xworm | 35dc677cc4ded7c3ef15ed4130c13c23c62055f78161c2d93318113c2fd0de66

Analysis

max time kernel
350s
max time network
359s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
01/03/2025, 16:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CrackLauncherPass1234.exe
Size

73KB
MD5

fa0d41dc7ca9c40b5bd4ddc84ddcab86
SHA1

86e94ea9ecbcf30f187e68fb8c5afd6ee2891ba9
SHA256

35dc677cc4ded7c3ef15ed4130c13c23c62055f78161c2d93318113c2fd0de66
SHA512

6e4dbfd1edb207bb017da41864811d793f23bb032e0838b24cafaac41f51806333e67b6f69a18d12bc8ca08c6b533d56f9d287c464b445ead92e8bd49e7e5d13
SSDEEP

1536:UrNNEWzOq8we2zoBdJBrsTebq+AiNcgk6UfV4OiUhzQ6QBV7dAM:XWzOlgOfJZbqGKfV4OPhzQ6Qv7GM

Score

10^/10

xworm execution persistence rat trojan

Malware Config

Extracted

Family

xworm

AbobusTsb-31029.portmap.host:31029

Attributes

Install_directory
%AppData%
install_file
svchost.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral1/memory/780-1-0x0000000000D00000-0x0000000000D18000-memory.dmp	family_xworm
behavioral1/files/0x002100000002ae55-380.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4444	powershell.exe
2388	powershell.exe
4936	powershell.exe
4372	powershell.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk	CrackLauncherPass1234.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk	CrackLauncherPass1234.exe

Executes dropped EXE 6 IoCs

pid	Process
5900	svchost.exe
5736	svchost.exe
5808	svchost.exe
5044	svchost.exe
5424	svchost.exe
940	svchost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000\Software\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe"	CrackLauncherPass1234.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings\MuiCache	Video.UI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1298619118-249045975-4264763259-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1816	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4372	powershell.exe
4372	powershell.exe
4444	powershell.exe
4444	powershell.exe
2388	powershell.exe
2388	powershell.exe
4936	powershell.exe
4936	powershell.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe
780	CrackLauncherPass1234.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
780	CrackLauncherPass1234.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	780	CrackLauncherPass1234.exe
Token: SeDebugPrivilege	4372	powershell.exe
Token: SeDebugPrivilege	4444	powershell.exe
Token: SeDebugPrivilege	2388	powershell.exe
Token: SeDebugPrivilege	4936	powershell.exe
Token: SeDebugPrivilege	780	CrackLauncherPass1234.exe
Token: SeManageVolumePrivilege	956	Video.UI.exe
Token: SeDebugPrivilege	1380	firefox.exe
Token: SeDebugPrivilege	1380	firefox.exe
Token: SeDebugPrivilege	5900	svchost.exe
Token: SeDebugPrivilege	5832	firefox.exe
Token: SeDebugPrivilege	5832	firefox.exe
Token: SeDebugPrivilege	5736	svchost.exe
Token: SeTcbPrivilege	3708	svchost.exe
Token: SeRestorePrivilege	3708	svchost.exe
Token: SeDebugPrivilege	6120	powershell.exe
Token: SeDebugPrivilege	5808	svchost.exe
Token: SeDebugPrivilege	5832	firefox.exe
Token: SeDebugPrivilege	5832	firefox.exe
Token: SeDebugPrivilege	5832	firefox.exe
Token: SeDebugPrivilege	5044	svchost.exe
Token: SeDebugPrivilege	5424	svchost.exe
Token: SeDebugPrivilege	5832	firefox.exe
Token: SeDebugPrivilege	940	svchost.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3076	svchost.exe
3076	svchost.exe
3076	svchost.exe
3076	svchost.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
1380	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5832	firefox.exe
5764	WindowsTerminal.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
780	CrackLauncherPass1234.exe
956	Video.UI.exe
1380	firefox.exe
4396	Calculator.exe
5832	firefox.exe
5764	WindowsTerminal.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 4372	780	CrackLauncherPass1234.exe	82
PID 780 wrote to memory of 4372	780	CrackLauncherPass1234.exe	82
PID 780 wrote to memory of 4444	780	CrackLauncherPass1234.exe	84
PID 780 wrote to memory of 4444	780	CrackLauncherPass1234.exe	84
PID 780 wrote to memory of 2388	780	CrackLauncherPass1234.exe	86
PID 780 wrote to memory of 2388	780	CrackLauncherPass1234.exe	86
PID 780 wrote to memory of 4936	780	CrackLauncherPass1234.exe	88
PID 780 wrote to memory of 4936	780	CrackLauncherPass1234.exe	88
PID 780 wrote to memory of 1816	780	CrackLauncherPass1234.exe	90
PID 780 wrote to memory of 1816	780	CrackLauncherPass1234.exe	90
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 2336 wrote to memory of 1380	2336	firefox.exe	107
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108
PID 1380 wrote to memory of 1648	1380	firefox.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\CrackLauncherPass1234.exe
"C:\Users\Admin\AppData\Local\Temp\CrackLauncherPass1234.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\CrackLauncherPass1234.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4372
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'CrackLauncherPass1234.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4444
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\svchost.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2388
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'svchost.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4936
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1816

C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe
"C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:956

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
- Suspicious use of FindShellTrayWindow
PID:3076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\SwitchOut.cmd" "
1⤵
PID:3184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 27689 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64e4e248-3df0-421d-8749-a05c024bac59} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" gpu
    3⤵
    PID:1648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 27567 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d866941-dd99-4f4d-bbdb-ac14a88661d7} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" socket
    3⤵
    - Checks processor information in registry
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3184 -prefMapHandle 3032 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {179d9668-063d-42ea-82f5-058e400b7aa4} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" tab
    3⤵
    PID:4412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4020 -childID 2 -isForBrowser -prefsHandle 4012 -prefMapHandle 3864 -prefsLen 32941 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af3821d2-6a97-444b-b333-2d1d226d7fae} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" tab
    3⤵
    PID:3296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4948 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4932 -prefsLen 32941 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {280d7b53-ec95-4cfb-9684-2274643b0969} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" utility
    3⤵
    - Checks processor information in registry
    PID:5336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 4856 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e27f37e-f856-4c59-9b11-8ae676352bfe} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" tab
    3⤵
    PID:6112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5616 -prefMapHandle 5456 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0126c1a-3c15-41ef-b431-ed43bde9b10b} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" tab
    3⤵
    PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5712 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41c87c7c-a24a-4fb9-a0da-208aa35448d3} 1380 "\\.\pipe\gecko-crash-server-pipe.1380" tab
    3⤵
    PID:3848

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5900

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5496

C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe
"C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Calculator.exe" -ServerName:App.AppXsm3pg4n7er43kdh1qp4e79f1j7am68r8.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5816
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 27273 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab4f88f7-4cee-44d1-b8d8-e534b620d1dd} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" gpu
    3⤵
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 27309 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c495f9f-771f-4c13-9fec-2ec7d5bed35d} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" socket
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3232 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3216 -prefsLen 27450 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6ec5e0c-666c-4116-bb5b-0d8793448bbc} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" tab
    3⤵
    PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1644 -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3624 -prefsLen 32683 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82419811-69eb-4843-988d-fa38a4305c2a} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4528 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4512 -prefMapHandle 4252 -prefsLen 32737 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25eaf5d2-6fd6-4d6a-a735-094bd3921800} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" utility
    3⤵
    - Checks processor information in registry
    PID:4788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5080 -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 4984 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff5a679-6a5a-464c-aa39-6ac75b7d3b03} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" tab
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5100 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57db9f31-5592-4771-bc5d-210569aefe1c} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" tab
    3⤵
    PID:3796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5432 -prefsLen 27044 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4252ff2-7076-4feb-a2e6-f78a43d95753} 5832 "\\.\pipe\gecko-crash-server-pipe.5832" tab
    3⤵
    PID:960

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3708
- C:\Windows\system32\dashost.exe
  dashost.exe {44be888e-b1a9-41ff-8d30980d1c0c1f0b}
  2⤵
  PID:4396

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
"C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.WindowsTerminal_8wekyb3d8bbwe\wt.exe" -d "C:\Users\Admin\Desktop\."
1⤵
PID:5636
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
  wt.exe -d "C:\Users\Admin\Desktop\."
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:5764
- - C:\Windows\system32\wsl.exe
    C:\Windows\system32\wsl.exe --list
    3⤵
    PID:5488
- - C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
    "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa08 --server 0xa04
    3⤵
    PID:5728
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6120

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5808

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5044

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5424

C:\Users\Admin\AppData\Roaming\svchost.exe
C:\Users\Admin\AppData\Roaming\svchost.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
437395ef86850fbff98c12dff89eb621

SHA1
9cec41e230fa9839de1e5c42b7dbc8b31df0d69c

SHA256
9c39f3e1ee674a289926fddddfc5549740c488686ec6513f53848a225c192ba6

SHA512
bc669893f5c97e80a62fc3d15383ed7c62ffc86bc986401735903019bb96a5f13e4d0f6356baa2021267503a4eb62681e58e28fcff435350e83aa425fa76cd64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\svchost.exe.log

Filesize
654B

MD5
2cbbb74b7da1f720b48ed31085cbd5b8

SHA1
79caa9a3ea8abe1b9c4326c3633da64a5f724964

SHA256
e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

SHA512
ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
0c07692919bae44a6c52439fed073338

SHA1
e32771a60f0bc601eb817bd812155477199aaea7

SHA256
f810e63ccdc0cbb4f587323d6c83baf9252ed2a71ee5951dd646a51069000405

SHA512
01394439fab8cd7063387ef427d756a3844fc9f28d3577e0099990f65ffee1a9d5235ec5ab051841832d3ffb04db811561baede6c3b37178c09fa7257e500733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
051a74485331f9d9f5014e58ec71566c

SHA1
4ed0256a84f2e95609a0b4d5c249bca624db8fe4

SHA256
3f67e4ba795fd89d33e9a1fe7547e297a82ae50b8f25eedc2b33a27866b28888

SHA512
1f15fd8ca727b198495ef826002c1cbcc63e98eecb2e92abff48354ae668e6c3aaf9bd3005664967ae75637bacee7e730ce36142483d08ae6a068d9ae3e0e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
cef328ddb1ee8916e7a658919323edd8

SHA1
a676234d426917535e174f85eabe4ef8b88256a5

SHA256
a1b5b7ada8ebc910f20f91ada3991d3321104e9da598c958b1edac9f9aca0e90

SHA512
747400c20ca5b5fd1b54bc24e75e6a78f15af61df263be932d2ee7b2f34731c2de8ce03b2706954fb098c1ac36f0b761cf37e418738fa91f2a8ea78572f545cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
56f15c2beb06a38a6bcf9145727181ce

SHA1
2600760b6c867f0d1a3bc39e6aa12cf3cd79e52a

SHA256
292623f16a1cc7f0aaab3e52ac35ba6e0a0d5a032d45f2deb24ed9d1a0c684af

SHA512
f82a37be17edc1ed0020f5114a4d0024f772fdc325290ada56c4a5c4a7c3f527e35af2f7d4c309f82218d96cd25550aa3a4600daead04c5d20e355c1500dbe66

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\0125D6AE5E583641B7B79DD6EE476B0ED7E36FFC

Filesize
11KB

MD5
45a64fb012e4527b23f42c07564587c8

SHA1
630f20cbb3625bbf61fe1964ec31b8eb4f2cb794

SHA256
17f9352d6b5753eee763fe3bfdc251d8e74a862cfa8f34697c8414494d73ed9d

SHA512
d81dcd66d6c0518d2e4cbc2ce9a6d6c5eff61232542454369e799e4367de5b26e6e6cbdf8caaadb83d606d867843a3be11c99b81378437eb74931223a57ae0a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\094A5FA25D56295058D77CC5F86E2D4A73ACC96F

Filesize
11KB

MD5
e39aa1c7923963411cfdaffaa6b9991d

SHA1
d27c14611dcfe3f26120f6bf7f0457ae9ee217f2

SHA256
6de42ad8def0ef89ea4dd5b803e096f001c7e8442a17e02871244cab23e970ff

SHA512
15c6178f912e88f3d4d65c602abf4b8d00ef75daeae9952732c3c15bce94bf39e2fd94b6bccd8fac81d2771ad28ab302ce452904a76171335b65e9ca9d24d31a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\109D080055C1548CE320A422FD98DA1D5E1A5BC8

Filesize
9KB

MD5
0a99587d1063f41df9a3b650b7e307ad

SHA1
adc62ebb69884b8bfea4b281ec6fbe35c4af7685

SHA256
75dc392d69950ebd5e27394dd3e7153c04bbf00bc318597ea0c20524d75fb698

SHA512
7c4c1f4b0004933fb39e0f564b8c35ec9c8faf542ddd13cda88c79f07a027b3862d9bffbc6dab07a2d71d249b785aa630813167b20bdb4c993f7c3b40cdb4d90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\20A676F4AAD2CBD987632DE3345A1CC98C7DBA1F

Filesize
28KB

MD5
e0038bc919c989ee33df5b26a754de18

SHA1
51a65ad002ddf10f1b118118335c110407e73bff

SHA256
9e8946a95cdfb544999664ffc84aa86d3a0319fb1392f81b07b004363af7a111

SHA512
8d1952e3a0cc29996166e3eef30dd15ae9eda977e78e1a60f6c0d50307cb46e5438617eb07e4d1fc900a04cdc575ac2b165be11ca91995aeb587b99b9e1910c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\22F59957B7E08CD6CCFED6AF2A1DF26FE157DF40

Filesize
103KB

MD5
e2eea9bf757cdd180b1c7c4babec87fa

SHA1
83c5e2f81eae75fc399c378cff0cbbbc7a54d4d1

SHA256
88eab48e98af5004618f4c820c48900e63a9333215a87a40ef80a862deb8387d

SHA512
4a8c324d97472910c19d51424311d498ec7bce6ae38f6a501d2b011d5fc592c4da2c31297a0c535323c41030b739c05abc5bf7fcc7604dd72d76e81284e488f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
7893f9488bdd731f6dac8a3646b291ab

SHA1
98148ff286179232b3ad30551f1233acf13a299d

SHA256
612703eeba6862854a0429265c02d8f27b22f72126838ae0aaf32f4a4af064f3

SHA512
085e71e1d9ed0718231702d821d958a8f029f9a208d9309ad6e9e0c6c1415ceee74b85f745c82c30b811b83790a3ad6f310ce27d5c8738b9128c6a7dd2d644d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\2B239730DBB7CCAA69D83C6AF8FD1D3E10303D04

Filesize
21KB

MD5
ca1d57abecbd2278bb46924d504d34b6

SHA1
ce996959f0424b017dcbf6b2e7ce5589f852f229

SHA256
4d7f8d48429b58b3b252090af8a07a383a1e373011e450cf11dcea977e320d09

SHA512
849046bac6ec8f8360e6738146b6270a9f02aebcb2e81e0797fb8fbf6066f0318aa58b2b9142abca08cd021053b0d60b41ac95131561b9e9eb7f09040c15aace

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\2BB6924390CF59B96D237B36266526F42E539CE4

Filesize
25KB

MD5
98ff48c4d2a2e0e6cc0faee7a44a898c

SHA1
53696c5271f9c37ea4cc6b74ddf16de56c26f751

SHA256
11ff75c66ea832dc0a913f03a2319a5c4cd55db1ce36ecba223e12bd73db4499

SHA512
9339bfb98c643452fb047a4c3a488635b61de66bbbf993c9f4f3e8eb1316907e5e4cd53416eece39807a1557c533a6ad868a46a4537dc2a5fa8cbafb95288a68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\2BE972023C5A094BB5AAB42202260D22B4E3DA74

Filesize
9KB

MD5
af47fdc06927b84411dfaf864eb1a441

SHA1
c27db9342a97912672df3092381e91d34d822f99

SHA256
4977061bf6d842f90bc0c92aef10503eab69baab9ac703b30ecfe9516b31a851

SHA512
8267737337ccb522fdb8752dbb633779455fe69bc607d245fc263111dd82ddc29c63db8a4577284819427232526c70cde2eee0b7386b0c47faad8f1482f537e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\2F255FBF3A388537FB813FF6092275026ACE7CD2

Filesize
19KB

MD5
6e5cfddf03da167729e0bda84aeb3ebc

SHA1
daee579ff0e27a8100187376c3b41782c09650d9

SHA256
a6d5c4fc6e4cbc4812f9b1600fcb1f5ec0ccfac61b342f008f70b7b5339d9767

SHA512
b3f2ba1de1feeb61f7846db965487194400bd4ad84cefbfaed5cb3e5b432a8998e05d19569e4350a705df683664b3529cc0106d9dcc96da272ad390f9f7f7057

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\30F8453575F09E9EA57C17DF9FFB3381D9D40650

Filesize
10KB

MD5
6e77ea4dbb271e6e78ffe33d78cc5387

SHA1
5ce1da88731aaecf57ad19005c2789d03dc0134a

SHA256
e1c3bcd78b2b3ec6dc293d054fe778368ad4f508eb44b54560c8b5fbf1b17958

SHA512
c8b7154c793ca9bc6bfc65f72f794b43f8f17b8a74e49cbe847eda6128ffd930337180f408bf7d53dd993bbfe71e599317ee0cebe78b4d9984273b1007d7badb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\314822CBB28F926E5106B2B480E05B5F4A8C3C3D

Filesize
10KB

MD5
143e30a5afe7d80c2b4c4680a1658a0f

SHA1
1a6e9758ed882dfe64696b3b2e4583f1efbaabeb

SHA256
dc088ea2c66797152383c6c17f3ee4fd74cb4050fc26200f2a99bb977b919c99

SHA512
a056c57e7d8295df8cbd192249af0d9ab45161aeeb722e4e6442b6f6f607defd03f5f13c704ead8debc07b5b7992c5d086cdaf28ed1073547f92fc834f078275

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\31E8CC655550C9BBF7303A52D84A41D359B467E0

Filesize
9KB

MD5
141555c69ca8f55e466310f5e73a4895

SHA1
4d77e092564f5c5dccb4222eb5c72f5cda5d885d

SHA256
a420b2bd173b40d340d68497718c9ff2aaa5cd2667a99ae80f59675b300d1697

SHA512
073e3cf4b5de800e1a16aedeb9be1dce739863fcc60aed7a21b3e8e2e4f9d22f979c55b362d49629961b2b304f79917bbc5d6bc04ef938a2e3e6cb28c595db24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\3C9B2D192D535C347CDA9FB12BFC88FD40CF0382

Filesize
96KB

MD5
fd6a940800828e463817b88f5a9737d8

SHA1
d8b3ad515dc3b094a8a9ff4787dd3ec04d20099e

SHA256
40cb5777504efd0c5d0ce9424328cf4d97384c32c64f7bcc788662cc9a4ebee3

SHA512
f9b6a439e4438520440f7d7b01e5601166158340326ab4b3a733add83e5bfa3417d29efe4614a39f33819da462c3d8cfcb0a5b7b47fed87df5af2c24ed48d474

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\3EA4AAEC724D7877852E81DED047776542DC0259

Filesize
14KB

MD5
45a8401c44c8779208d230b41f2ead13

SHA1
bcdeabffc34950a25de3c9f72ef3a7d6a69b5ffe

SHA256
e7e3398a5af96a14c8b3396a37d8e7942bd263a0adb2ee30ca43149c0ff3c307

SHA512
0df076a4bad10b3a959ad41544db163e1b0df3985e2bc10f8bffea4abb2ddd6c835b1763f5c03f41db78039d9268e211c744dc2b2f51f58d7219707c0933785c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\3F965E4BA59EC997D533C0CCCDACE6E485E20B21

Filesize
27KB

MD5
739570a0e3754853a0f9dfd7b44c8c0d

SHA1
c85179e712649531565c39acf8f961bf4d41f6c4

SHA256
029c70f445957a5273ec163c8200cbf51e5063c09edcdf313085cad590c99cc0

SHA512
c13823458cefdc829f4c46cb5006883ca09d6cd1239209b6a3952d3f315b16b1683b8caa07032c14fb534dae2ff7ff38288942cfcf263d96d06fdca21853a623

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\60AF6138C31AB7CBC0258FC85F36526A60597A84

Filesize
10KB

MD5
04ca697ce4a157a91b084460898d58ee

SHA1
2a1875172fbd80e842167e24a4d989b80a2724d9

SHA256
87e3fc789c6f481ae6f362863f5c10ad678fa2ae016eebca92169615f2b8f559

SHA512
dece27e962617170aa3f3e15650eb02f98e3ea510b5dad1ca8926116915f29e9be108ee43f68d22cae41504a94a3d57b3d0fff809478591faf7bcdd4e67d670b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\6762E24BB9F66A6430B9C774503510453B4EBA21

Filesize
10KB

MD5
cb606349bb73095d5513007563318b76

SHA1
cee1856c9d6b25f4d320922455b782d3367c5b31

SHA256
f21e560b22526738cd4aa7582c646a88639881e8c7f6c6b5589dab1982a9b700

SHA512
fb41c9e30c7eae7c0a83ef80f38c6f20c973110cb13638ce284b56e42e4cad9868f10bc8c700c236f7da9813b74c3d2643e9189b6f74a5fe6d3d2830b40b3d7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\6AE157FC40B27EC1A4814C10157D6FB45BCD5B6C

Filesize
10KB

MD5
fd79e23574c6362258310e81a44c1775

SHA1
b51b6732fac60ec97132621792fb9cea45195d05

SHA256
578b0b12b03bac1b74c5cf0118e78f5f8f0dc87577abde8476bff0e6b4e174d6

SHA512
7e2617141cec3d23d23a2e35b8537f49e9e44fc8fcca62ac5d7c3c1d5dad8599528feef3495b2c0b55e74dd361c07669eb9be3be5ee96a7774bce0a9a5aa14c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
13KB

MD5
8ed0d0866b4891069005302e3d6be6fb

SHA1
238fd2cf56bda7ba600e8243773ea2b9f3eba38d

SHA256
fb0205558db70f89af958cca714b65314fa9f8749c4208468a3a0801106645f8

SHA512
268b874ba3702626763cc49313d7073238efaba2d31b2db909b1c8eccacec31b335f9e3dc78088fe41eae22c128385864a422966168efd7b2344d63e6dfca9a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\76554F8FBF56F947910A8264985518A50CE61BBC

Filesize
11KB

MD5
5f4a33fc5349241e5205ad67df34c232

SHA1
d445500cddbbd156b27f77e3e3e9c035aae23375

SHA256
508b0ba2a3b40689d6616bd07762c2a7b8ac50c6f9849c4b020ddb168064b734

SHA512
369aa6b0343cb94733e20d8f255be0635006ffa0be390933a646a7cbc7b3b2eb848d3ea00038c1ea10474e6c4bc3fed804147898ea04dee691f19f7bdef12b4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\77E0EFABCA0E3F8236C740423A24382E3AB63333

Filesize
35KB

MD5
e0192c2ceb1dc002490190a7ac8468f1

SHA1
b3afc0a97b6bb4ae87d2ed43353762b05ed5b77a

SHA256
2b1bce230d10266369efd8e6b4740d45c948e21cbbca2a59cea422bf700beafd

SHA512
6bc5ec9ac337935cf727fc873a9e5861af6634aa13e1b534e23b6ff231f8742f684029fb11a99e0ba84ffea8fc52dc12ee913a12cb74bad939d4add3becc8138

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
b80d518c27e17947fde5286c62fce3cd

SHA1
230ceb42a5cd3ac067aca8432328764782f64215

SHA256
3db61b6771fd6c9e249cbf6b99eea212fe58306e1c6b3a5f6485cb6e064d49a6

SHA512
5205d403e92567625da9c6dd229c4adfe026a84d6d8607f783ae4f98f36e5fddb5edcc2c74cfcd43b440c6b12bd867e4ad02bff8d3bc07def095b2f359c3a35b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\825C24D4E87331C54E0BBDFDD0FE186D80DF9290

Filesize
13KB

MD5
bf5ef9cb769fc4908914abecc6966834

SHA1
f5a4b0099c2ecba6be5a0f6d1c5106a914736b95

SHA256
c8ed98fad39e5ff7cde90e008badc961aa1dfc7f565bf8f3c70081c3247a0c57

SHA512
9042319c8442eb581d6f638f5fefe80e61dcb06494391a9cfcdf6570a63da3b35723352c055d8c810672ab0da8dcc9c0e02b54420bfd751cc5c38dfbc00b4a60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\867334C28FE2CCCDE9CA4990C722C75D53FB8406

Filesize
10KB

MD5
3b5f16da9ac7ab1a416f3ac2b1f44039

SHA1
490d734ee6d762f244aa586f845f70f26ab2b52f

SHA256
a8f28422f97ec316fe6ad74278f0185ef91f6b15b19858df2ab4d47d33e63fa5

SHA512
f1cd31ea6851b7db54a0c770908af9fc1f080f625f6e338d503dc97f6a29bcd3ac4f205ae092c2ce3bec96ec416790c4a1926cff3dd36afa740e407fdd83ed22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\8FC2AF2E603226592635D45317CB2D4AB17C3721

Filesize
17KB

MD5
2f1b80f7d8de42a07fd3223c51b0d623

SHA1
8b44c19485e673da42f820b87834b25613f7d1d3

SHA256
885956b6e320f3005056c25e2a193d77fae80aea3665b59cf54ab59e6b43f843

SHA512
d70e6b8932b09b9ad72cce5084dd05a2f73965854efa2e581ffb58d5ba607d0bbf8bc5c8ad39379459b5d4332a9b025a832bca22188ed512ddcf8b3243f4bdcc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\cache2\entries\ADF5BD09EB688DAB1F35EE02E8C35329D0E4AD89

Filesize
13KB

MD5
7200834188dc7fb4ace0e29e9a2b326e

SHA1
0f67667201694833a39fe1d6ffd74bd6be14a508

SHA256
debea5232e89f4dc9ac03565bcd7c3729d3583962f45b95047fb4eca5a2c7114

SHA512
2430e71e6f15a85c9b6607022bcc3342eeb2ff25f6a7127322b49ebc5e0a8b6d3c8ce96f0fd6328954ed91a173938cc11269df084684a22c794f97dcf3a30c94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\startupCache\scriptCache-child.bin

Filesize
469KB

MD5
15405b40b11396456243a08ab4c1f30d

SHA1
eda1aaf4281a3f6ac05af57ae91e37f6faf3048f

SHA256
2aa3c813af62320d33d79d971fe48ef775ff66a716658e428b043e2425e721b1

SHA512
e7aadce7de8ac6ca2243cfba8ab242ee6b7e7590445c4d8bee16d39cbfc2b74f0095230ba2bf70db70eede4a3cf1be98372bf79c3bb0db2826608a5da4520618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
29d23c66b9a584e1e697121bb02f68bb

SHA1
f42123753d3798ec0f84786028ae6ee3538c9121

SHA256
dc18d462c90430fb3e01279ad3516b13e4b7f31012c57dff798771adc19c90bd

SHA512
7757ff7b3c7dfa01a8af43533d529ca6f1340feae664872dce4ce94aa5ad79c90e65901b60a330176939a1f1abf2ea6fe6ec60cb3c9167c8ac305297e157fbe2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
2e2992734b6bf0f353390b15b604ee58

SHA1
a504af527f59f2007e6e8e92d8312fac4e6cb091

SHA256
97021f6a7896f3f8b2d58f15f4143b4a684103a8c22247c861e38383c87d6661

SHA512
0051573da150317494a38acbba1c9e71ae12c2f4cee97144948015ed2e4bbf13fc1f1156c0bb5a3a1289ad7f1d8e3edf7ed7ebd1d278371eed0569841a141921

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t35pww33.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
f937ca6e11330007993b052f589b37e6

SHA1
b852bec9223afd4f349781fe4c30393e7e2a3135

SHA256
acd63719311804b5ab2c21b1aa9469b3b83e6386ec1aee3382f2d9e18ac010f5

SHA512
2808757b41e73ca6bd829fd15edb897ad29fecca70465f973149b6af59f937d2024bd8cf00836bbbfa169acdae0a175af7522e6862c82b3ae7e64810dd175e9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\3f8bc241-bc43-49c1-93bc-3fad1577cca3.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rzxcumxy.mwh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\P3O0FW66XWSXM01WU3HH.temp

Filesize
7KB

MD5
ebeda49cd400757ba80a1169c0cf0b73

SHA1
bac5402b9c00f806e21e9481ee2757989282a839

SHA256
c9ac8cd181f91060ca5b301438866201f80a917c28306667b57d120a71f62462

SHA512
ca6b1e24034ffbdf17af7bb81ca18cdade0bc717907231b5bb8b0b4d48eb5e50e07c85d2847e08d1d60c964c808db26365e6a90757d803fd7bb4623ab5247861

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.lnk

Filesize
771B

MD5
3383f9c2f948ef90e0d59d73308b924d

SHA1
348234d4f638170f29b98efadedc621774e61921

SHA256
ea051686902bd9901c5a8cb626b681335e7493998d65b8864e63a828a1e00022

SHA512
b9839cacb0aa9319cb19258c72f76fd7b6baf0942c6adc779c6f18daae2a6c34cf25cb212a17547909489cddb7ad8273c998ed70724fda36a9b04dc22ba1e4ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\AlternateServices.bin

Filesize
6KB

MD5
04f4f5855850e237a6d06eba35af21f8

SHA1
bb521ee34cbca6e3872a98c1180769b8127b8a16

SHA256
d174a7d8e6938ec7b27c213319ed58756a716f96349e6f9f5d8fd2f85f213c13

SHA512
3056921dd0a18733e843dbebfc2205182e5ae1fe13b3b6730286206a4423ca8b7e70d686c7b3bdf5db6860a5712cf7f73c9fe64081ce0315e651b2dfb0f28b63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\AlternateServices.bin

Filesize
8KB

MD5
166a93589dfa12a46f596231c6f290cf

SHA1
6d3cad44ba4b08cf634989721d8d6409bb94e7ad

SHA256
c466d7bdc22093e16753891902377b3948c659bad526f8ea4199ae032b44a411

SHA512
7ef0dd6bfe4484806b3ecba98392cf1592edc9fb9d95d63215e73b35717d613d6703b8a59a43b8fb7ab2a70435bd2c4b214e59567b7582ee6e0943ae448a0df9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
38981729f56a909df30d0749478982d2

SHA1
10126d4ae9f1089adc57476ddd2bb9b7a96ebd75

SHA256
cc4bf35607c09b197ff9268f9da377b3084738b25644799ef4cbbf2e9ff41ed6

SHA512
a2eb44f680be4f1aa2437e1671d74d9e7f5aeed6a35a3999dcbe168f2529ab10d77f7205917754ef37d5ac22173cf97783a656227c753e03c0ad53d94c1aba4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\db\data.safe.bin

Filesize
31KB

MD5
8185571d7c712d1ce502ada631bdfa08

SHA1
114d424f85f419b562abaa30d7b75ea1bfdfedb9

SHA256
22f29eac1d96565c9ad1a9b8fed8c2c8571206d81b339a1f82ab7d175f1958e4

SHA512
fa9822ef8de96019128ba1bad20cb42e6289aa2bf23490d9210986feb53d6e24ec8fb3c1aa962a9a5946cf66428b011198807e42a8de9499a10ecc2c4b361d4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f26c69797a1138a522c8acdff0b456a8

SHA1
770d4d0d514164d5e2c87a6ca489cc8135537714

SHA256
cfb9dd360bfaf65484032f9fed067d4df1c60fdb25037df56e2f00d0a3ec0df7

SHA512
43861cacab539d5880f3b0273af0ae954094dc70d481f65faef4af09e2344457e14b56fd2d840b629fc75ebf34966f4879b906201aa6d0dc11aadd19441130eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
e603313be000f5074097d96044345277

SHA1
dbe52bde0fcad47d1dc8d3e3ecc4f332afb00699

SHA256
e3bacd0f68976fabcb5838c48047b44f0cf261a0ff5741ae2f73cd9cea63f648

SHA512
50d796bf42edcc79e8e6439b7555974154ad52750e6d6784e09800cdb09cdb34fe8ad5b9d71556d47920746623d4a709e3ef4dc99908fd5f672a96e066645a09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
897d451014f1b78c25b57ed5390cdf30

SHA1
209b2543a09b1e9b5954c6a2609a7bb562c402de

SHA256
07df2004a4d478d525bcfe160384fa9f0d3629965eed1f3aaa9767876dab14e6

SHA512
2355077c90f01bbc16af3db46b560bed6fbd2dbb668fb62760356443ccdcea5fb9fc1b366dce78abfc1ef360b03b296363acb68512f2d3053f2bea8dbf47ea1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
31ecfbef5c3284812fb88b4e45ef90a0

SHA1
98b8a5d39793cf0661fabfaf428d5b141fa17f2d

SHA256
bddedba2cf8d9083a0d62d1fa45173ebef09b4b727f19640c3757b78de9ffffd

SHA512
b59b10b80b9dd536b97e0e1e3de6c126fa017eb3c91cefe5728b9d150fa5dd0de745a133b0d5af1f475aab52aec8539dc421199a78a54226303e801648040e96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
eaa65018d719a2c107f930bb715bf148

SHA1
8684d74b8dd5d56907f1df53011608eedea3ce96

SHA256
fa39e1e28d792ea8e915b5c85237af2fc6dd8cd725089f4770983f2e881544a1

SHA512
b2a4d7ab7cebd6c6d77f01f1bef5c3818ff7b198501635104b86367aeafa1f83997a33df381e9d142260dfda451b59caad720572a505ed2860af77c6a6817d14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\events\pageload

Filesize
377B

MD5
5279a20ed835c2a320d398341921ed8e

SHA1
7884f9cc509b1200994fdf9e866efa4e335c58aa

SHA256
7206b6668ee1382761d0befd9ff026bebf1010d6e0743cb2a931643d6e770b23

SHA512
a35e72c0adb9b06aa796f5fd09756916971af01ecea70ad7cfa46c993269cf74ce4c395e42856ba8ef6aad73c6bdb5a99d08091817fef5faaf986352af1f38d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\289d7c83-eaa8-451b-aa77-5f14cb6a1ee6

Filesize
905B

MD5
edee7575be4665bb1355f795ea641583

SHA1
02dff54824f73006f655c10644f041ceae668ecc

SHA256
1786262c509b96e9c17020deee038db0bb1798dcd8ca8ba57b352a8fbe375346

SHA512
5f58fbd51f94446583dc611f5a2ceef1e040970d200dc5cf683968407a94d455a1181951cc5ff290a8cd474f7b0a0132b8ae99f21f73c54b9c7ec2487c638ba9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\447a45b8-2351-4140-8fe4-9e9062d2d910

Filesize
5KB

MD5
f8c9981a7e73e211c2dd506b1447083b

SHA1
9cc344ad497a1f8484571b9aff9a877ef8abdac9

SHA256
750f6dd1bd677b334e02d8f917e74dc2a9bbbacd69dd70329fb5766da39018fc

SHA512
718ba9b6a403e35d6906b5441bb0a17259d0d817b126c90b791509566939573ffaa6830c10b6ec47789f3d7bca4b775ebc18e42410e639d86e9df4d1711f2558

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\46ffc135-6cab-488e-a316-292fd1998e4a

Filesize
25KB

MD5
a79c55a5ab5564f7d10a956fce937b6c

SHA1
7b956fa145d83c147a80fdfc212d287ee5cacdc6

SHA256
13aaaa024f541eeee183642031abc66bc2be2bbcc6f095a7bb2f897ce7013feb

SHA512
9dbfad6154deb8c2eca7ea0e6ee6ec5a144582f4e33e161abaef8da3f3ab6cec5ca3a8b74b8b38334e0839546c5d428640ea69ca803dc53044b2c6eee963b7c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\7430f853-3d95-46a8-9a4b-d499cb47a164

Filesize
767B

MD5
b34b0008013045aa0105f35039221a74

SHA1
66c8c4a1a9597e1db7ef0248d90281323ca2c345

SHA256
76e67d4b6e79e7896e6ab99637775c0572cf12fc38e75872dd6144300715aa3a

SHA512
4755108c8b0696a59d976da56c3cfae319914cfa5f34d959afb0ac8b661f79819f745789b805293bb652927f605daa0996496955376394e3e48618e423d75fcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\806098e6-740a-4aa1-a2d9-933e1db27898

Filesize
671B

MD5
746f5e6e42212d2cbc9d5243be63f7d6

SHA1
a4be4b4dd6f45e9c3eec895a7dc0bd897d767ea1

SHA256
6e903ee073116760166b90966325fade3e0c0edfaf4a5dcf846892f975818573

SHA512
07555211958982501fab8211b3137901c0f8e01fa119be4336e1428873eabb29547eb7a9511380fb37c237ca46717405e242b6cf6e93c37e4892e4fb3a11fe0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\9044b974-46b7-45af-8a93-234eea2d3fbd

Filesize
734B

MD5
77b05f423cacfedacc617c3bc9917d04

SHA1
b1b5383b6bc633ad94b5e06f914643953b20f292

SHA256
d9c9285f02b92fd85182561947a907a92c28980866d8ca3fb93eb2222ba9f141

SHA512
bfd15da1c33e3ed7ce315761a4470e9fbdb367e5da967c64ec47fddf47287dc391eb65e53267a7b59e16854cb8a8405ace33095e77acfd801f3d3fae8d19ccc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\datareporting\glean\pending_pings\91ce0ac5-360d-42ce-a183-3e0a86fd5c4a

Filesize
982B

MD5
36fa1a860959fbe707d4cd92ab618a46

SHA1
1e9e09750cb9b1402707f9b43ce4c73f48c4273a

SHA256
b8ca16883f3e3badc189d9f44b29c59c783ecdfa61adb428db3c95ab1c83a914

SHA512
fdef7e9a69d6cc0a657bd0819ba959edd587d729d41c5ec440671d2d09872b89938774b3fcb681daf3217f0802b86c916efe17e79767e13bab368f33f6b72ce2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\favicons.sqlite

Filesize
5.0MB

MD5
d63f6e5fa763e28f6fbe1b4c23283ac2

SHA1
4632bae1048699778cc8ec7111dbca83ffb87d49

SHA256
cc8117caf2028e5e64b10ad5684f8993b343e6c31fbee71311436d2ebd057812

SHA512
a9cd61dd50987d1ee46c3616f9019a46f96ae88e10ec3918a13d9414164a58017c17dfc1c709d383cf3dc0772e30e076e7ffbfbce8eec384b5c1e75895b02868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\permissions.sqlite

Filesize
96KB

MD5
77124f02ee5a79a62c3b410e6b8c0412

SHA1
34bca71a9f2c2204729cdf24765e825aa1a7aaa9

SHA256
8b26830fc956c822320d110f19dc98bb7a26cc91ba955c96ad77f6a5e0d523bc

SHA512
0cd09fa7c9f306135f35989cc36f50ab10be3535cde184caa1ce91301cc905e1ad4c1e70347509676719f352ae539afb703aa969570c7766907e4f7335675630

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\places.sqlite

Filesize
5.0MB

MD5
9de0998396700c752585b9441f61f373

SHA1
2efdd0ab588b5aa88691bc5b7603baa67f7e647a

SHA256
16926082daac7298c3b411548275de7250bbef8c6d6cca114007eb942fa5803d

SHA512
056c7118c51dd2b16def11eb0538a20db3f6be622062352f441d364d3fcdba8ace34cdb1e2f2f09f262fb4c76a3944427ebd9f6e0fcdb890f8d11fc8d4247399

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\prefs-1.js

Filesize
9KB

MD5
293f399d09b22765426ac52148bf4894

SHA1
a640141487052cf5ae451629907162b196d1b548

SHA256
633aa6c059502bfcb50e5e4c64ac6ecbb0f08470965ee2f97be9fc715ccd30c2

SHA512
7b3a4c38dca00853e03f55684ce6cdd5de8e5278740d9dbf146b5d19dab05055ee5146349833e77ef78a19fac574301b75b4b64d5b6b0166dd7f05437baca2f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\prefs-1.js

Filesize
10KB

MD5
7723306e77046a7faf8d2bb9718adba5

SHA1
99d9557dac14cf4509f9b7d10fba19c0aed8097e

SHA256
04ac2c4c7bc68666683fd0f1b3dacb450629b2b0a6e322c7f3b12bbad73d43a2

SHA512
5a34c1f6e07b140acaab466a8defee1ca76a8617b7a097dfe3e1bfc8d65bea07b7355d7bfd3c1d6d875c45c9bc781b838ae8a46b40e4f765ae6b62ad3ecae4f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\prefs-1.js

Filesize
10KB

MD5
b2ad4d76173e69ecc0bacc907195f950

SHA1
4005735e04243e97400febfb7533f1c6fcded675

SHA256
13d4e9cc9f6622bc84a633080f40999ecc01e0f798b95eaad643c302b5d603d4

SHA512
7c73df49ddcbef909cab9d6ca97e2d75a4ba5778b923db777f8df2644bf6d25cd45febcf55bd9f4eeb7b847f702e2bf0e14e27ed6ab90c6bb293309a2dbccdbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\prefs-1.js

Filesize
9KB

MD5
630b0dc2aa8fcd35f60d9eb16c7ddf1b

SHA1
97f142df2baaf927eaffbe88add12f7618d9171d

SHA256
2e0d46ef26695982c7540b866b62eb82ad30c9db31c0eba7a329cfcca87908b7

SHA512
3e67c9925c5dfdaf420f5d5ec289b53757c216c6d6c4991312ac11c9a44c44f5849d24981d0c86f43f0b36b1f56da519efd4d8de56f604871eedde7148fb6e5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\prefs.js

Filesize
9KB

MD5
d4c8b9931c09a17e9c07f75472b01162

SHA1
d7344fcbbc7568e8999eb8dce87130ca90d8ba7d

SHA256
f57039ea103da72c520944f1bc05d11312b7a3d56e59f9645f731d5748fbf991

SHA512
0a009695e7c0d299a2baf15370466b612f51bd03ae0edd0e67edf2a1a6f27cb7a55ac8b889618bd751577ba5b00f4f0915664c56d98cdd207f3bddd73f16363f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\sessionstore.jsonlz4

Filesize
14KB

MD5
ca1527e7dc9f8cf047a8868f10415952

SHA1
1d93c154aa4bd0c7a896e6197b042a8fb8dab7f7

SHA256
b3d514a3b8ceeebcf394665ba2da9f099e185da566215a840a74f490ea37f9d3

SHA512
5190b6445794a3e7f2d4d69eeb480f8375d293e32384e6016422f07bd9b8492ccabda980d4112f3ec7f4f8238048bf40ba184a75869f31812244755e739d3c19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
4e8bec41e2d66ad851fef2a061a2c37e

SHA1
4f10833f62cdfeed5f8217e254aa4c9dde00def7

SHA256
61482608b670000400bf1bd07483f7ba76b3d7195262f5a40001f6ded41cacd3

SHA512
44a4b5b7081186c5c4baff96432f33a2fdb92fad858283b1336f9323e26b0229395750c2689fc18ad6276cfd54bcb40603fbd4914e302cebf67bf99d5f71d45e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
648KB

MD5
43c4a6edc62f959a651a188d12bb353b

SHA1
6b8910ecbc857c124366d46b416417eaa64cc817

SHA256
7502c70808773db1dd75fa733bdbd28c0a8993211ca88f90c5f5fd97ce6659a5

SHA512
ad730f8bad926578c6f3bc621afed7fa6dbf9c14e404c13ebb9d852ce7c36009d5f4f4f0c6147ac2a02db3eced182a667389e053aac67217f67751e1b78f5c0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t35pww33.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
73KB

MD5
fa0d41dc7ca9c40b5bd4ddc84ddcab86

SHA1
86e94ea9ecbcf30f187e68fb8c5afd6ee2891ba9

SHA256
35dc677cc4ded7c3ef15ed4130c13c23c62055f78161c2d93318113c2fd0de66

SHA512
6e4dbfd1edb207bb017da41864811d793f23bb032e0838b24cafaac41f51806333e67b6f69a18d12bc8ca08c6b533d56f9d287c464b445ead92e8bd49e7e5d13

Download Submit
memory/780-1-0x0000000000D00000-0x0000000000D18000-memory.dmp

Filesize
96KB

Download
memory/780-88-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/780-55-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/780-0-0x00007FF82EDB3000-0x00007FF82EDB5000-memory.dmp

Filesize
8KB

Download
memory/780-50-0x00007FF82EDB3000-0x00007FF82EDB5000-memory.dmp

Filesize
8KB

Download
memory/956-87-0x0000023846910000-0x0000023846912000-memory.dmp

Filesize
8KB

Download
memory/956-85-0x000002383F140000-0x000002383F142000-memory.dmp

Filesize
8KB

Download
memory/956-81-0x0000023844D30000-0x0000023844D32000-memory.dmp

Filesize
8KB

Download
memory/956-80-0x0000023844D50000-0x0000023844D52000-memory.dmp

Filesize
8KB

Download
memory/956-77-0x0000023844890000-0x0000023844892000-memory.dmp

Filesize
8KB

Download
memory/956-79-0x00000238449A0000-0x00000238449A2000-memory.dmp

Filesize
8KB

Download
memory/956-75-0x0000023843230000-0x0000023843231000-memory.dmp

Filesize
4KB

Download
memory/956-56-0x000002383EB60000-0x000002383EB70000-memory.dmp

Filesize
64KB

Download
memory/956-64-0x000002383F150000-0x000002383F160000-memory.dmp

Filesize
64KB

Download
memory/956-83-0x0000023844D30000-0x0000023844D32000-memory.dmp

Filesize
8KB

Download
memory/956-84-0x0000023846450000-0x0000023846452000-memory.dmp

Filesize
8KB

Download
memory/956-82-0x0000023844E30000-0x0000023844E32000-memory.dmp

Filesize
8KB

Download
memory/956-86-0x00000238468C0000-0x00000238468C2000-memory.dmp

Filesize
8KB

Download
memory/4372-17-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/4372-13-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/4372-12-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/4372-11-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/4372-10-0x0000015AD53F0000-0x0000015AD5412000-memory.dmp

Filesize
136KB

Download
memory/4372-14-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/4372-18-0x00007FF82EDB0000-0x00007FF82F872000-memory.dmp

Filesize
10.8MB

Download
memory/6120-953-0x00000286A65C0000-0x00000286A6606000-memory.dmp

Filesize
280KB

Download