefsHandle 5600 -prefMapHandle 5596 -prefsLen 28727 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea2b0100-288f-498c-b989-03e02c75ce90} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5756 -prefMapHandle 3744 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b54d30e-6ce3-418a-90fe-05fb2921824d} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5996 -childID 6 -isForBrowser -prefsHandle 5988 -prefMapHandle 5984 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1684fe22-15cc-432c-99f7-99bc1967c378} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:3400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6108 -childID 7 -isForBrowser -prefsHandle 6116 -prefMapHandle 6112 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9a13775-ffc1-4c4d-ab04-f06c37930d14} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 8 -isForBrowser -prefsHandle 6100 -prefMapHandle 6124 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cb5d524-7a3d-46d0-b49f-bac96de7b6e5} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6396 -childID 9 -isForBrowser -prefsHandle 6496 -prefMapHandle 6500 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49fcd064-94bd-432d-9e45-636ad58b1ed4} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:2176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 10 -isForBrowser -prefsHandle 3812 -prefMapHandle 5924 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27bbd3f0-6c64-4b5c-9de9-810d1e0c0ed4} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 11 -isForBrowser -prefsHandle 5648 -prefMapHandle 5632 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d81d0923-b279-4ffa-9a7f-9ea38476e049} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:4128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6296 -childID 12 -isForBrowser -prefsHandle 5832 -prefMapHandle 6748 -prefsLen 28870 -prefMapSize 242804 -jsInitHandle 1100 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c478c78c-1f27-4086-9925-d479bc4e4490} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
    3⤵
    PID:1300

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1502848f0d7e4ad8a117a776917ecb79 /t 5456 /p 4832
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\14578cf1-df58-4725-945a-2020fcaab532.tmp

Filesize
231KB

MD5
ab5b02b970f54247fa86252e05b84128

SHA1
b593ffaba6d0408a7c2151077cc021d8fb303f53

SHA256
e1a44f2bc53ff809dea6b34d17b3731d7562c485db88e84537cf6182f61b94fa

SHA512
9426d614d0ff28403ae33f4cc49b74fc818355fc0bb9aec4af91a0ed4e38664317d73c802ec246655a3d0630f03bfac03aa1d07286d39b402dcd194d2d5fd0f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5f6469b9ed596a8721824bfccd5b0503

SHA1
acbef7e81e22a1f5d52007fca19d6471ab6809b0

SHA256
9c9b5294bfbb2852d532a87d8f86adac097c2fe773dfc4f9d690e315d8a475f1

SHA512
f69e38bc160f177bcf5f5d7c248690fdc47f50384ea52f5a8a8d5480adf2090359ed5f83237260db0ec854cc88e9c812c32b02a4d450eebc28a0ec326eac096a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
eeeea0e681f4cd334296459849f38239

SHA1
82717a3cf52bdbe7f14685ccac880b59bd719373

SHA256
71d5de4158a18eb5c62ac2901aae8b55c94ad81e98e0ff0f3e0130c94131663c

SHA512
5b5669d991c33ab3c7bdcecba73383433b21c25459eebd79c11312ec6af51aa6c5f32294f4f3776c8b69a9200e7e9a311a738d0586791156f688e11dc5be523f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a3bc38e8f20630bca5a6f6d60f247487

SHA1
99f547a54ed329546e80fdb86b5c51992691dd64

SHA256
52027a652baf82850847537305b746a9c167d627c1e18d83427da824ac285212

SHA512
144a79af6c52a625e89855104b058cbb56f1a51f3f4360503afcea165e3888348bee5e8273e4872ec11ece3feb04315a6bf63dedbf0a5e26a8b6c2fc35fddcbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
14f22014d12da5b847e777e91d1641ae

SHA1
3cd0fbca06e3f6ef64ca61386aedecc5ca927cc0

SHA256
f430abb2a3b4917889ea17e3277ffe154e649893435281646aa0acaf896769ad

SHA512
3842f6cf56b4a4a291b3da5bde881be542bbc6d3f0a62626798710908732b0ec17895e656bc135d002f44457a24c85657e528fdf521b60a094f8218b3626e751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
480e3b0c9ab289ca321b1bd7385e5e24

SHA1
91f8ed5f086bf68741cffd3f3bc855f047a4564f

SHA256
b17a59fa68be3702115f44d1a108bbb2dda7e38680ed690318a3659efccbc117

SHA512
f9e027e26b86ea40f837939e56144fe65a789bd178a8c45a4adcbba54d0fd2c7457f6a17dc58d76c08b1bbb1cbccba92ff4bb2079dc0079de8631cb7d9cd087c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c72917561f3fb943bab73617786193fe

SHA1
4e14fc04fe190165ed7004c5e100fb22b9df269f

SHA256
e994fc478ae41950db862db550882e24353a44974427ebab86cf8240431f8f6c

SHA512
088116a2fd58ba35978a8f7130f2b99cb57b66f434af8e5b453eac2a03450ef2f45f02ebdf2c0ad54e8090ddce9e577e7559c998ba1a1eac4d72d1e8382d4a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3143e83f17e3af3dd22c2cd90a7b407b

SHA1
dfc32d254220d681b93026919841961964856b81

SHA256
62d0c18ca1e256a535e63922771e33b1ae0fe67dbcc68f38145b6845c64657e5

SHA512
efb25efe3604c35c3d84e2fa436a1cc896af1ec1b31ffa729f126e4830969ff85238df7912b0b5d59ca5867c788177fb712217800ebf3c1350cfea559196c856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9aa28ae89ed3eb8c446819a619b1a741

SHA1
2fa1c24ab990490f15dc7963366c19196abb78c4

SHA256
ced112a60f98c2a467407ad9f276bb5726f3d00df7007fbf5020e34989e74041

SHA512
06cba01dc8324a778c0d1be1a586ed5d90bf0133ed6fb2389697087fd0a9a820291f4fd2e8e2e494b77fda119de97e25338bbee00ad7e2a37f9b7736fd158976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
972960108aad22bfd2f549646ceb961f

SHA1
064f616c92ba6ba50bdfa1a6b482b1500dad9faa

SHA256
99be5eca234f6528000f693d13d909291abc74c769e62babd5cea04b6ee1d569

SHA512
74d8ddbbe1df15b93a7b77dea8d9a121ac56c07a76c8eb9e927692e202b7f2eb492ac730d80de9be31a62bee59de0e8af63af5a017e0330c69379127bddec8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
21029864d07c59ead38eeb9a155991b5

SHA1
1451d0407d3de9f1c0ec414a4af43c641e58d7a2

SHA256
251997a7a09791eb38a249d6e04e34808c511b400d43c475cb7965b1006b22e3

SHA512
cafca925384d20450e9512039cc426366f385bd65a45a8f3730022212ffe68ae332424048cc586fdf7c5f970e5272101bfe54f656af3aade769ccfb82c11a240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c68d2a4c32395398bf63be48d7add55e

SHA1
46c3b7cd969653333ed4105f58b568902ad67b57

SHA256
97a8ba843d2627f992fb661c615965e4e68b205f8ca75694e7f3609d83570805

SHA512
b1ec15a5311247c0f152dcb75754a3ba4f0e5f3cf652187e620d4f7effcf856e7b8642f2c34454b93f858f29b0bc79ce824bed81c1f1162fcc8df62e4babd0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b13f3ff353261e15edaa4ab0a1c5b05f

SHA1
c913d6a15f58706a89344f06fac12c44f08987db

SHA256
f3520db31bbaa7f96588e4e1a1e5954e9c41e752c0fbc66ffe0f77babe382f23

SHA512
6e556daff2f87236d5481ab2e9a7e83e5030aa9693a1d93bd2c4580205a751d7fe35cdb20d689e46d1293a19aa4d34843eb03c5b691f79496b4e5f98ab0022be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23e9967e1a6e28def471c173c7212477

SHA1
a8f053c052d733b6e63e0bc92888e751f3ed9cf6

SHA256
8fed70f10589fa07096228a088620f8044137cb6bb2468d59a14c996f40ce543

SHA512
f3382d314ff6049ae070dc1a089b80d794ba575f651a27bfb255dd1196c770ee5678a95be5b6b5c9441da00f1b077df0a47108ffde42fb59795d73ea3c2278cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
790008f8bdfd643ffe8a86e5cfc36497

SHA1
45f85bec8260bdffc4903a33c453253b833d111b

SHA256
8dd2f3d5ba38261033900a67aea8825b01cacc8947b317a15ffbca5e5866991c

SHA512
b4735dd8c55b6baa028a16b2cd39e8730b756b96d1005cf0c5c94eb84b12e19a87c874184af2f877cf70b5c2be4c25d87582171d63448010e947a5d30fc22533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab9d22513bd1fb84267c5c5a0bc2b92e

SHA1
4000f31c33dd8b8c29126926dce34da01028acdc

SHA256
3f79a84cdd67e956a7760eede80153542635497a114f678317ac685280d189c9

SHA512
0958d30504c012d5b91697d3f558014ab63352225e581279c1c1efb78f4ee582c6b1e83c3eb4034055e365225c3ef47cb005b61d7363e13627b1c29d5bbfabf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
894325981675b01a6f5824934c8df16d

SHA1
111c8c259d435cf0ffe5323d17bc2b3838f92dc7

SHA256
873a633591a58105d666cafa4217de97beccb0cf64cab9d228b28410f5d34eca

SHA512
7a7d9455527b85fdc0f6981e010c75e9fd872e1d523ba2571ad58e53724224ac8bad28ff78d78bdca6e8a0cf47c89542f0cb105747b69e7a140d163cc5f8d9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
975a3b3b5051958d0edc897eaf9a9004

SHA1
fe11379e92d1f5de1f2b5500c3fe88d0939645d4

SHA256
1162d422900f76d83880308d7f6b08317ee43b034f98dfd34ba8c06ac090a22a

SHA512
8d9a363dbd07188e43cd0fe268e0224fad8e0d8a711243f335b39ddbd754f9ec11353e1a6e48f9ded1c368671323ce1306a96530448bbcdafaec497b3cba34fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b9ee7c441421bdd95b40b0abb6e8cb00

SHA1
5ae4f8e6cde1f41b71306f14ea6cd7d93f47b7ac

SHA256
7657bff4a4edd58f1a2b7c00d346e00c41a05bcc6356bde3c1dd4d9af09ee453

SHA512
a79dad6f37d4333e64f83fbc9c9201bace52e48107906c12c2174027fd5d6c8dc2df323113dd0f17f0426160f943ed19aa7342a47231638d71961c408cc18098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
efb624645e841c5160829c6c9e6c6e21

SHA1
fa987caa381654f603447a7f49aa4248d7850476

SHA256
82a74abc1e65bc672de408e5ebb7d85cd6fcadb2e7ae039a5e6595c3a83f270e

SHA512
344903b7bb6ca280072fc66dbace93d502d1fa50ed983cf5f664c0ded00f96670b76c16ca5b61d67ecb1259865b740b895fc858fa448b4954cdd4b7771b51eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93d1668e9f7af132edbcc93e28e840c3

SHA1
133a146035b42ae26a817ac720509d5725af5fd2

SHA256
a429a539ca08e5d0dd8517dc71b67defe623f0d9035bbcd259c0dbd2158f481d

SHA512
9a5b74be1e70855d71065903683913a044d0c3d223166456223c1409324894dd40515ca7755f91bd928ecd9325fa859ea3ffdb4b80a95ef39fba4e4be787bbb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
feefbe514f08d860e6023a182afb32f5

SHA1
f6f18377b6f587fe11d9c95e36e475cab958c024

SHA256
4f8c86f50fffae8269fffbc7ca7e73f60b5161a897f1f6283c87a3da71052f10

SHA512
52cf65e09085092e9b7b470c22c3089440a5ced44c19296348092b10d1557a9072f443a3831c5e9f7d66a82a7cebd2c115dec93f2211d7701333cf8052cada6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
70d39729b9d93c58b122b0142c928386

SHA1
ec19d5645f35af80434579259e542c6aa185d63d

SHA256
576e9fbbb211be55fb92d8ef0772d9da17eabbaf80ece9ad868c9465d86125e8

SHA512
c2f78599f9c00e19df94c3d6215afb1a57d017fbf1271d382f1d62b42df7f1d1da4e21fb16bb772993319df08c1a57cb2e56c88bcb7ee5b6466e0d636eb83c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
31547d71c59cf40fcfeb259aaf87c280

SHA1
30816a01316ec3b606da327a664b7d0d81832d3e

SHA256
d208e9cf63cffa6645eb09c6727fe0dd896ed53a43eeeb7a2ef8f263255d46c8

SHA512
fa11bec94b4395ad28bbb469b04b14fc05cd0ae01c33d807e1dd163dbbbbc55727b2ab7fcc802e6c195b157db2a4eb7db05c6c227871304027f998cf2d5147de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4c555c0-e324-4e20-9212-bb17abeb8441.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d34ea3d528678262f5c3a3ffd18349c4

SHA1
1fd258876ea8950edc3e59c015fd5cbd5d483fe3

SHA256
a2fc698638814202e9ea57d3efe98464b74828546c10c850b56fb0929f00abf0

SHA512
0592efb4acdab9ab491b6536f8d47c7f6b36db8a57ba6e1c4fd075f900b6af9214e44029408207e61d94b31fc709740f28acd226c3e598204fae5e37522aa0d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
71634541b04180acd2a9aaf3c76b40a8

SHA1
57d85976f355b073a1ce84bd492e52bd7220d25f

SHA256
e3af8f2967fb91103614da50f505842712aad050797c336637fc946b28b3edb7

SHA512
b9e254fe92a86ee80cdee80f4e884b1d5ad472610acdad3bdbf0782c62725b4bbb6acee9e441577edc9e83d0bd4293ee313bb48f6d3423a577a8bf3a7c88f499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d3777d54-5bb2-44e9-8afe-898f6b725439.tmp

Filesize
119KB

MD5
c275d4d51b55c5e570d8c18d4edcebf5

SHA1
4a7fdc92b5d8d20ce9d043473701ba3c36c54c89

SHA256
dd5d11d2196b86c5b82c800a851c2fb221ab99c7e281ae3499f592ddc3d112ec

SHA512
a2a70f84565815c7d374c2bf4f5a8b6e469d0a3d0735274ce15631d288a4255a82b3b49a2abebcc743acc5721b17a3df4e4c5013993fd374187badb33c8d4eb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
f47142953f53c6544ea11680a534fd70

SHA1
898509afc4a9ba650b8ec1df87ec54197e4a217a

SHA256
3f8e6b50a48eab305e2006c5c30c1982af76a83e0d6655ccda7c909e37286d61

SHA512
5f263a285cac5d3af0dd9c627bfa435066be856c7af90daa5810414073ee2a515cd82baabefe121e3b4f0e985fc885707dda02b35da3fa27c9269276e466f545

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\doomed\13259

Filesize
57KB

MD5
bbb7ce3996e5c86fe08ef42133016919

SHA1
49b4283b8f5ee5ea2291719ea376fc670440df64

SHA256
e9678fdfabc7d1f58d1247842525d20ecd8c0d4cec7238b9e05a0540cae02181

SHA512
9b19de18090064aa47eb9b22e65d37a31c53b0ab23addf6ba7e46426188da45be64227d3ffdd895e50ed94e4f7e48db531a890b27760b125cda381bb4621e067

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\2681DF1C05D8B1BC372A0505C935A59887AC240D

Filesize
44KB

MD5
2d5ce3e58230b3ea8fa615a2a722d67c

SHA1
86a00fb516f8622614d136ba09d37e630fea1ed6

SHA256
ed91b3bfcc29ba0b193b877bd10a2a9bf79518d00b68bc2475d717930c78c30c

SHA512
aca5860865d10db9b2489312af736a474e1c83ed36dbabfcb8c9277fd85b82eca072ee7c52dc6708972b2341106edc2e326dfb88e87c598781d44b4ad6fc47aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\3D7CF4DFAEEC3AA879D34373997914E7E15B5D5B

Filesize
182KB

MD5
e38b38c1dbe0514ccdcc6eab4131a631

SHA1
f419595c26f4825fcaaede25eed9f1ebac024138

SHA256
fcc15c1d37745d7a28c23b9e2f46b8c6ecb3dc4297a92236be4f12459ac3717d

SHA512
9bb1aac37176daddabcf4806e8703a1e3415147c49d33f85b58b1cc08f39f72c6bf0b44c3eab3768d1ae2a64501a8685ea30bf2f413bbbcb9fbc06293bd069ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\40A8F58CFC1A23A6BAE836E45F467F9B93975806

Filesize
41KB

MD5
32252ea6be06500a90495f11230468cf

SHA1
89099b2d111f64a771c858e4708d55b73174e047

SHA256
1c672f0c863f83587a55149503f8c6b79a9378cb7486f9b19ad2811ce4b32cde

SHA512
d35f0bac4a7909381c603a4ce23e3cd64b175adcbe5bfb3bacd563ffe839ca64b73c13b61c0a8ab7c5c70f69904758fbdfbb1772810dfe57c3ab213f262fa19e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\472126B94317DC0AB793146D1C47757D77F7B266

Filesize
45KB

MD5
5348a690a074cedd251b56b360f60928

SHA1
7e08fe14142c071b3295773b30a4350b22762190

SHA256
78d2e5222fe8be18f9ecd9a32f11ed7036c992c7b0f5bcff773450a6a0e63f04

SHA512
6819d8abe6d03ef4dab26d61bca99103bc79e4d7489da28b587e2e539380a1a821ef2d90c9934a35ab6ee13ae5cdbb2e2600033f12f43582c6d2ab23983cdb5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\48A773B8B92BFF039D7CB5A9DA03A6DC953D7D7B

Filesize
106KB

MD5
8eb2a1de3a2857d1a5f8a646f158944a

SHA1
537c4fb14e9c7324b41af3ae1fe9c9ddd73621fb

SHA256
8d3a15164a28b0484043c03cc71f29a1230da322e608e125ca91296943ac8e29

SHA512
28b55a171194cc81ab67a12dc02df10b1510e7c620f2dc1fa17a58356b2d93c6aaf115c9154404615f3f64dedd73ba69ef65c0b271a0ffedc185dec52240b34d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\48F37BBE34373F4D9CFB4443937AD0689E3BB950

Filesize
103KB

MD5
4bbc2ffaf4d55df5d131bcffb37c4924

SHA1
922bbed5a9bc34d2a5fc431a3f2c7fb44f7548b6

SHA256
286bbf974a8a4703ea6e0ac0724bfaca7b29a15411f532eb5153099db4447bc4

SHA512
6b33a77a352776431309266866c98593bb73bb70957a5b0829ca2baa06cddeed026d4172816b780bdd21cb339e82b45666e68898b3238a1f19f06d5f6de344ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\5B5F81C77EA4A0D4425E62E3D6F82E571526EBF3

Filesize
34KB

MD5
3a5e12bd4e598996c6094bedf10f7e8d

SHA1
95bcaf4fea5ad3b1d9f8b79be420166e46e2a61d

SHA256
e92bcabb251c89ed97ad244e2a78f6ddae3b85f5d624b02ef9733ad7c352971e

SHA512
fbc6897e954e8683c0d73669111531859bf13f5642e3550ede06db576b24834aa1b1c57fd7674f66c5de48bc7557d1405a076ed2fe7af0e12ce9b826cfaeb07d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\A9B08356EBD30B2479D50C01DB7627B8CACDA442

Filesize
97KB

MD5
b2c7c81cda1f3cb830fcaa8405f776f8

SHA1
2036566149f7a4c0554afde0322768b0bd5ec571

SHA256
560a8d3795420091fb1d42f7c57a8169e4458bbb4e5203acc9a6b12ed3e84cd9

SHA512
f2c389cbc6738515c9918dd7d0b1d9d3786f620756d999e31605d262aab277be548840c26b622d7be3febd8d977205c4280c6cecd63e407abeb8ab078e03cf81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\D94A678A2549B8A6C46FD1D1E3BF56749C7D416E

Filesize
368KB

MD5
1f7ca99fd68f0c7bfe51012c4dc49d71

SHA1
2b683ddba5367b1b44a322b33d0bd613162ac08d

SHA256
e3601d7460775a9c3961d5ce88646bc0c10ec5f56d383bf3cdd4763931b3c89c

SHA512
2156c0187dc9fd7a3b6749dea18c30205ca92ac900d0c0fb148504fd54b779844d03d52c1e77f5a178e3032d008d5c3ce114cc9fc3c1615de787c729adcea7f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\E992D8936BAF7CA75EB15506FD185B32C1D53239

Filesize
345KB

MD5
3fcea5e50152c19a21d2b21663d0973f

SHA1
37c18c02e00a3c910aaa1d9e487fa21410271643

SHA256
b89d9090808eda6fe4146ddb5ee2ea0f55fa33ce80d43f038899d942fb919318

SHA512
cd190a40a8fd6636b646c57cd2db1d9c17792524243e52ef07b0f9dc993f51695846230eb30d7346d2c818b11e2430b31eeb87ec5843bf44ae07b0e2a691f829

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F37C1195822A75A463BCDB86AD26C84ED9EF9D34

Filesize
88KB

MD5
3a17a95d586c2e1827868de747f3a43a

SHA1
c4ec763ecc7c1ae5dd11671c1bde72c5a716a36a

SHA256
8c4b6e51613c75612a6c26b705558e0c73732a5a9f78edbab8491ea7375a4a9e

SHA512
ad69908fa3ceba5dd224f25ad0f90089083676795a44ab097ac00efed52abd710fa934fbca6e1eda25113e38865fb0be86caf4336237277572d79a5ef4c1ba60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\1d53692d-9e76-4477-b768-ac7201fd18cc.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Playnite\CommandLine.dll

Filesize
212KB

MD5
d788b7dedb2e07ab596569360fcd3154

SHA1
3fee00542701ea636c8a4db60e96856cfe4deb39

SHA256
26af31165dbf6af3864609df7834a06404e6cfbd8905ba202e0a0bb921326d57

SHA512
1e83c8e64a63046d1c0a620c088ccba5e7205539b249dc814b59a0360bd06dadd66d6d1e4b0b494c574d311fca1103011691453d910cf32b6092dd8f492dc8d2

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Common.config

Filesize
570B

MD5
d2f9516d381befece4d9db239fb717f3

SHA1
879d206c0193dea55878ebad5085aafbf6f6efdb

SHA256
9fc4a377ee4b0f1e2068a5615dadb6f4cd0ff82f880c3a306858dc375b13e329

SHA512
7f7fbfae037e55c16fe0d8644ce4f362657def620fa48fd0d07e98d82cd28d4462ecc7b2f961cebf2560ac4078dc76ca41c748b431f9fb2efc7b4b20221bb73a

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Emulation\Database\is-6JDU5.tmp

Filesize
32KB

MD5
26370170fc3dc010eb9618000d65520f

SHA1
889d00da7d64e22c44a1fe17296f2660a591e125

SHA256
0759ce841bf6e85d51f8d9a6208760ca663495222b8fbe114fd86bab9427cbc9

SHA512
befc0505f665e0410ff28847030a06c265f4829c96d3ffba516575ce8b28d742e8d7880370b867be7c05730a732570926138fa116124dfd7535cc0aee11bcfb3

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Emulation\Database\is-EEVU3.tmp

Filesize
28KB

MD5
4050c8408ce8e2e4b1bd98c6d5eb0158

SHA1
9eeb725de818690dc6f1dcd504be4549e2069ddf

SHA256
7253e94e787d194702db00d317c48253ce6a3e909f810c264b3d9c280687c955

SHA512
83cd336e79db2ba74ef8b4807dbef95648b486fc87a0065f69f6178d98c32e0b3133d671cd0815ffd531d578be030b768c50c14359441477495301a6d2c26dd1

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Emulation\Database\is-LPI7J.tmp

Filesize
20KB

MD5
beb8b91ddc4e408448a81ebc825ab6cc

SHA1
bc2111e0808ea529f673e1b1e35a5a253b4bb6cd

SHA256
38882a5370e0eeb99fbe1c80686f3d241ca183752ec2fe705a14fcf97067e463

SHA512
7aed4d99a086ae317f999a6ed75f4e8ff7c85177c7cd288f2513119c4051a0e3a363a70e95f1e6f888fbedee5ed331f3e4e3b8c4fb59af5d5ec90ee4013aa6de

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Emulation\Database\is-QU0K1.tmp

Filesize
40KB

MD5
7c991ed0c432b1d8eb01771e813a3fd5

SHA1
7bd9f3321b96dfde7f74c568f103d65dba41f378

SHA256
4ec11d0acb2e9982319d5c7f5e52cc6d6cbe1cfd007a1d6b8ae7e4b3aaf432f1

SHA512
df8b3019b27b035deda9a8361f1ca81c32ae39dc80817da4748387dc3caa5ec4584b381fe8e4fdacce58321f496073843f8465f0e7fca3cac560e4b35befdbbb

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Emulation\Database\is-R1QBR.tmp

Filesize
36KB

MD5
8c111ba3e5ef2b170522bf38178d4752

SHA1
d6e55af408f93314c4e21e21ad263d135d8793c6

SHA256
ee3a868fedf470876470c847f557092bdd39ef0ef554b9abe64f431e91a55e35

SHA512
b011d8847a2d2dcd8730a1cff2bd329fb3c0060a9bccd35f8551edb6136d3daae423acc3655c149582e6c59ee8d7f97f8d9649a1114f602288a8030a22380777

Download Submit
C:\Users\Admin\AppData\Local\Playnite\NLog.dll

Filesize
855KB

MD5
8f785553ed67485c9d6ff44aa7ddc52e

SHA1
f992cbb9ad7d72ac2872ac5e88297a59ce0c16ff

SHA256
8ddc2b1818ecf77d0e228efaba742625542d98e2bf17fd5f11e6d82bb9f117a2

SHA512
8f524823651362851957716155067bc85d717f102a9ec209dba5e0615cbc5961651d40795703e3f7c9bfe5a935b45ccb62c21743bb74fd5ae6bb872e201c6548

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Newtonsoft.Json.dll

Filesize
638KB

MD5
f33cbe589b769956284868104686cc2d

SHA1
2fb0be100de03680fc4309c9fa5a29e69397a980

SHA256
973fd70ce48e5ac433a101b42871680c51e2feba2aeec3d400dea4115af3a278

SHA512
ffd65f6487bc71c967abcf90a666080c67b8db010d5282d2060c9d87a9828519a14f5d3a6fe76d81e1d3251c2104a2e9e6186af0effd5f331b1342682811ebf4

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Playnite.DesktopApp.exe

Filesize
2.4MB

MD5
8c3bbe522f96965fe61c174d7bcf673a

SHA1
1003146658c187c7e73648aaabd12ea53d43c314

SHA256
198a26e02b298da75d4dcefbadd349972dbbf108e6549d34851f60aa35f10f60

SHA512
182e686d6d3965c0c28b9c22c981f934fc433319d9baeec0a0a8b0439064bb7fdea32b2b9b338a2ff90a7b26162fdc209e487fffb6077db2142bd79e15c8b426

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Playnite.DesktopApp.exe.config

Filesize
646B

MD5
7ab567e9e215fdf61eb584e63343679c

SHA1
40e9f3552da3bfa21d232ee18d6456b840f11092

SHA256
7341c8d240b548643ca09a617d73c96c971261c31c71aff7a170bb89542606b6

SHA512
c01723aeb0ff59e7163a1204b4ad4347a40ac956a92dea7c93ef510c3d12e8bd45d4f5297a2104e5e40c9a4962761894bf601d84d0fa1ee7a28216894fed3242

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Playnite.SDK.dll

Filesize
165KB

MD5
cb5ff501aacbf98ff947ea7f8809a88c

SHA1
918e11a5df0e9b1552238cbcfc9ed5c45d1e9ccb

SHA256
8bd6577f967c3ed84cfcb62ab603c90f067906826b1825fd78c20ae1fc586fdd

SHA512
9d0802411081278224a0aaa0604efaa8451c6d826501aff2ff4e6a39b9dfd8da54d628cababd1a7e99912f69074d94ec088bb6fb7f5f829ee7ff23dbdaaeb748

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Playnite.dll

Filesize
1.7MB

MD5
8814074e8130a0093c14b5fe818ee8ca

SHA1
f5199a3a895f67355be8540235f99f75460c2293

SHA256
e493595eaf7664ab7fa4f0933e961ffd1d236e3bb048e64aa9d29a673111542c

SHA512
3690823e4b40c61fbebaada9888f8dc02886c5eb6dd63bdb02dc19c2fdd165d8d217497404841bf8622939a6d1f5cf013d4f7f390d57fd3e780a2d96cdf07129

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Polly.dll

Filesize
226KB

MD5
4815efda24c3ca65b510092f4fb54c95

SHA1
c36552d28d6e3643fd6273e2fbaef50931b422c4

SHA256
e43d8455469cde0df19577d48c0c5d4f3bee89d2d11191c60b163ab714170972

SHA512
553feccbc14e5e719bab36855d8dc927ec42aae04e5ee1cbc972d3e3d70ee20834bd562cf58b05a47e4d0268660185ce25ba9055c1a190908bf1e8753e4e1cc6

Download Submit
C:\Users\Admin\AppData\Local\Playnite\System.Windows.Interactivity.dll

Filesize
54KB

MD5
580244bc805220253a87196913eb3e5e

SHA1
ce6c4c18cf638f980905b9cb6710ee1fa73bb397

SHA256
93fbc59e4880afc9f136c3ac0976ada7f3faa7cacedce5c824b337cbca9d2ebf

SHA512
2666b594f13ce9df2352d10a3d8836bf447eaf6a08da528b027436bb4affaad9cd5466b4337a3eaf7b41d3021016b53c5448c7a52c037708cae9501db89a73f0

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Common.xaml

Filesize
1KB

MD5
3866df46caef45348f42dd053e9dc166

SHA1
aa8df90b8d60417f960d3a7a924b8cd833f94d8e

SHA256
da5e91fe77d8608fbe5c6dca1e84368f4315b0ff99bf8f18f4626ec26aaa8146

SHA512
468b3e11d014aa2ed4467ba2e4f2f2bb0e8b3c23543a8b7c68d9d20e93dc6050ea1464d9bb378bf96de893c28e2bd3e096ed988ea60aa1cb622f9e78921da933

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Constants.xaml

Filesize
4KB

MD5
8ed8c1169a3328f1716ae46ae76c44af

SHA1
676abd424efb813432069944efa94efd6c77dec9

SHA256
74b9f2b280e580b8bc06ef59e596de068cd529d375166d60de26d8c29f31ac4e

SHA512
32e3b5cec1757a24b81f37d43cea8e8a97d9d945c9d4d7c349cea4b3c12cae4cedd7c2789a8262c71cb52ae91c39f6936af624262fd42934fb5db851e39afe01

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Border.xaml

Filesize
694B

MD5
ca7ad35d9a079b2d85ab3f5525f29d30

SHA1
4966fa545d94717dd390033902b043714f096943

SHA256
548f960d1d534ab66dc27c5e0ed3953158ca5d0b8aa278014c0ec573c32dd253

SHA512
ce1cd8eec2a52fb3ece53e42e74d51f9873658a6da77d37fd8c17ba2c2b166c0b619823bfa252563046c33bef6b0c01286101b994590eb06c2e3926f5b5842c5

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Button.xaml

Filesize
2KB

MD5
962ce01797afbd41649c7203938d5b19

SHA1
7e1f04b2167585d32215b5d41ad0bb949dda41ef

SHA256
d818b123fbfab21e89536c2ccacb3bb7126898ab85183d46b2e19d3e2abeace6

SHA512
53de7ddff8067e5bd1fa6f789517d2df000be8feccd45adb82cdd2d62815ce8a6a70b9ec5caf84f79c4f92713802b65436b82e58f5c57ec13b2b3aec45f00914

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\CheckBox.xaml

Filesize
4KB

MD5
d33eb8d689be58035cddb2db2f09ff32

SHA1
d778bc481411f934cce5ad53faa285d44de6a826

SHA256
4b70f1838523fb0d764c0c36ff294ca970114b0141736d8ae819c0a5196bcf10

SHA512
f53c273b9b4cfd11d2f39c8fd33c7eca7032936af757c077ad8bfc07116fcada187160a82c895a0afa78c2b8ef40eff0e35ce3d62986d398980b63991d37cfe4

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\ComboBox.xaml

Filesize
7KB

MD5
98b77f2dfa074604f0ed3090e1ad1719

SHA1
b34832a1c4e3d03679bd959df68eac8ac5b16145

SHA256
d158220521d791561e5a2323280853df292b2e3012905227e74a107cc3b7669b

SHA512
9c0dd784c846c9447ccdff998f2a0fc567856efa94a20330b2c6e187bf710ab666e9e8dced7aec1c5dbab01509a30f0103c665a9abc2e074ae99669375fb60ce

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\ContextMenu.xaml

Filesize
1KB

MD5
7dba7d56bf32f175760c90f9a5d4af84

SHA1
5e4539364585d49d616f503aecc3d55524387cd4

SHA256
902770bfa3c9824999d6b932e09d71f7c6e16380d70f2e970993cf6ddc2046be

SHA512
5f9c85eec9a3f2b40cc95072e39bc7a3d067bc30075661d82a3df3967fe3be7e6fa44a6a983274d9c8922bb9096c749956154d1f6096c1d4c3ccd2d7283c57f0

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\DatePicker.xaml

Filesize
15KB

MD5
d7077927ba925bb7df666f4fd21605db

SHA1
eff0bd8d708ccb18a3d6cfc969ea4a4b02785636

SHA256
6d34672c849b6bfe8a8e294b3326c672875bf49131c5a76652b324e8ac573666

SHA512
6c8c0bf68ff07426dda9de98c9de2d200cede8a48f4d803607414757e22999562da1aa46fc1cba606fd3e02e61f11592f373220f198d2660aefada162f543b76

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Expander.xaml

Filesize
5KB

MD5
af4731f679955bd4a30cb59de8a66e98

SHA1
2d9bd5dd5a4da50d506db2a6f63e6e941f23c58a

SHA256
cb9afb56a3bb0c7eb2792f58f15eba47f3586f26836abe1c561fd783cd682f0b

SHA512
e959d80aff03d10a377bf8832b2374d1a060f3f1229b9815b6f2d827ce5c0b683410c02415e8e4c05a39639062f0c20ff9e8b6ac1d93b4b7dbc992663aac4ea7

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\GridSplitter.xaml

Filesize
729B

MD5
3e1ec88f490b642dbb9c2b279b7be5b9

SHA1
532cad9d1f5b40fa9b9a545a409408007587978f

SHA256
525b3e4bc2fcde51dd723ce7f3431d99268b1f6c33af8a6a715ed03f8291e9ea

SHA512
7523d0d1a8382e6179e6b228863d4966b8647fe144d680ec5c604227dcff3e947e15b65274b67391713024c7159c69c050ab1818e3c7b220e899df1fb22a82ba

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\GroupBox.xaml

Filesize
2KB

MD5
2fb0aca8c98c55f021572092202857ab

SHA1
24791eb61c2bc1af2e1fe50d2ae493ae4178028a

SHA256
a40d213f2974e9baefcdf7dd68b3489681ff2ff2b5f49833fe469d73333d9aeb

SHA512
aeec0cd714656c93da86a19b0eb77175a214cbce07dba5e139a16f8b0d28b5371731ef4493122c41b5276ba1be852cdfb542d8e7931cbbf32e0d7c3fab58be64

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Hyperlink.xaml

Filesize
1KB

MD5
0511d9c5c5c2bf2c32978e34c63596e7

SHA1
815f40ed509c8c79da832ce5ac13d32ed3e0a290

SHA256
7fe3f52c2a547711bb2613a981a3ec2937b358dbf2c8e42f7c1a1c6cac8a1bec

SHA512
850b8721a6986d4f63bd8ebd6a8f45fe0e262622c4c10dfa54e74519793981e907244b384958bba97d5abb2bcca562de6c23933eae4ed4c8da3d9dcc7b2ed459

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Label.xaml

Filesize
1KB

MD5
574c7eeda1a94e86199b03497418d71e

SHA1
c3e8503132612e4323a21fcdb79a9f5661f9a0d5

SHA256
0877b1efd1929bbfd1ff8674e4756dbbeae0794d8c18ea66c5b9bb5fd720189d

SHA512
281d63fa0f17ecf2c3f4872e940d6388d7d1e29c65edccedaf0a4d4296848b937eccf35fa7f013ffd0b32f6c647cb7cb0af2d1b07abb0e75ca4a5400ff773b51

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\ListBox.xaml

Filesize
5KB

MD5
ced927320f6fd909b05e58ff4ff703d7

SHA1
1dce84d89f10038e2b42e04b54cea9b4d649e759

SHA256
60dcfc4d74f21af8afe139b9bb2efa4fdad8544d955619dd36f4b2f53de566be

SHA512
7d91dbf5425dd825021100ab2140473932b66cc3db4c2665247b3ce3341069c92035ad181ffe74cdbfe54b0a58eb752e9001f568cbb3f1187c93a19266f27e57

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\ListView.xaml

Filesize
10KB

MD5
08e9a6947c116351a03a0a6b556f10cc

SHA1
fed641b3637ceeb9be02df525762e7ade612e6ac

SHA256
0f6fb549f7aaeccbefa19e384d015e44dee788db5ac3e6b07b34674e9a481e8a

SHA512
349fbdb2a1ee15f3d19b810433e5c06ff3aa6e71787d94ecbe6f58e302ee70f7c163e926a14b8ac1def0205db49fdc127c67b37d44b982a6d9ebd6cff0a03812

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Menu.xaml

Filesize
11KB

MD5
ff40a624062dc64c1c24b284815de0b8

SHA1
56b03197c097f9bba0975f9d769d2e905266039f

SHA256
82540dfe1baa46f810792ac4bbcb18d4f0464e89c3b0be20eece01f051f30ae7

SHA512
6898ae6f5daa66a016649e5425c1f1d2d0959b4a5846e5fb6bf8d12165b3189d79d19ce2453c6e2091c9d28292135f5da5f8e5ee10e59c929fda7780153846d5

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\PasswordBox.xaml

Filesize
2KB

MD5
4a02e825e43a41f2b0677105984071a7

SHA1
949bbf9760e7fd15673d6cef789fb051d616f92c

SHA256
7e9551018c42bd02a018dae09d1351ed24708ae8d5f2211595a445c5490bed98

SHA512
9debdc8e65e6e046b58a35f85226d4c94525feacff388977ddb6d4577cfd03273f65bb373a2923730ca10c36ac0ff0da51ec0b1bb103b779ac7685d5fb8e3488

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Popup.xaml

Filesize
765B

MD5
794eac0bd72eb1feea62388230f3a074

SHA1
2e92eaf7e37874ae2f8a16bb90dca4ac9fba7b1f

SHA256
4199a998487a76c182f825a4e8600631e3fc84023874fc0090fcbebe723fce7c

SHA512
835cd6a146ea4d4daf9403a19437d54ba86c8cc359029154558432f9f0f93fe2efa2f9d310c73b6f5489f8af88b58b50228c187f524f011b085bf795a06026c6

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\ProgressBar.xaml

Filesize
4KB

MD5
1d3888de110b634852d98375bf79f785

SHA1
ac2c05673c6998eb1fe78ed9b7eb0e2d2e2ea6f4

SHA256
94b9ad83a6b2fbd8df733daccac0d5fc27ca4588884231b2ba5a62e4255b94c6

SHA512
21855f5707fcb1491bd6f03457edc5daf9963a49f6a1e5c5cf69f222206874d74652cb249299420a407e2741387bada4535721c84d6f21ef1198351d9bfeacad

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\RadioButton.xaml

Filesize
3KB

MD5
7452f357a65dbc91c7325803035fe2fe

SHA1
c9f138f872a7b425a703987a5027c292cca94a52

SHA256
59725e9b7cd27586e6787a1f14f05d953d2b98510af2eb8193b805e00ca2c4fe

SHA512
2f1e76f6471e809fa2d015050b76520579f50f3436e9c6055c35527c23a850f6f92bfdf2db1c95d73050be470afea2aed0279d70c2625abc50b267186e00f09c

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\RepeatButton.xaml

Filesize
2KB

MD5
cd61033c9cdbb7f026545bc6879bb322

SHA1
ced90cc1e8ce0e95935874c06de68ea1cdf76688

SHA256
d9f9c5fabda1283dbc784918088def77b60bae5df7887d7fb6dd00e64948bea5

SHA512
1d5e35e2aca57565f42bd539b22d40001a7219efadfedf856e142646d4e87514840955ee34c28140314c2b45feb3c7cd5fde2c3e3fb8b366090fac1c287a720d

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\RichTextBox.xaml

Filesize
2KB

MD5
dcbb91082efb984cd3b02fc62fc61eaf

SHA1
59fa792b7d0563f66af8786e7068c31f387836aa

SHA256
d95f8ee9b1ed6f88530e4c762aed449be7f7e711507a0ec87a949ef6a62251bb

SHA512
d4411249cd760bf30fd35add2a5d928851691dfc4f4a5b95896a3edfe588f97d7ce8bb623182c8a14904b987fb1cb0aca2f0ef237dd40443aeae267114f7acb7

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\ScrollViewer.xaml

Filesize
6KB

MD5
829288461e0a1cd511414a1b737e3fde

SHA1
265e01a806722c09443ae1da569bc3e39afe6170

SHA256
308f0eef22a56076e70dbe7a4caa02cf22f41ffa77f46a9b4f73e2e6d7d15c90

SHA512
1bfa44531d60f48c70ed089cf3f4b8ff5036ceeb26e4977fa03ded0844782a6766c966bdb60b41ae4724ab5e427bc76bae75a342935b6ff6764db8b5535d37b2

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\Slider.xaml

Filesize
5KB

MD5
862e5cd1f1f5f63266fe9912f8e38ba0

SHA1
459f45461c6a31d22986426dd84c1087a85ec953

SHA256
c7b397b81b07c67e7e88d820a70f798e17ffe7c18dd646d5b0ccfccaa78781ad

SHA512
c6d719ea245264c353024cc66bc03a60c174570fa2ce1cda000270d5d65ade7db9ebda8c6f5cc12f824968aef22e0c02b4d2cc14b10fa551f09d0eb9967e3338

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\TextBlock.xaml

Filesize
1KB

MD5
8f25bb4567f4d722b21af2cff4865202

SHA1
b002569139ae7a7fe51a0db7e77a0fb96536fc30

SHA256
bc27a26d83175d6a5d8265d5357c2857aae72f8064ac75cb5ba5bb21b6c4b08b

SHA512
77c4dc073ff710191e47ee7161d96a5837cf9b5252809bc29a7867449db963c2142340ae194b339c5df7a0d707ca8884f3d8f710c12ca3c8980d77408f777880

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\DefaultControls\TextBox.xaml

Filesize
2KB

MD5
610e4ec82d83db9ca5e6dfe5698a5ee2

SHA1
bb4b8afe09baf7b5b7a42b8d7274d624eb865a8d

SHA256
5282723c6a66258d6576beb34e01af60756758542ed054874ef60b6eadc0a416

SHA512
17c8d3d5968924475b0869f84b2141ca710af18697c58a24d0b54e3e0383795831bf39b98d6588cbb339cdce5f0d4e09cf26f37cf55df3a5bab1f37506a56948

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\applogo.ico

Filesize
296KB

MD5
bdc3eeda5a284e9a2e5122e46f91ff9b

SHA1
5ca13024a55bbc49a100e14da924ffe797ea9718

SHA256
6e4d75e822a22b2ee09545f826fbba5082db0416b149255747c433bb5e3d03e5

SHA512
adb4d8b51daedbd9300f23e833c6035ab723f96d338c04c09a57558d389aac8d8b50955162d0ea8a4e97e701b008794cbcd8173d82581f29c96de13f9b031a26

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\applogo_black.ico

Filesize
21KB

MD5
240b58b01bf6a99395b7f8f1dc26039d

SHA1
edb6922de3f68fe7f55ce3fdc32a62b0922f6819

SHA256
fe2e8e82e2fd93b3e67b2d9bff8e5a12eea339c90560b170dbf4f2fe3aaef59e

SHA512
642b743056bb40468b90ca846fbed7db3b5a6a567745a6fe5fcab864e475f3b3d6d95e63c62d4558f214780aacbaa39ce232e73b51c5a76a7d0819dc662f7230

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\applogo_dark.png

Filesize
9KB

MD5
92140c1cae5b53e329cb2d652fab36f7

SHA1
105630703f7c2e6aa9564eff1d407a2be0fe616e

SHA256
a3e0c8fbeeafb71511f4e46444b5e75d79b15fc2609a91d9e6526b5e6d5631f6

SHA512
d10bd3a3aef657d8311777a998ea77b50488230c7d3e31c8d486dfa036bccac4ea61c67c06be6692817e1372363788819a63858c6308466e8c9d1c007647d7f5

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\applogo_white.ico

Filesize
21KB

MD5
993b743b628c83ff564b82ff960efb11

SHA1
523b42e9afef8275b8a5bfa91714862fb3905284

SHA256
e71249eb636a27418d746c0860b31a21b5cb6608892c5e91312200d3f8210d14

SHA512
94484266bc38b5c6aed5cbffd2d8c2a3bf798d2b4e1c5dab01dce9dd3109b98ca1c90629d5d1781336e84ae0c615bc229ad31d565a6fec81ea9bb856ea432cec

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\csharp.ico

Filesize
16KB

MD5
58dfea36f3ada35e57107a542ae066cd

SHA1
b336369a668d56b77dedab94609acb9305b0c54c

SHA256
dbb2d0987bf4898dceff880c938428450b8d48decef2561448c59e15483cd7a8

SHA512
f73f43a409fe7dfd28db139f2efd7131bcca4f3c94061454ee4fd05517630a4e93ccad47fc526256c6aa71da346e5f2d447102bc040f9e225bb1e901e61fa541

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\custom_cover_background.png

Filesize
74KB

MD5
823670b2db2a3ad0858552e47cb12200

SHA1
9f54f5871c0643893d28b204363939644badc6dd

SHA256
c301478b8c777008134f1ee55298d9a4529a5a4e88276e5cc323abf7ff0499b3

SHA512
d2f934acbd18872dcc9df61a40e2cc9ba12377845e534ac38e3eda4d59df1a581c99f606245fff8ab5a1c7c88b13543dd060e78115c6683757a4635e0ddbddf1

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Images\powershell.ico

Filesize
16KB

MD5
26817097d8753cc76e2f988394136226

SHA1
02672ac260f9f75b6b1a72020b2a25c31b68af4d

SHA256
10a4b92f46a3610d6eaa98850ae631e8badd6d6dacfa89a6b5f31ead7a39a07f

SHA512
0adf02e044c6c212262ed9f56fa68845ce8e48539df88ae861222587ba21b366d0bf51c70bbc29235538d07b343a14101f42a8529538fbeece9d277e8ae96153

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Desktop\Default\Media.xaml

Filesize
5KB

MD5
dee8e6830a10cdc4ae5e81c32494e848

SHA1
94a8c8c8311f6ffdd70efded317d9055ad53e87b

SHA256
a58e417447b5aef01b82b3dbccd65417baef3a78941b31036ac11f3338640976

SHA512
acdb0c7f37897bf9a0017f1f8b304b9e6c2ee6dccf67ee82c59e12534b1d8c3d5a88657efbdc3a9bc66489932853d246373ae35e26974bc7dee8290fa1e41536

Download Submit
C:\Users\Admin\AppData\Local\Playnite\Themes\Fullscreen\Default\Images\is-I8I8P.tmp

Filesize
11KB

MD5
0ef5779089c2f8a42f4de3c87f75b146

SHA1
c5d73dd97e7605f779b7aba2cfdbf4bec1cbc7cb

SHA256
5125a9ce22d78b7e382ed66f5a5a4b848829acbc8b6d919bbc2062ef7037700d

SHA512
ad17e81064516b607ae09f95c3ddc342a496a93aaeec76cfe07573b0328853de04c435b69702f60c3a222f38032030f6bca3d2942dfd4e10d983734740c77293

Download Submit
C:\Users\Admin\AppData\Local\Temp\Playnite\IGDBMetadata_Builtin.pext

Filesize
234KB

MD5
f3a3d90b0b88e6327f252720ccb2d8cd

SHA1
1e2dab98fb8e0624d5b781ac3cb722dc3983b450

SHA256
af35a5f257f0df9a60a9cf0d1dd0497909412757826f7d58981a0ac90e85cf16

SHA512
fc0b6b76ed68a4638e5bb775bde70b4945de2b7c64d554b246355fd8bcac46d923d5ca4e365c94ddf1970d57e075d2d22cfbea862700f31f006ca97255407366

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KG14S.tmp\installer.tmp

Filesize
1.4MB

MD5
349da3b80a256a8433bd2c63f903457e

SHA1
6c1ce010f2a1bbf490a6f6e26bdd0796af76583a

SHA256
a6fc2319e1c47097cd0af695fcd7d48807c8c001bfe83ebe5dfabeca78b28cba

SHA512
e6a2674aa81fa634fb5a5c73db0e6d671c345a42e88abde971bcfa7c43a086b70e9694c191fbc80250809db477c656e91af4ccef5c2442e57bd9d99e3f89a133

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4720_1507276989\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4720_1507276989\bf08b065-9039-488c-bbb0-3dd4cc92cfbe.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\@[email protected]

Filesize
585B

MD5
5e804ecc3ae06710855e23d70272afea

SHA1
73df98739ccac4f36ae0f59d5486ddf962917c8f

SHA256
22e90eb4512ba01b67f1f12b044259cd3a68aeefa2124a95368bb287b74342cf

SHA512
1294abbfb65c146241f570a4f72f3c38bf42a1ea277dbb7d94bed2dc036955d1d5e2f46f7103cb697949bb022dad2fbdd84455cc9caf9c7007823ba810e9a775

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\71274134f7e337d6.customDestinations-ms

Filesize
1KB

MD5
f5992518de416f61b5db43dc26c8a03e

SHA1
23b94f6dac84e86730d2fbc8e0ff8de72e565a57

SHA256
662c39415904e37c34ed77616c75a30b72d6ec157765332338076aad0a428c42

SHA512
9cb618e5374179c8f9a66d0a36468582cbc77f0b875a3eead2e22802ca41687785ba1cb5bef634b6ce8207c4321e941cc816fc1af9e23a0c6b4619cf92e6b2b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
8KB

MD5
e7e29e176f1320319281e97c1687a8d4

SHA1
48d061ac97511283f65dc8cbc20d19abd3cac90c

SHA256
1b2afc9f3e3846c7faebf98e3efe79b718ed39bd29638a1ead1bc62c07854b71

SHA512
5841f37f9f2a4fc0e4803712eda4d4e4c2be712f9dd3cae33d35d79cb9e54fa96def8098d4adf3a5359b7736f5552034267e1ed59f044c06c3c1043af70bf016

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
12KB

MD5
97c1ec70333fb8e8c70b48bce045660b

SHA1
3a5bc0331722ccaf8277c7183053b5e09901bcd3

SHA256
215cc357872b13c35bc2c01457d9852e8173d2df25b3dbd9209bfd7eb913d87f

SHA512
301c9e27006ea4224cd2e07158005352094060ce30a46c674a9ce5746a4307b7d9eaa2ce2d379ec14a49226a11adc73ea6d5a25232484777bf02ca7f9ff5c8fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
21KB

MD5
8dc45cb8b4146e6440c0bf23520cfb6f

SHA1
41c10d38bd507b91a59b9474a28f76ff3523e295

SHA256
66c1447eaeb8a3591438984646530440b8a953b0eceb6f914880bf124f54d0fc

SHA512
ab347fd2a1ec0e103b7523be9c2edab0efc2e5faab7af76e4849f9e43631ef4483d8664f6729f942a7d5c2d37b6cad9e83a62f76ee71cf914399b1488c373f9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
70KB

MD5
2dc1264d3ad660f0bf560b78d8748431

SHA1
07a1c65e7191918de87ae3bd23259d15ff96b3a8

SHA256
6cfe7c9904810e5c5e9f330a9e47644d89373e7cb5f1ef6c8eb0aea4cde9d763

SHA512
a5752d6a02b0c08a9316bee514fbda4a5c4e12db99fe54bf826804f5e0eb8d5a7990dfba7af1fadbf8002abc48c9700c8700ab754d8465449cd8ce03c56e8d48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
70KB

MD5
f3db369cac62794ff31c47d8afe0bffe

SHA1
1b435a1b3b1fda7fc8868b69817de2b6286728c3

SHA256
63c8dc63314336f7aa4f8f2c77e6ea3a4e4d68cf80a59e3aea3627acd24be0b6

SHA512
b7eaaff827568a48522311571a49d53f7e2ddedad2cb5877c0cc7c5ad5733619cbf1190c38e918ddaebc3510c37dfc8f2fdccd5364bf107047388e31b95af5db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
71KB

MD5
89900853f63c8693a96d2f6289477b7e

SHA1
df44fe7920a176f7ccb92ef78e245f9a00ed2e30

SHA256
a62492401487464ffafe1e1e23f824df0eadc12aa5c9c970e2fe180ffb63c36a

SHA512
377ea0a1745a4932b6ee0310b1c0ebf4f6b843adb5a426a50bd47f0950d96f71af088086d13d004333e3e34d4fb1b4b36beedf687f85d87d2e28a2b6f3a40bef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
72101e9f603db2378bba69e949e508e2

SHA1
4141f55bee0a1dc6f49f44e841804407caffe42f

SHA256
cde09e963e2cffff2c7e6794e2e79c57040eec54bbb6a0e38e198b2af0926bf9

SHA512
2743f0071e922e3518b7b704044245134f6b58e2186d67592bce8e5e25473561ba8f659a969acf7c3fcb19d3d8b483168ea30724af3d8acf40207550a24acb4b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
56KB

MD5
b3c8710dc85631864e18239f3f5aad61

SHA1
ce445343a0bfb10d1035525fe69bcb6413ce8bb1

SHA256
5a1bc18fefb080221b38f019296add399144b4ad9f1f65918dc05517780adf21

SHA512
9710472c3f1fa28aeff64bdfe489f06c370d9197264c085f2a70aa70c45cdb04840c764d23af16ea4728ab07372ca73347570d6a3a9af1e61b0fd69fc93c9cfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e5465c6bdd2d16e49b9bf042a66cd7ab

SHA1
d410ed66ca81acb7d25c22b4d7b4d0125fd7db29

SHA256
007fbacf93712d73e5a3c1f35eac1e10845179b6d3aa875e8ec3fe465208d2b9

SHA512
f9601380d5576454a2d4bdc33c9ba3696481070ef0019199bf7718046a4e62a9cf4e5a30ee7dd9b786ac3a72b9631c56c6552a3462f601d09ae5bc59fe612b05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
3ff8f8ecac97febc4811f92e0109841a

SHA1
b2df4a4b56d4c47366df6f80911c5f74636703ad

SHA256
3407994de69877298c431a1561a7c1b453e8f99074aa9633f9eba5e479800137

SHA512
4e3bd56034a966e63465eeb27d4654ea98ad4f4b7ea948c522181a9cff614c6270a64bc7ab938f815d978733090d49aae1b81e5f7e882b368e7d1886b43aaba1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\2788fee7-7346-468b-8221-842ca55f684a

Filesize
982B

MD5
aa39c0eb7d9aac7c4ad01318b4ff54c2

SHA1
b1e373bccb959a261f4201675943da9ddff3d1d9

SHA256
69a1f3a90f131aa8f2ffbdb4829f316b82b667c6713626c356f88f6f425ffc29

SHA512
c33692912c5f5ee55abe09f57adb736b8f9d009123220a52d658504814469700f3ef567f121480701134204073afd425654bee397c0bef2a09a8dd1bf9933a60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\5a00b278-3fb4-4a14-ab75-6dfb9e50b44e

Filesize
26KB

MD5
4378e583001899863c474cce508c81c5

SHA1
c34a40f9552a32ad1aa5b0398417b2d7cdec77ae

SHA256
011e9f8ca5961b987dcca829a5a74d7e6e72066a375d6d425edec4c4da915309

SHA512
4f95e3ab4391efd31ec8fc2b8404132f8efd452965a2917bda44fa0826628f97ccdbbc3e945bd0d7f0e4f8ffe7a2363e4cec232dc99fa1e984ba4510f5b71e3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\a53f4ef4-7337-4bbe-911b-7ab904d6f5ab

Filesize
1KB

MD5
b5aad673fba9603f2e96604e2acc9466

SHA1
118403ff68b6f32dbd275068d9b20ebd0cdefd9d

SHA256
ea69cac3bc8e585e9224440f55c6770b1b7bbd40b8c1fd9607027cb645e57ddb

SHA512
0e7066420bb9b1bc20a9575e30de2f8657bc7d0ef9692eb92ddf5e64f1b608eb8e8d7bdd55365cf3d86e1c7b92ab824123e01da206b093b63ed864f66ac7653a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\deb47432-02c0-48a8-8345-751fff08654e

Filesize
671B

MD5
d6b7fb29623cc134265ba801437ac6ea

SHA1
4c4bd3cc06ef008da240c5090481fc366eaabc7c

SHA256
dbe0ebd4182e8dc8b4c48544c7b65a6d477b98f16dc0a7f133c049b6f381f64f

SHA512
a6b2ed268afab5bb401f21d0d2c829646abff0782a61f346fd487a3c0cf7e125a898326535f70a19dd36ee71e904bd7f189a52466e248f6506857e5222903a03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\e8d8c45a-60bc-4f06-b57f-fe9cfaf7b3f5

Filesize
735B

MD5
95a26aaa92eecc195cc704ecf2c8ec95

SHA1
46e7fd63d2b5150aa38ff7ec65d7562543616cb8

SHA256
f5d3907cf78bb3db0390a021af32ec5de364e2e5dde3bd2729e87df09be6748c

SHA512
49291db219ef63746f2fba90bfa8065e7894ac43b1aefa4f919ffbedba860376b274d9ab685a5b66ddb1b15b5345488926cdd98db0843f1a9a7d578b992bee08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\fe4523de-a9ed-40f1-b3b5-cddb3688ba80

Filesize
3KB

MD5
36565f36fd848e56fb186b48f6436569

SHA1
0e3f44280449b838c93ed4c4a8a689a7191ca97d

SHA256
af4a90c8e5636734e89d76678365a3262b9a42c52331a07f04c702372f4a52a6

SHA512
691347e1216ed95f358e10b6b1d7d7248637bc3994ed4b72c010cbd45a2db42a625d3e1630ff194bce5a49b8cdf5dfa7e6fc3b86bca9c339523bfb51c1713310

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\extensions.json

Filesize
37KB

MD5
45d4c73272fcf5a327d9f66c69d33402

SHA1
80655b8c07bfd9319152815de1d87988d3c0831f

SHA256
c6229717a129c22f11129fcac299a80952b76d0e2954b790a2e1e4357499b09a

SHA512
1d68a597e32f4f0a7bc99bae207f869c2c78c006057447104027004b9c204248789ac2a86cce62a39eb8a3e5e549bbc24b600b71bf0b72171ae54d162f473c62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\key4.db

Filesize
288KB

MD5
f45efb33061dca1302db9a12ba4a469d

SHA1
c08a9d386e0061a869d90fb21d8147869e2409f6

SHA256
df52d3483eae9fb0112297cc10188e01b5fec2b8c08a42ed6399ea42cc3d69b4

SHA512
9faefc96a4f889b6d7c3e5b79712cb69ce11516431d0d63ea50f14c24c63c72382bf2ca964c14526c3ab85894d29579d5d1985e7fa72aab82bdf3644d6e00d61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\places.sqlite

Filesize
5.0MB

MD5
e06e788c8670b104c3ac6b7fee1240d2

SHA1
965a4a42564caead3b3416737a90243bdae482dd

SHA256
3a71dc27c960954847fe1b24c80002e223a2c5d60802f7edf64c9e4fd8e7de73

SHA512
6280fa05bc07f24c69d12c1aae8c899a3b993f8e2d79eec4e070a9f791616cebea6ba995878f8711be37df905ea70cd68e841d2fe80e08e7209880e1fb82f76d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
8KB

MD5
2e72cae43e1807cc601b783dc4e77815

SHA1
87caf86c22cdcfffd8be60d24b58893f7ea85b6a

SHA256
c726fa5fa50ce8846a084a677102ce6af51c8fbff45f03b9efadae5982ed784e

SHA512
da67115a88b416dd102ea77885cf01b957d56f969088e62f8856963828e14258ecf56e84653171a692327f2a2dbe373deea5bb9347b89047dcaa59e74633b1c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
9KB

MD5
c91f461e3d189acfcdebf935a4cf7a85

SHA1
5d7c6d2b99db12ab9dd955df974f2665d395d596

SHA256
67a22ec35c0fbfd783019e13fef1460ff9451bc74054b08096ec5b7907177b0f

SHA512
8910e65891b8222a7bb7a4fed524b0e12fd81cd2916efcab4617963a7e48e669ac97f3529c7173cfcc637817357f776bd9086c7d99b988e5b7e6bb96df215beb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
8KB

MD5
c4c3b0669ad1c62c8c75ff139585794b

SHA1
96425ac985d15fff88ab99778fc818fd8bfa15ac

SHA256
f1561fcc21af25c5a17372002940eeb617899e967d55b4b6e622f34d23b3b0a0

SHA512
288049fc296c7fb1e090c1b696331289c04cf0758439764770aca91db3897f422624c4e66e2a043cd29aff8533933b74883b95e3d34518d721d4f5eb676a19c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
9KB

MD5
a5b80d7b9d9f329fd136489fc14fff0a

SHA1
431786d131e98514e250a4f94f0f0371151011e5

SHA256
aed13a3fb36930aea066d55507df8c959bd047216b489af36e76369fc8ccceea

SHA512
3b71606922fd989e9bc74425097e6f37046ba82a89b630ee3f6073f699ce79e27d35332f9ca1e8152569c4afcb7ef6ebaedd272030a4707edbd65ad841a1ee1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

Filesize
9KB

MD5
3628b153619246dcd51b9410c329fffa

SHA1
ba2c26e59831a12cf65034da81125fca05c9f383

SHA256
c4ba0bfdd3d26d52a4c35a02cfab30a68f70911613e62e995c2e0761b9879df9

SHA512
b735c02ad553f000599b382d178d37ca2249c8ff15cce63a178b9c4af6448eb5f0e66ae828a7e250833c2970db5a39622acd9edbac2e2be5a2b3f2a7581f5432

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

Filesize
1KB

MD5
9907e9c6f42df93cd650182ca67caf82

SHA1
e0c7620eadbc4beea0c6984670ba497c44d45d30

SHA256
bc416db1d06178f5dae273147f9f12996df6d6898250403463f9a5b4ed5df9e2

SHA512
a96de9b7f5ac48f25244fb274c41054ef7625bfd602cb7014bdd8c43d719a70e9de586cc0fa2a3188efca755765233c6a0398f06fb68ded1ce76efc76a0d2b44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

Filesize
9KB

MD5
b67496ca4774a343a6664559590c3685

SHA1
ccf75bec0db50eee76d02111086f7957df90cc23

SHA256
419448c4aa655aa724cb057d9477e4705679e7e54ae27e6a16edd8d3f1ef8610

SHA512
056847a977e52a5146ac56bee82bfaa1ee48571fad70fc9f2172a22a831ba5e66e1171e98b0476858e435afca19ef81785b9215b52a6789452f2db59c3aeb64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
86d5cba160849f36848b34f36507d877

SHA1
49a9819f6e239140798a970969e4db8dea9fc08d

SHA256
c59a5b2a0b5f06adcb3170d632bf45ba6f8991111c8866992f99ebb00d4200fd

SHA512
afbe4342d6726657622475998f1d0fd60c051c2160981ddcd5de03c58f5e311aa07d274bb8078dcfe54540c7afa35939688bbf9a6f86b6eacf7ed0b9e7527d55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
bae3417cbe072b7a2bcfb7f67203f19c

SHA1
60d573bed395f4c1ed31bfd8d746e6c65c0cbf43

SHA256
00edc2481b8a07f2ec457659f71c76b5b0a374cd8d13439b8dba25ca74f3a17c

SHA512
b93316112aed9b7513a33b5eaf861fcb4ed441b8c9d0d86879b090a83270ccf35285e8befc0c09cd48e6766eda5c9760c69f1c7c44344788c9c8a30144457690

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
0d4d12bf0a4cbe4385198a9ce0e08153

SHA1
b77ba99b75c2e5f8af9a0e41db665ef049b32599

SHA256
ae304cb4f63bb7e1496e094120d563d19ec524802b58f51dc2ccd4399b2e4639

SHA512
c8082469c7b4a857aee029cc5b5cd808dfb2f8cdae295fbbdfaeadbe0254c42b5bf141674c90addfd505f780c64faf363d8be6d03fe3b7bf395eeb32a9b47f54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
bc44ea8bf16efca5fef35cca4a461582

SHA1
13bbc8dd89f9ad88c84073bcd9d5f94557ac7637

SHA256
deb393f9670bd3c60057451f2bdf27467fa168f67e4517168045d9681e87dfa0

SHA512
a0919abac6d1e69d76cd224608d40be0f18f525cd0806fd8af69d916209fc437fd22bd61706bcf5ae7a3af05345313ecc373392457013e42acd85f7b8ff599eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\upgrade.jsonlz4-20240401114208

Filesize
9KB

MD5
6ab282d404e1c885808247ddcbadd1c9

SHA1
455ce9e01bbf36205e806321173ff14afd68c0b2

SHA256
4d36f8dd44e7f872af343a545cbd3ecaa9c43f4b09c1787f6126e72dbf37a323

SHA512
9479812071306baa2ea851feb6a5a9d77340776bda5b24fbb80a84dd651f9e12e51db26296e0de7d967e1d0002cd9ced28532b843a47687c0e48b2c2987143cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
5d0a485c6575ffa77a45a9789921f9f0

SHA1
207468b870c413099bb675a3e162346ee2d417bc

SHA256
728b08f74ada44e54c1b8c28beb43047e7f2c34e6abf27484626975807a5a17c

SHA512
fc94ec23d20863fad9ac2e97d919efb4d40bb9a914df7ecaeb063e6284cb008bb5ae1ec37eacc25aa3ea706ef1f00f769632314bfd5ff615b4dc217c3ebbc279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\xulstore.json

Filesize
141B

MD5
7024f51e37c5a76ded1584389944e871

SHA1
0c71c385f2e5a161a786950b52b057fb4f765811

SHA256
27ac09531254471e6a1cb4cdcfb0874dd4cb0b780de99312619b5790f2c2bb3f

SHA512
0933405d483a56d585581215e77cf7bd4901965a037d0b354447cbb402df96b451ec98d82e899cd43bed9e49537b4228a43c82a07dfe451d3823286166049e68

Download Submit
C:\Users\Admin\AppData\Roaming\Playnite\Extensions\IGDBMetadata_Builtin\IGDBMetadata.dll

Filesize
177KB

MD5
d0a3511be651247ec9ce4e6962c1acf8

SHA1
18dba69f58fcf4a0dbaa654bb4b46edaefaf005c

SHA256
18b673f5c815d5c6d3aec804b79a37a60131bb5c39e90f519a4163d10683a24e

SHA512
722f2fb56b5f68dcb82ab786bcfb66653e35877962f2898a3fe40b80333fc25ed9b831992945749f0b13ae8f021b7a942d0b3a29ffc2d4a7a695df5744bcf129

Download Submit
C:\Users\Admin\AppData\Roaming\Playnite\Extensions\IGDBMetadata_Builtin\Localization\hr_HR.xaml

Filesize
253B

MD5
52cde500a53efab8a84c37bb8a981e33

SHA1
3f9fcb61960e52f9f234e1e17b9f2b9608d4e87f

SHA256
ce9952f7897fbe6c407eb4052014738121a3cd149e4dee1f1efcd961a1d988a0

SHA512
ac45d2361065a6a4b19a8a98c4159fcfd689432c9d97fdb5cf5d7402b5bb535a884ed8626b54321e9148d39bdc38ca053b00cacd18ca75a488245c4623fc8cab

Download Submit
C:\Users\Admin\AppData\Roaming\Playnite\Extensions\IGDBMetadata_Builtin\extension.yaml

Filesize
170B

MD5
b8b09f50b8b43eafd7ab0e1bb8226096

SHA1
9de48b504538ed94cec9cf666ca41578193926e5

SHA256
08bf1e03030fff4237905956ca5b60c23466c0623f32664b84c3eb63418c6a01

SHA512
10759a5617bd925b33d349bc2f614103dda12e949788548baa2f421138d7fcef2bb9e55c96bcd3d790cc6af85417dfeaea15feb29456fdd01f29cfd12a7f6b35

Download Submit
C:\Users\Admin\AppData\Roaming\Playnite\browsercache\LocalPrefs.json

Filesize
615B

MD5
9b39af3932155c42ff1e087c6fb49693

SHA1
ee83aee92bf9a67c65154d9f3e89a47fca9ebf01

SHA256
5d28f091d8b3088638f2a5aa5418612b10ce8f72008fd1e4c2f5ba6ce1e09523

SHA512
a25b120d7e6091951d5232dcb5d32cffffa5601f2f40a517ddfeb9c494f5837be07771a8d132a5608179459035a14c7fb000955f43906872a69817f7334be97d

Download Submit
C:\Users\Admin\AppData\Roaming\Playnite\browsercache\LocalPrefs.json

Filesize
727B

MD5
557efa905012eb37dc6f826dee3fce77

SHA1
2f32ec199066af65b0a33f32828edd67e03296e3

SHA256
846b21eb67fcb172119926d04784dbbcb88b2ed02f9fdc4cda932afe4ce52341

SHA512
c8c9fe78e1d58543ae2ac40bea9fa3505bf2c8784b6232b6a49bcf8901dd1dfa6c3e6d04dba7cbd9223cec47cc4af3b8f016a8512c9fe5f05ec1b394474f0c0e

Download Submit
C:\Users\Admin\AppData\Roaming\Playnite\browsercache\LocalPrefs.json~RFe591841.TMP

Filesize
434B

MD5
f42715ef1029eecc99fc06acfea39759

SHA1
9dfa6d3e6ab7e5ea50b149e18aabd77be69e5ab3

SHA256
52059b22e25d5347e6f1cd96770821450b031a60041045d7af8b82270e51249b

SHA512
53ae7ee4828523802d7cb5ecd2d05d0f5572321cdc30e8b15ee6d023cf61c246fcefb3c2b31d9c481a5afaa99a0dd9b29fbc6d03924fd02dba433a5d6df15063

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-certs.tmp

Filesize
18KB

MD5
7ad9cfb86e9cf5a7af35323f0684c02f

SHA1
68be3a13d0be3a0a47e1a54242022764cabfa069

SHA256
c47c162b615f923f1cd464a3744a0a54eda5fc4d60bdb4f53f4b8cc304dd5d52

SHA512
ca1cec1fc6153a0ab6ae74af2f7f730404d501828b6400e742d67ef3cac71d93f3c19627b140becc7d7ebc6a3f94c118d84fe2c9be4901694bb7c650e1d1fc0b

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
21.3MB

MD5
983e1c3d0901a4b63d2eef653e2e91b8

SHA1
4e3e652af9253d3fc0e82aac263074e238659adc

SHA256
6a4a3522a4ab5b53fc97d7c69b033bf9c4d7b448522b67d3cdc1931367f2c51c

SHA512
fb1294dad2a45b7e8d76ba028b69d689a23e67b0a69c6321edee118edb7c04e7be05146152dcdbb5b93da7e5b19ba4c1d4af3f9827398cef7dd141825c775d68

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\LICENSE

Filesize
473B

MD5
f6719687bed7403612eaed0b191eb4a9

SHA1
dd03919750e45507743bd089a659e8efcefa7af1

SHA256
afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59

SHA512
dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping792_1937880248\manifest.json

Filesize
984B

MD5
3bc960cfeaf829a56df1c4cf358d4de0

SHA1
0a04642aba38d4505194e13fbbc7d07d62aa9dd7

SHA256
5a0ad282948bb4ffc4d9f999b1be91416396240876c2292abb4004cd44eed1ce

SHA512
3cc8265ffc0176b8e11b7b207640af74081c852007aa0befef465429cd1befb9b9ea3b53d15d4d24a4b061b50216bdf63af7dcc471daf2056fbc9ded02aec61a

Download Submit
memory/792-1345-0x000000000CCD0000-0x000000000CCD8000-memory.dmp

Filesize
32KB

Download
memory/792-1244-0x00000000065F0000-0x000000000662E000-memory.dmp

Filesize
248KB

Download
memory/792-1491-0x000000000F7C0000-0x000000000F814000-memory.dmp

Filesize
336KB

Download
memory/792-1494-0x000000000F870000-0x000000000F878000-memory.dmp

Filesize
32KB

Download
memory/792-1309-0x0000000009260000-0x00000000092AA000-memory.dmp

Filesize
296KB

Download
memory/792-1495-0x000000000F930000-0x000000000F942000-memory.dmp

Filesize
72KB

Download
memory/792-1509-0x0000000011070000-0x0000000011082000-memory.dmp

Filesize
72KB

Download
memory/792-1368-0x0000000010050000-0x0000000010076000-memory.dmp

Filesize
152KB

Download
memory/792-1215-0x00000000008F0000-0x0000000000B54000-memory.dmp

Filesize
2.4MB

Download
memory/792-1220-0x00000000055F0000-0x00000000057AE000-memory.dmp

Filesize
1.7MB

Download
memory/792-1475-0x0000000010410000-0x0000000010442000-memory.dmp

Filesize
200KB

Download
memory/792-1515-0x0000000005CE0000-0x0000000005CEC000-memory.dmp

Filesize
48KB

Download
memory/792-1306-0x0000000008AD0000-0x0000000008B0E000-memory.dmp

Filesize
248KB

Download
memory/792-1250-0x0000000006760000-0x0000000006772000-memory.dmp

Filesize
72KB

Download
memory/792-1251-0x0000000006890000-0x00000000068CC000-memory.dmp

Filesize
240KB

Download
memory/792-1248-0x00000000067A0000-0x0000000006846000-memory.dmp

Filesize
664KB

Download
memory/792-1240-0x0000000006650000-0x00000000066E2000-memory.dmp

Filesize
584KB

Download
memory/792-1249-0x00000000076E0000-0x0000000007C86000-memory.dmp

Filesize
5.6MB

Download
memory/792-1307-0x0000000008A90000-0x0000000008AB4000-memory.dmp

Filesize
144KB

Download
memory/792-1489-0x0000000010650000-0x0000000010678000-memory.dmp

Filesize
160KB

Download
memory/792-1252-0x00000000068D0000-0x000000000691C000-memory.dmp

Filesize
304KB

Download
memory/792-1261-0x0000000007ED0000-0x0000000007EF2000-memory.dmp

Filesize
136KB

Download
memory/792-1238-0x0000000006B10000-0x0000000007128000-memory.dmp

Filesize
6.1MB

Download
memory/792-1316-0x000000000C680000-0x000000000C6DE000-memory.dmp

Filesize
376KB

Download
memory/792-1237-0x0000000006190000-0x00000000064E7000-memory.dmp

Filesize
3.3MB

Download
memory/792-1236-0x00000000060B0000-0x000000000618C000-memory.dmp

Filesize
880KB

Download
memory/792-1308-0x0000000009300000-0x00000000093EC000-memory.dmp

Filesize
944KB

Download
memory/792-1343-0x000000000CBE0000-0x000000000CC14000-memory.dmp

Filesize
208KB

Download
memory/792-1310-0x00000000093F0000-0x000000000954C000-memory.dmp

Filesize
1.4MB

Download
memory/792-1222-0x0000000002D70000-0x0000000002D78000-memory.dmp

Filesize
32KB

Download
memory/792-1226-0x00000000059F0000-0x0000000005A2C000-memory.dmp

Filesize
240KB

Download
memory/792-1270-0x0000000008070000-0x0000000008080000-memory.dmp

Filesize
64KB

Download
memory/792-1304-0x0000000008A60000-0x0000000008A82000-memory.dmp

Filesize
136KB

Download
memory/792-1356-0x0000000010A50000-0x0000000010F7C000-memory.dmp

Filesize
5.2MB

Download
memory/792-1365-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/792-1363-0x000000000F960000-0x000000000F96A000-memory.dmp

Filesize
40KB

Download
memory/792-1367-0x0000000010460000-0x00000000104EA000-memory.dmp

Filesize
552KB

Download
memory/792-1230-0x0000000005A30000-0x0000000005A5C000-memory.dmp

Filesize
176KB

Download
memory/792-1253-0x0000000007130000-0x000000000723A000-memory.dmp

Filesize
1.0MB

Download
memory/792-1369-0x0000000010020000-0x0000000010028000-memory.dmp

Filesize
32KB

Download
memory/792-1256-0x0000000007500000-0x0000000007566000-memory.dmp

Filesize
408KB

Download
memory/1108-3247-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/1536-5276-0x000000005DB90000-0x000000005DC12000-memory.dmp

Filesize
520KB

Download
memory/1536-5499-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5274-0x000000005DF10000-0x000000005DF92000-memory.dmp

Filesize
520KB

Download
memory/1536-5568-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5565-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5557-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5560-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5527-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5524-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5520-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5517-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5275-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5502-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5277-0x000000005DC40000-0x000000005DC62000-memory.dmp

Filesize
136KB

Download
memory/1536-5389-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5289-0x000000005DF10000-0x000000005DF92000-memory.dmp

Filesize
520KB

Download
memory/1536-5290-0x000000005DE90000-0x000000005DF07000-memory.dmp

Filesize
476KB

Download
memory/1536-5288-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5292-0x000000005DC40000-0x000000005DC62000-memory.dmp

Filesize
136KB

Download
memory/1536-5293-0x000000005DC20000-0x000000005DC3C000-memory.dmp

Filesize
112KB

Download
memory/1536-5278-0x0000000000B60000-0x0000000000E5E000-memory.dmp

Filesize
3.0MB

Download
memory/1536-5291-0x000000005DC70000-0x000000005DE8C000-memory.dmp

Filesize
2.1MB

Download
memory/1536-5294-0x000000005DB90000-0x000000005DC12000-memory.dmp

Filesize
520KB

Download
memory/2224-24-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2224-1213-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2224-23-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2224-1214-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/3996-10-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-1231-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-4-0x0000000007B90000-0x0000000007B98000-memory.dmp

Filesize
32KB

Download
memory/3996-3-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-2-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-1-0x00000000006B0000-0x00000000006F0000-memory.dmp

Filesize
256KB

Download
memory/3996-6-0x0000000007B80000-0x0000000007B8E000-memory.dmp

Filesize
56KB

Download
memory/3996-7-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-8-0x0000000074AEE000-0x0000000074AEF000-memory.dmp

Filesize
4KB

Download
memory/3996-0-0x0000000074AEE000-0x0000000074AEF000-memory.dmp

Filesize
4KB

Download
memory/3996-9-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-11-0x0000000074AE0000-0x0000000075291000-memory.dmp

Filesize
7.7MB

Download
memory/3996-5-0x0000000008570000-0x00000000085A8000-memory.dmp

Filesize
224KB

Download
memory/4564-29-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4564-1212-0x0000000000400000-0x0000000000577000-memory.dmp

Filesize
1.5MB

Download
memory/4644-1313-0x00000000055E0000-0x00000000056CB000-memory.dmp

Filesize
940KB

Download
memory/4644-1312-0x0000000000CA0000-0x0000000000CA8000-memory.dmp

Filesize
32KB

Download