4e5551809a43ee5b8bd9bca93fa82ce8830ee67befa688aec3442789f4d284cf

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/03/2023, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Contract_March_23_INV#52.pdf
Size

142KB
MD5

f20be453c86a4ec6d5fb8baaa882c0c1
SHA1

c662ac7fc42afda33a4f96bd8e777601f3199a49
SHA256

4e5551809a43ee5b8bd9bca93fa82ce8830ee67befa688aec3442789f4d284cf
SHA512

bb9e714ffe0dbe4c6d9198c6e9c99ad22a759a16a282243ec4d973af202157dd4752895783745ad1f9c03db22398e0086816522c5a95b13ea23caff45c0c7682
SSDEEP

3072:gW4oqjyxcf4YZIcVXcXTpOrdPcJp/OFAcS24bH0M0XYEFMmbsJ6:gBZNf4YHVXCzOeR2mUHYMM/6

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2e9843cd-e1ec-48e1-8a0c-f43722f721e1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230323184200.pma	setup.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 10 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\adobe.com	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com\Total = "48"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\auth.services.adobe.com\ = "48"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\adobe.com\NumberOfSubdomains = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "48"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Internet Explorer\DOMStorage\auth.services.adobe.com	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133240705629891906"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\MuiCache	RdrCEF.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
5084	msedge.exe
5084	msedge.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
5688	identity_helper.exe
5688	identity_helper.exe
6408	chrome.exe
6408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
5084	msedge.exe
5084	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4540	firefox.exe
Token: SeDebugPrivilege	4540	firefox.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe
Token: SeShutdownPrivilege	6408	chrome.exe
Token: SeCreatePagefilePrivilege	6408	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3592	AcroRd32.exe
5084	msedge.exe
5084	msedge.exe
5084	msedge.exe
4540	firefox.exe
4540	firefox.exe
4540	firefox.exe
4540	firefox.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
5084	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4540	firefox.exe
4540	firefox.exe
4540	firefox.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe
6408	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
4540	firefox.exe
4540	firefox.exe
4540	firefox.exe
4540	firefox.exe
3592	AcroRd32.exe
3592	AcroRd32.exe
3592	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 1008	3592	AcroRd32.exe	91
PID 3592 wrote to memory of 1008	3592	AcroRd32.exe	91
PID 3592 wrote to memory of 1008	3592	AcroRd32.exe	91
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 1748	1008	RdrCEF.exe	92
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93
PID 1008 wrote to memory of 932	1008	RdrCEF.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Contract_March_23_INV#52.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E4312778CBF597753D91374FB6D0F0F4 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1748
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=37D8EACF75501E748AF23FA9841A47D4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=37D8EACF75501E748AF23FA9841A47D4 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8766DF218053D9C1770337FBDCD905CD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8766DF218053D9C1770337FBDCD905CD --renderer-client-id=4 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3340
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CBEB6E888137E84139CA6206B38C13A3 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4456
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C538C64692B76D0AC107198C31D6DE06 --mojo-platform-channel-handle=2812 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5708
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=228564B6995D76336D819F2E5D4AD9E9 --mojo-platform-channel-handle=2788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://170.130.55.172/lndex.php
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1df046f8,0x7ffc1df04708,0x7ffc1df04718
    3⤵
    PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
    3⤵
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
    3⤵
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:5388
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
    3⤵
    PID:180
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:5324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff714a95460,0x7ff714a95470,0x7ff714a95480
      4⤵
      PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:5172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4064 /prefetch:8
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
    3⤵
    PID:7248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8217490401705853457,3508030619538940035,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
    3⤵
    PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
  2⤵
  PID:7016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x7c,0xe4,0x104,0x40,0x108,0x7ffc1df046f8,0x7ffc1df04708,0x7ffc1df04718
    3⤵
    PID:4332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.0.430945410\1611466531" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4dd570-59bd-4baf-aeb7-751ffac36b5e} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 1932 1c3f23eec58 gpu
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.1.1608428948\703858943" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fd5f920-fb5f-486f-8a5c-3804a95d77b6} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 2332 1c3e5472558 socket
    3⤵
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.2.940439553\133427263" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2916 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e365df27-df39-4770-9428-f251e0a1bf17} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 3024 1c3f60d7c58 tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.3.701688241\1789689185" -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3776 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b56385b0-8a95-4c89-959b-38682d95e7e7} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 3336 1c3e5466558 tab
    3⤵
    PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.4.1320073503\1264860747" -childID 3 -isForBrowser -prefsHandle 3896 -prefMapHandle 3892 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {050c3298-4ea0-4e84-b46e-f9debcb55fe2} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 4004 1c3f7139558 tab
    3⤵
    PID:6152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.7.185276983\605294911" -childID 6 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3792f36-c0a0-4426-909b-e872910b22c5} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5264 1c3f8aa1458 tab
    3⤵
    PID:6692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.6.472510361\262749218" -childID 5 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27359054-b7e3-4141-92e2-ff0e766682f7} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5064 1c3f855a458 tab
    3⤵
    PID:6684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.5.1074525719\507449246" -childID 4 -isForBrowser -prefsHandle 4900 -prefMapHandle 4996 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeddbe9f-8c4f-4ba2-9f8c-63b0ee3e3b7f} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 4988 1c3f8559b58 tab
    3⤵
    PID:6676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4540.8.2096629804\1800479220" -childID 7 -isForBrowser -prefsHandle 5600 -prefMapHandle 5876 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6317b22e-b277-433e-8c17-9cb403ee375f} 4540 "\\.\pipe\gecko-crash-server-pipe.4540" 5624 1c3e545cd58 tab
    3⤵
    PID:6820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xd0,0x128,0x7ffc19229758,0x7ffc19229768,0x7ffc19229778
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:2
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:8
  2⤵
  PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2272 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4580 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:8
  2⤵
  PID:6808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:8
  2⤵
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5036 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5012 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3120 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3492 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:6236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4508 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5380 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3480 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4544 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5672 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3440 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5812 --field-trial-handle=1840,i,617414193079440166,7753087687143264452,131072 /prefetch:1
  2⤵
  PID:6592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
7ca4e495e540cef42f33ba3152d29e90

SHA1
a02a2eb8d7e8cc65f30b0bcbb81d843f52ed057f

SHA256
fe055dd1fd9dbedd156742dc7f594594b935a11b788d5eaadd6310ec0dc64e19

SHA512
479d2df7b76271c26e4ea037bb00da98f050804a446e9605dfeecf266ad487ddc7fa3c33bac0a0d540079ec305bd08051ca97810d080b3f0003bcef550102a69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
1d02d4e11497ca4a5f92dc3bae32ee84

SHA1
f55eecd6507be05f1cca74a6ca2083389a1b377f

SHA256
8fe53ba9ca8d213306d468e0343f14c0c1566960d1372a0871db8746ccf824a3

SHA512
4ffde7874089e20c278eca242f00fbe931b09aaeb1cabc9b38498db5dea05de57b312374987bb29f26abf7fea7576672d3c1c93d3a81757cdd0ff05865ab8922

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
983cb75f37eeed17e3cb77b1401e3f24

SHA1
81f63ea9e59fb2478a8ed7f3c572264f5710165a

SHA256
f74be80f9a8bb9b39fd67351d36a9fe041d6b28f5044b46304574f32a4308d3d

SHA512
7d8c3419bcbcde7ef0bc59f974da5c7e80a0ddbf4da71279ea7371230b533442cd8f3e0cd0c98e71e5e636bc5da8a948c8ffa05767d8247507c61990c171d194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1014B

MD5
eda20da0a45fe2b66b3eab42c8412d57

SHA1
cf35ee33134114c0fb572df6c5adbe5e72864c73

SHA256
ef80a4a40f43a7bac17b8caf25f7155b25d69ca8a05c1ac459c9523e10486467

SHA512
d38bf1fe1e69e6a9f599809bb55dbafa572580ab79a6825553e38bf502ffca54a76634ea36c59aa4f966125e3863a6f334109f2acfb28736706f2890e928548b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2c1cc878b8531a3f4b7314feffe315a0

SHA1
e7c42229011e07e9e9649f6d5b3ef56f50dbdb7a

SHA256
0b444ed18260b05a5d7ee3eb8e7c43b6386400dab2dcfd099a7b683cd71928bf

SHA512
a3c2c03826f0436bd7042b63faa62a65ced3bd0fcbace756a0f89681dc683f8c265239c1e4b6665961164567327bfe4afe7943b9461353cc59a345c51983879b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
94b5685a9bfc7a2598e7810ca01da2c0

SHA1
1a606ece5c3594f0e170eb439694fafeb8289945

SHA256
69ab95cba7856327ca0bc1522f65fee673e6eaeedd6a103edd8e917bbbe020b9

SHA512
ddadc39e36612aab67ce066b2ec527d7696a03d98133c2de5a513805eced9e2d7b8eb2caf50bc06bb2a5b2918bd798c48d4d1ae36080a8a0aad657789c5d6cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
173f8641c2fcaba40180202cefc8fd79

SHA1
ca61310989bffa5250fdb32816fc76c23eabfe50

SHA256
1dea4531238a03f6e87b243515f6c062cbd16c73362d0fcfde91f512ad50b9cc

SHA512
c3e0e242a7e545da69db0e09c3f2115b61e80fbb83ac1e574eb5a3f31e2c6d13e01e286068e44451a2bc899e80bcafeba939a489d92d80960520a0df3f52e775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e87c9ddc04359555dd55dabbefaf13c1

SHA1
8392fad11d326ab44b4f2340801b5d51ad2306cc

SHA256
b6cd7698013938242e2263bf82fd2c277410a2dcaeb574db11eb40fc90ed21bf

SHA512
fb949ea7467e65636b1f8a73c56ca00041d96f1a646267c4af23c17f7799667ed41c24021e91752f64a67a621808a977b83965b3b613da290743007201fe25b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c3c8b5b347381078f5e9ee464abbd171

SHA1
7fb57a86edae28d737a7ab1172b0c462898401f0

SHA256
fcb2c2a6b9c82b8d0c865c6f94ccf0ccc4aff559a6d8ac22d0696104c02d65bb

SHA512
2584af5130fdc7048a1adf416d67127b76cfdb225dd15637de0c56eba1aab2a1cdeeedc3085ce5336006b85cd7e7bdd74d3582230132c7836d96ab9f47c3df65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
01ff603adbffb7af2100ed33f847ee62

SHA1
926f9a9df4a217a5d0696622f11d9446cff8b9cb

SHA256
842f48724af476a19bc04fd41b491c872d3d86a5427f522f9165d4bbc66f576b

SHA512
41cab81e85124bdd7fb0214e1d0c0bd81999cc8982efb859252df72b2e39156c38c24e6e3532fa058707d5f1333bada63b9dce08ac30ae50011883ba0df5043c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0faeb8169ab57fcbacca51bfd5e91364

SHA1
d99ed3fb566615b5f94ee298ace27fa374befed8

SHA256
affc8a7ab217b8983ae59d2a59278cc8886fb3fd79511cd0c7b99c4a1d6b5110

SHA512
07160468cc3ae9c6db31b991e47e2e75efd132e594d50234360e342628174e8fff759d0e1bb9460a63bec61e0c3bcda87a8ca3c36fae9155553423c68c402984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0faeb8169ab57fcbacca51bfd5e91364

SHA1
d99ed3fb566615b5f94ee298ace27fa374befed8

SHA256
affc8a7ab217b8983ae59d2a59278cc8886fb3fd79511cd0c7b99c4a1d6b5110

SHA512
07160468cc3ae9c6db31b991e47e2e75efd132e594d50234360e342628174e8fff759d0e1bb9460a63bec61e0c3bcda87a8ca3c36fae9155553423c68c402984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0faeb8169ab57fcbacca51bfd5e91364

SHA1
d99ed3fb566615b5f94ee298ace27fa374befed8

SHA256
affc8a7ab217b8983ae59d2a59278cc8886fb3fd79511cd0c7b99c4a1d6b5110

SHA512
07160468cc3ae9c6db31b991e47e2e75efd132e594d50234360e342628174e8fff759d0e1bb9460a63bec61e0c3bcda87a8ca3c36fae9155553423c68c402984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\38933c33-f056-4e5e-9cf5-14401a884c68.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
8c32a296cec8e17b30fdf74ba5934e26

SHA1
38d53c6b3af2825852881360071573c943c18131

SHA256
78378f98b32234e999dfb0e85bdcd086edc46742c8890e3c7a0dd645d2483f92

SHA512
c91a0c505e6cc13274d4fe0af3ab741b84308e126b9ddc8de11cc3815b6e12efd6ac2115d5098c132c06f70c70523ecfe1ccbc6018995b6b75b2e8c5574abd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eb525301573c976d32ed978508b95426

SHA1
0e188165e8f947884c0d92ecb6f3c2b651237a60

SHA256
58d3c9cc96fea9a13550f870389bbb30455d0342a326d138c13279bbd9999a05

SHA512
b4c9a3a7b89159df86f620fb4377759ec890dc54f4ca2fd655c9f790f478dedec0743a9bc24e4cbf4d17a9846d9719e38395931ede7a0f266b01625b4690de8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
fc899d631123bb5600a68ad3b29351fd

SHA1
a92133d8e112bc77adbdcbd7a3de0d2a0864497e

SHA256
6af36b321d3255f3425ae8afad7aecc97c009ffa37d2529c0f04217015fddbcc

SHA512
d2d352301fd1498f851b24c076eea886c2859d77559c13b61619a44a8d3ebf4632567f1afaf3594f29e5feadbe23a5f6107b9790ea4cdf66654935131a236d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
664545285c57e55d5b0355d48316cacf

SHA1
5ad2021a03b102779190e6248d99934b0b3ce8af

SHA256
4df6eb230c5cfed75c2e3e5d40a5b6bf73a8001673fba21eb6a79309e662176d

SHA512
5ffb623f5f5b9d7e97efec6e1255aefc37f1a348799c316e7d4e708b8841fa619e41cab173e6462377e03ead0d115e9b508dff124e03ce13eea85ee6a519eeb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1006B

MD5
8e5eff8a0f815475cb32bc7763033a12

SHA1
5618f5a2a90924cc094259f01b5db677221940e0

SHA256
11ef130888f9fbbd64ac2b627ee260cceab432fa957a87de2fea1d4684bb8023

SHA512
2cd4bb988d9a3c6a05bd98d0362ecb6a98219376ea3bc2d845696ffeeec94f382960e345298230d49e433eb23356c816d0a80d1dd75ad6bea51747e0da7678fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
634e1fab3e7f76807f112d63081759db

SHA1
d8f7815d1b4b4810452f811349007c5d6779853a

SHA256
227afb8354a66221b0f3afdff660e962fbd44772d1b73d97076c988219b000c9

SHA512
827cf0906c09678bc276675207666305d8c4b392521442923fd70716758b246b7fa4c8d3b00d20f15aadf0b4c18eb62c8146492853e23f8518fe21b768cc744f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8060ebd5661f010c46c244f0329cec8c

SHA1
99a715992b8f3e194819bb7483b34b8e8e3378c0

SHA256
eb6f8a8d73ba6844bc2f83cd5958722d88037e8c29c7654a12e7d742be7ecf4c

SHA512
38214a2455fbda6e8c8d5ec8a637aa8eff733989221be7d42376e7b6030ca0d42c429d37c1bda3ccc53dce75f0b7c9ba91cbba8baaf2f508e3b318813a308892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4413ce79156a93c23ea6a54c46469a1a

SHA1
1abed6082827162ae9134dd6181eafeb656e1dca

SHA256
2f6918421713a4e12ee8a75f98a83315a7d914e6ea6a773e3834be9b65bda2d0

SHA512
51ca6f4691a968a170cc91add4e6dd393b22f34dae3771d7f0db77be4682f51f3e2a3e47497b9fd6d4c264a7c5a5ef2c2675bbda87ba8375f097cefa48cc7871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fce607926b98e96bc883399ce2385bb7

SHA1
4b55af8a60811f0c72aa311251b7a5afac0f23be

SHA256
fa0c4ccf8691056fe4c290c8081628449880e1d48b04dd09a56dba201a612ac6

SHA512
523a13546c0c937d862f2520364254ea898c87dace60cce5734b0894c536499e10826d3948abb767100706253722b3f2a4835102565e450c2e10dfa05d413d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
94B

MD5
de81db79e06ee013ef0cdae7ab54c50c

SHA1
17a079d39a17b328e52279928b34565991dea603

SHA256
f1912f9e8222d5d867ae2e48fa3710c4cb458b92abbe924cb3331c8e3dcec785

SHA512
fd88a91081558e31b7b8bbea8c2ad60e30cc75397f3840b62fc62515fc456312f5083e7b0df9ab4469dcaca88b130bf0e4d98bd11710d16148498aebc25ef175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
87B

MD5
2df60409493dd1afd58f3dca4c853c68

SHA1
3f144000efc6d8091a70d1f07907207fb0a983bd

SHA256
7e51070a005320c6acb628f283b3d61e661bd52fa3410f1e6200aa7b80d1bd77

SHA512
72832ac488a672da017805284983dc8273e78f4031f6d52163c2e2c85438336f02282925475abfa0fe048e9a010f45dd6140a3d3708d71e47831636467f0e6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3c522170a35f19e898e7861e6e1e301a

SHA1
756dfd688fbb2701072c55052f3651a061889c94

SHA256
237678d43e770fa4f63c2b2ff4864ae276d776d003f14294cca20489df3c1813

SHA512
5786b658dec45af53e404fcdef3bd79323ba929a205792355716351032110dc75e5849f47c5a2ca484a7ceb4df8c4544015930175619e545652890ae8735792e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
75062d431f36444c5113fd6f7ecf6c7d

SHA1
d4df394c4e9535c1db19340461b4b5c76318959a

SHA256
1682065f3751bab955416ea0328e2706552436e242a6d31d4145aef73d0352d4

SHA512
82de322b0fd1f4558ed8dea19d672521e42442f068992c04b643453224250e00788b187817ef732eeb6f97e69beca7bf1bb5df99e95a6b2cb271167548e2c1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
95b48b9fd7765e19509ac34e2dbb7c47

SHA1
b91e3549579894c461cd40eb60b41a1615cc5470

SHA256
384a7715ec3afe5e2742b74d46cca11fc32d5fd1c491c7e1d2f825514f3f8670

SHA512
b1c1873184d3d8903379959cf11515252701d056d12ea46a2179e7dbdca6f6e420685f3481839980668ba3c24016540a97d1a5389ed3e845790a605b6be5bb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
0cc1958159a7b665f03f278efde32f82

SHA1
bd3a7db8adf1e1462b8b45e65b724b8789a51ae2

SHA256
4400a9d776fbf05a1c11936149a2b0145821f8675f06d7987e86a3a71735a590

SHA512
769c0274723d5f72a4832345a3b5321fc7e4ec9a8f4eee1b2aba32dca512447242a226e1234ab4403a122be53c5a9987ed66b84bafe11ce628bc59ef65df5331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
414f3565ffbd6cc80db099f81075d51f

SHA1
990748fc0cc06cf227d051572e747667854b84c7

SHA256
8213530a06d7750bca5523158dfbcbcf9fe3310c9b870c5286e3d81ceb4be796

SHA512
9d9605a49cad9c08273ef176d3891427d92a67b2a5bdda17090357cbde7246093d714009d94ffb5044be6d29956bde978c42b52909a96ae694b49b48df58dd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\39K1WZBJ\styles.2c45be1a[1].css

Filesize
517KB

MD5
34aa20c80f82b277882a884aee2d9419

SHA1
2be7b76fe1e9c4c7601f61e0101e0a7ce9bc59d4

SHA256
012947f7fb0987035c5677d4cada914e2cca49758cb518472f6518a6edfc996b

SHA512
f4655986d876f2767ec1e73b65709a6edd7ebc65fe218ee307b50fbad6a8e0ce53b58f45e7b8c35cd804f80567595b4efbac36b37ed338e2463a983daad4afa7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
155KB

MD5
a868445ebb6d65145b28335d36d74379

SHA1
18733c76b94e66733bbc4b2dfe6363cfc4cf0ffe

SHA256
c24bcfacda5b17d05a41c8d7055c994af8143aca6cfce18ef9036127aee53032

SHA512
4f34d38509dfe121cccb2989edb71067a4a5c57156908567c34abe57889aeb403f88b970135d79c4b592e50c66563c3fbb8654b60caeb6c28e33d35668cbd1c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85w5cth6.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
fff6256ef781c3152223d22f41f3d88f

SHA1
5d91c16f1355b14effd518fcb05eea6af0324012

SHA256
94aa41db4b1a73f521fc2352376f1fb95ab268c1939ba39a49109d8b1032d6d4

SHA512
0b692f7fe1142f9bf274e1196dee2746c1843c989017adb835741dde36310b370b0e705aca775408ce8000e48cc3041d82c5f3420cb2dc974368cded53d875a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
664545285c57e55d5b0355d48316cacf

SHA1
5ad2021a03b102779190e6248d99934b0b3ce8af

SHA256
4df6eb230c5cfed75c2e3e5d40a5b6bf73a8001673fba21eb6a79309e662176d

SHA512
5ffb623f5f5b9d7e97efec6e1255aefc37f1a348799c316e7d4e708b8841fa619e41cab173e6462377e03ead0d115e9b508dff124e03ce13eea85ee6a519eeb4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1ef322399684704c36813621c38ede45

SHA1
041ee66d4899926569d79fe550426d98c6aa5445

SHA256
138074f79ec244747a5f86e621d7f37c9773ead1f9a8e2228234f4eedd6230a8

SHA512
8ab865a974fae3357cdedbb28bdc03f60c5b48072ec44cf0c5c854a06a3b6a1aa80fcacaeef92305b402b602e192e75080c5d6b6b1c4482272e5ec9ec73a7c03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9de1111e45a889f3407bcfdab9291573

SHA1
708ed6a306bf14046c8ad8517b04f8b2025c29d4

SHA256
39dd3be83482e1fade0496e7ea66eda7f0c76cb2f30eb7b9ded4e699de46b8b0

SHA512
9ef42b1c845c44d97e7b80c22cb16d419cf3f6faf4b0cdd3bb1de548924a094c4eda80035109b424631fb9ca1fc32f1caa75e17c15678d9054756f3222620911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
231e5afec6d39d5bbd880306df5b5f67

SHA1
58c9efd8baca9a14a101018cda5596c5aeb11836

SHA256
f8e3d303c922ee499517ffd0a21f3a7529aec88ddbfd4e4fa8ef72667a397add

SHA512
7c4e94dc4ec77d549e083109ac2306ecaa7632be7db784af59bbb3b5a310df0dd65048ed36d46ad6f41e5b0280a7f2e147dc0d642a2e803d2425036c5b919aae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
e2d4be90d0302bf83518954400ce2501

SHA1
830131c2d996a3bc0ca2f8253563277368153a61

SHA256
a718f07a1b2b0c887a03c0359afdeb0b19d168dad9ca2abed7868d7a0b590e86

SHA512
968dc439ea6af5ae93141b89b808518245e9c34c47f0fb4a7b2e6b96a3971d661c028e54258b56d7260e1165c7ea472381459da45e067567e70231c22eb29d71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
7KB

MD5
2f7116786c8c4257436b7e0f79012b4a

SHA1
d8a12187504a5048aa5c51a64f87e313cd0d502b

SHA256
12baa0909e2793d90b85027b5f89bc857ca3641e57c1e6972dd539bb693c4873

SHA512
0098ebaee7186b24687013ae8b4f9efe0a035381effaf508cb097997c7e188cb695a2c61882dbe0f02d6d0fa4214c16f8dde3ddca65b14be5b801351f1c04e53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
8KB

MD5
e1b776349cd270cfbb2f0a81683411a7

SHA1
af6d0f8fe38920bfd50afec051070635697e8539

SHA256
ffaec555172bcf56796671dc8f9dd9586c3ab842293e2f42fe9e02258706e066

SHA512
8dac55cb1768df4c948527c77e2314c11915d5a70ada8f07ab7f247b275a2b158c24754e15d38b23d4c85bb1396a755382c4f95e6a2837dc2611dab363b6dc8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs-1.js

Filesize
6KB

MD5
270840d435749f300885a8cd4d6c911a

SHA1
de5c256de02f00458ccb3ac9ffbc764ee1542748

SHA256
189c7ce43fb1c001edb368c3e8ec7f0940af1b96b3d6cad415f078ec5e18608c

SHA512
99af29c3261692f21db1a8121b44e705016ae1917e841679b579e718c0708b899ccda3177a57a6701dff014e01d215c734fffd01148be123b3b6ab36f4d248fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\prefs.js

Filesize
6KB

MD5
f73e52d124620d05267ba934f3b312d3

SHA1
34121aa291d9f88b3e8e3a2fa37cb1c06cac2d30

SHA256
fc898a91ae8ce9d241c586f5dee2e60450dcdc5a31f1a7015d6dc2f4fefe4ac7

SHA512
4ef67626a2ba584817d707c71ddf7e7ce75a780921c3fcdfa8a03de0de9303c4b548ce3c3b493f1c4876d511271978bcd3cdbc2d1003b23c2459847180045d46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3cc989e39703cb8c6709d3b773364c8f

SHA1
41be77ad06dc6cb29393f7775a6e8cc2135d648d

SHA256
f7b7db7f2b8b95d1be7d220575bb45d830533aa96e690ea135027b6a351851e7

SHA512
727c7263a4c97ff7d6fe0b1b25a9f783d3bf220f34f242b44e7b692a9da80486278d34f1a30105cce8365c07dc13712cd35dd8777c6d8bde58a6738714483b60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85w5cth6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
86efbfc004fec72efcc97adcb4927a17

SHA1
0fea5a6868fac01bd237568fb0df3af6f0eee0e0

SHA256
f504c8b8aad11d1a257ab38787e349108698a3a4714367d5ca56df789a839e5d

SHA512
0886054efe5b3d326f5da78f9866e74ef00fb795b8ad8b6498d5a6cdcafc50a70431594b308d15455ab54b3961ec3f33867d5ca9cd91f7273b2954b3d77019d9

Download Submit
memory/5688-449-0x000002551A340000-0x000002551A489000-memory.dmp

Filesize
1.3MB

Download