hxxps://aka[.]ms/vmsettings

Analysis

max time kernel
720s
max time network
725s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2023 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://aka.ms/vmsettings

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455712341383351"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Videos"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Videos"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
960	chrome.exe
960	chrome.exe
3576	chrome.exe
3576	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3568	chrome.exe
2104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2448	firefox.exe
Token: SeDebugPrivilege	2448	firefox.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe
Token: SeShutdownPrivilege	960	chrome.exe
Token: SeCreatePagefilePrivilege	960	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
2448	firefox.exe
2448	firefox.exe
2448	firefox.exe
2448	firefox.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
2448	firefox.exe
2448	firefox.exe
2448	firefox.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
960	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2448	firefox.exe
2448	firefox.exe
2448	firefox.exe
2448	firefox.exe
3568	chrome.exe
2104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 4384 wrote to memory of 2448	4384	firefox.exe	84
PID 2448 wrote to memory of 3284	2448	firefox.exe	87
PID 2448 wrote to memory of 3284	2448	firefox.exe	87
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 4248	2448	firefox.exe	88
PID 2448 wrote to memory of 2032	2448	firefox.exe	89
PID 2448 wrote to memory of 2032	2448	firefox.exe	89
PID 2448 wrote to memory of 2032	2448	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://aka.ms/vmsettings"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://aka.ms/vmsettings
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.0.583958387\670360599" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2539659-de1a-4370-bfd9-ad228f137545} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 1964 22e71cd6058 gpu
    3⤵
    PID:3284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.1.881530203\324385842" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fd7a32f-c780-444c-9073-1e5cdc8c552c} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 2388 22e71bfe258 socket
    3⤵
    - Checks processor information in registry
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.2.1783443650\1159268026" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f53424da-bf3b-49da-b5f2-2c01e3c43796} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 3264 22e75c51958 tab
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.3.1956916086\1075169810" -childID 2 -isForBrowser -prefsHandle 3836 -prefMapHandle 3848 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cf34c8c-a420-4022-ae27-afc793e64bf2} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 3856 22e76dc4558 tab
    3⤵
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.4.160407912\1244443315" -childID 3 -isForBrowser -prefsHandle 4836 -prefMapHandle 4828 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a6a1cde-fe3c-4ede-a865-32ed10e473ab} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 4620 22e5df66b58 tab
    3⤵
    PID:452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.6.658030362\499803853" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {122b0030-01a7-424e-a293-cfb573ced65f} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 5180 22e784f7558 tab
    3⤵
    PID:552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.5.2039080027\855249419" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4980 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e0404c-f455-4467-b91e-3d4411609dbc} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 4840 22e7808a758 tab
    3⤵
    PID:3244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.7.1684656206\824651065" -childID 6 -isForBrowser -prefsHandle 3320 -prefMapHandle 3332 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e574a918-68e7-48e9-85ee-d6e8e8d8113f} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 3308 22e759bbc58 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.8.234164598\785228346" -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 5616 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {046e2e33-fb85-4ece-8251-d4153ed9d00d} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 5676 22e71fda858 tab
    3⤵
    PID:2052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.9.379947693\1080649075" -childID 8 -isForBrowser -prefsHandle 5464 -prefMapHandle 5252 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {023ec000-71eb-4afc-968f-cfc157a46590} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 3320 22e73197058 tab
    3⤵
    PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.10.586392977\1659543255" -childID 9 -isForBrowser -prefsHandle 5264 -prefMapHandle 5344 -prefsLen 27153 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cee0b2d-8c19-4662-b71c-1287a234ece9} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 5324 22e71f2f958 tab
    3⤵
    PID:4444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.11.1774745590\534644955" -childID 10 -isForBrowser -prefsHandle 3276 -prefMapHandle 3348 -prefsLen 27513 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fabbd02-3c30-434e-b2f7-647c97e8d8b4} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 3228 22e75ddb558 tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2448.12.374389938\1531514236" -childID 11 -isForBrowser -prefsHandle 5992 -prefMapHandle 5924 -prefsLen 27513 -prefMapSize 232675 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7e1a029-8a01-4eb7-b599-2399bc64e3f8} 2448 "\\.\pipe\gecko-crash-server-pipe.2448" 6004 22e78594458 tab
    3⤵
    PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x130,0x134,0x138,0x110,0x13c,0x7ffa177a9758,0x7ffa177a9768,0x7ffa177a9778
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3248 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5240 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5260 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5452 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5276 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5644 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3348 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3284 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3328 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3440 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5644 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6036 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5920 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5788 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5560 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3492 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4720 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5688 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6292 --field-trial-handle=1932,i,3826941876662941853,4648366268884738789,131072 /prefetch:8
  2⤵
  PID:4412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
57KB

MD5
b53a1fc454aa63424e5c225ccaa85cbe

SHA1
0b844f1bbd43a6b09deae2d7e68de17478c76435

SHA256
2d2b14cefc3044acd7738632eaad89ca61316144c2e6cdbb6b64b7a5339bd580

SHA512
823566f4a2cb53c30bab2de57b67600fb6f658eedb31c703acce3df52d5ef4f76cd00d955f97190b2e4cbfdea8ebee7533ebd5dc3afa134453f26a35edbc603d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
118KB

MD5
225fdab89a168a34abd01851eae49ec5

SHA1
941ed4a82a2d7a09d857e7b7a0638c1c8c2ca945

SHA256
09106d352497d72fd30cd52967d640304b7ae2c3f2cf5318f0b0ee2116f08d99

SHA512
23889a0cd6707135bc3e0c229cc392c227776fb7e3bcbaef8b9f32d8310188f06f2f6f418c034384e5ea62ce92bc26864204ff37c778680c9d9803a4194e6d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
28KB

MD5
4083f5d376eb849a458cc790b53ba080

SHA1
fb5b49426dee7f1508500e698d1b3c6b04c8fcce

SHA256
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

SHA512
e2e1991e96c3962371880bff43364da3fc9bd85b405feaa20dbef2a415a211d2505fc3ee829f0cea297949190df2342b0cb5ac877aeb3c349745fdc3c0560cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
20KB

MD5
ba4ef2a284e81c8e650d7d24836de151

SHA1
d3cfcadab80139821dc9937966d050bc363edf88

SHA256
8f13bc76d4dad1f7af06bf4b128b6722cc28102df885cc8c82995f45fa2699ce

SHA512
e1003c4a7b9c4b02801e6107f3abe11e5e1e75f433d4e84564ecfc006b0c238fdb4eb55bf4208ebd457e701db32b7f9ab589c2fc294fd54ab5c3f235b189fea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
83KB

MD5
e2909004afa27151ecb0bc3d8b1826ca

SHA1
e5b99d9420df3df077a30137f8db40b7b409e762

SHA256
82ba8ddbc334a2d4e0e79df929ef3a7b1c9f96f2bcadc5a0268ace6ff3673e2e

SHA512
c8f0c4ef70d57cd7f4369117934f405781bd7e0f86b5941b7f5ef838dabbc12ff6059c188be987a8392f36c7b6ea67077556e544ddb0c0d8b298e96ef9252e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
95KB

MD5
7729ca22266062fad76102797ebb4cf5

SHA1
9c3014d32b6867b42ab4930c39fc035d132c22e6

SHA256
9496ea29bf4941907ccdf6e5d152ceb1505a6801d5deef1bc51f1deabc3016fa

SHA512
ddb04dc9096949e1275a97560931ecc6ed95cf34de7ae4c1d6db526c509a9da460979597b419f641c34667ad6f25565f5aeb965bf65945d52737e1e3528d5e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
91KB

MD5
c6233f019b1ca240c5483cf201876279

SHA1
5da690274c798a758f74a10db090179597eb3063

SHA256
747ea5a0d4a9ae62b42829e0f769fae808f5ea8c37b1651431c7c206d081f36e

SHA512
0ee3650c14e7dac3743bff55a3ae5ebaa7ef309911c9ea41ff12ab9925d1f74b91ee2c4aa16398c7dc9faab29caf8af912820de0828657d80f6418a8b58722ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
74KB

MD5
ad58638eca677ab0314b116d3194f27a

SHA1
66bf0499c3488b461abd9c0ed62f8ec71a9594ea

SHA256
4a8df52b71e0fc738da41e818f6b0e5e9d8fc116b65b56d017a237245b4383fa

SHA512
8b1173c4c16ad10d69086f7b72c987764ba309fc1d159dfd01db0812625e4c20f5266535518c57bab687fdda0a67a49b5bf370167b467cfc9cb83462065b5621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
1.9MB

MD5
497fc804084107633a4ba83459342368

SHA1
1a26c659cca7b4eed6e67fa550832fbf25e540f6

SHA256
14982788e902966b036d895893bb3c6d3f7080694b8ad435f0a7f0fcd9f1b2be

SHA512
6edc13cba1f1edee1188e9e65533fb412046c14473ddef07a51e568ffd2e14d8a7dc2e36cbd151727c2c31850313c55ee8edcbcf70399954b06900717454e8fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
115KB

MD5
6b49eb61aea70a421687d9f7b76eb5f1

SHA1
4105e9e5790ba763603e0c16ae66316a2ec05338

SHA256
e80b19bbc8640fdc9bbbb503357e60fdded2a3db2c729ca55e6f29fe3157aab0

SHA512
ee8a825b41ccfc65e46233b9d0106ee5f53db85a4e1117e3611d536b792f9de7792cad33e6d8369318647511de4a2019c71195c42b1bfbf8a9f9d617717e0738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
33KB

MD5
82de9b74d7cbd87514a51642d48ad650

SHA1
6c29e1958e60a31d4ecdac9816985ea0284a9b2b

SHA256
b0974470aab1d674aa1c75d50688aa7f08e60a9958d83618e0ab0537204ac6d6

SHA512
54717a98090fc10aac86cc3a4b618caf44923c9586c1378edd9ce7cf428d3eb2fbba2c1de2b3cbcb809d39383ffbc047440d4f84e2026f89b319e31ac798c487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
35KB

MD5
0304c027da17aba2d1f03eab9d235f61

SHA1
7c5dde1e93cf16679c4ffc878270f8e1c9f971f3

SHA256
9abbca7adfb7da05809739387a97d66ea1a5b99ba0a4d4af5c029d7c79e289f9

SHA512
0b85c43ea46f2253f309f2d2c9a57f0c5620056f09430360f708d6d5396ced3e5c9f8d58d442b52c40bd87fa6650608a0b2cceffebe0f57fba99df54b0624c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
186KB

MD5
9f61d7b1098e9a21920cf7abd68ca471

SHA1
c2a75ba9d5e426f34290ebda3e7b3874a4c26a50

SHA256
2c209fbd64803b50d0275cfd977c57965ee91410ecf0cafa70d9f249d6357c71

SHA512
3d4f945783809a88e717f583f8805da1786770d024897c8a21d758325bcd4743ff48e32a275fe2f04236248393e580d40ae5caf5d3258054ea94d20b65b2c029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
ada6fb8d370992a0b9f50efb649b2673

SHA1
ba72970f3d071f6dadd980d3b2532e782e231af9

SHA256
c33b30745055a4be0f653a20b8fd5f9315e95b37aeadc2e2d1d37e7c76c7b8cc

SHA512
20afff42a8e5604b5d530a384d4011ed846bfb2d4208bba7776e8f92823e2075b14538a6ce688dd1c8a8652a63556e4ccf7685a26f11ab367a6256734ad97d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
eef0fb359c5b00c3994485c464e7b6ca

SHA1
d84ea3060bd9122becfe8b5a1f0bf72d996e1a2f

SHA256
31420c5be3a082fa541debf49aa80d77f97aca76a78f6000babe5f15329f046b

SHA512
861e142b724b3c268e2798d1b1ee260043738df89f76fc13deb8f608272fcf89a06d78ac3b440ba0ae1318ecf5f4515827f472ded9f36d06090323a3ea99164d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5b98fb32c6f0b7c060a242ee3bad7ab7

SHA1
d8745342e2cdead42938095c282b0d65bbf3ddc7

SHA256
7f68666c212f6e24c7888969460a6fb127672eb52a45134fab08dec92289d5e6

SHA512
c9b0af5a7f3cf6db99907b4e850c61e73e6e2ce7a4fa089f8bfc93ea247912bc8ed65ef1348c0317d3e9c579f7217509d3cd42497306aa33597cc5b0a2a1cac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
bd71a8beaab34e1d9c22ebd416e14234

SHA1
e3f25f5375326add256fccd3909b8e71543b4aa3

SHA256
3d5ad5297cfd125d4bfe7bf4e1ebaeb71b3d33143bb212b291b960fcf9d41512

SHA512
0d637053223af18c6d6f4dbf8a606540ec60f0f28f707c30d4297af8b7ca9bc528c7c74dc3121bbc7457593da4141477a98bb4598bdd1f86d1a1b6c9ed7b3444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3e46acae648ed32cebdbe2fb158a59b7

SHA1
2019fe634ff55d40d636b8229c17dd5403a4b9df

SHA256
23b85c263df8e2a8a4351aab7f7a1f53d26ad8112d1d718586f86e3e966550e9

SHA512
ccec7bea94f6121997e2d1bf73c9ae6de189016bb2e2d5e113ff3b74b6b5bf6515b76ded55aeacc1eb64310614c83939124bdf3a54f678f71e0564ecde0960c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9191131192b5aec6a4a93626c3de5362

SHA1
58a2be370bb972862683110b3ac087922803b862

SHA256
b51c93da2b02b7bfa86305d7267e0d7181240da50dc7fc47abc957a4debfac18

SHA512
7aa56dd745cc93be52913b9940e1691d2fe3ab3be0a72e499cbab10f48816d426623a030bc97a969ca33b83fd3ce0ca492638f2dda2374a390924714fca35702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
02bcd1ab625959a8e2c9bbbfbaea9553

SHA1
6d950d548ccfdd89c6ea9620b7e83ada90dc69d5

SHA256
e54a14029d4b0edcbe2396559202b7edab36a1d65b299e06efd1700c3e188dc6

SHA512
1f88a597a07e47fb17f4ef9f7e80f2a957f0e39e8aad23f2954db4bc3cbd2a79aa9af6aa39f8c437283857b165e48311aa26210903f01e6411ba22842237582a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
227e0113fe2b2f2ae0ae5914ac18f685

SHA1
8481998cc5172e35fee3ebb482ba23d9273b1c20

SHA256
33305f0f72e28bb642133a1217ac36d419657923fefc7ea877091253905465f3

SHA512
3b734d9e93e271a083ca704ca572fd784bef5c8273f7085085b7fda3e22b5d6eb3ff9767c981894295bc6fbd6bef9bd808b5fe90f617c40090e2528fa15f19ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a7b20c3a6de8c5da9b5c0a68b69a7266

SHA1
47fd9a972fdc437b2165dd47bcee3f29197c7ee4

SHA256
6424ada48ff41679ad689597911fbc6c251271f0bbc3f4ad5c3d39f80bdf786d

SHA512
4c1c57656bed0038b0126ddd23b149fba2c01d77e6783c3c6c603967bfa659db69a2c5912ae756b443515f78780bf25926f5030a20bf6de217855bc7c4569625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
093f2248c3b32af09c3c515e0f65458e

SHA1
9f78b0267787fb8337472dfd4accc584c8b0c1f7

SHA256
f8edf5a8d234cd941382c7b161412b51dddbeee121eefb428efe518bea71ef56

SHA512
e5a9c1d514920466c6ed03b3d50a10ff4b6237ff2970fc200e94de9e6b1db0f8003307c255f5318ed63833bfa65272df9eb21b6c15d643b45484fa685758dae3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fbadbfdc6bebaf687a554341d32adb41

SHA1
7ccf36cec291623404c15df8aef2dde0cc4b0cbe

SHA256
eef7a840ef1e4dbf18534bb7e6ede469e1e438c24afab8cf92d4aba1b174a544

SHA512
f962451cd2bcc9dd7030156e04c7dfb43d528d5d40b19fbb8d1d86e4ef719137bbb721f4e2edaf92d9df8e4603458e0bf8ae90212cbfb5bb62b87c864026431c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6af67f3f53e06e00b292767af3ba067

SHA1
675d3801654a04bb4ef601eb182f97c43f1f22c0

SHA256
3f41c78804d914a70180c6470843a768bfdbe3aa6306bb2741d78b10ebf2ce36

SHA512
3f9b56f431a6d0407aa1749831af75f1364e14e657cb4a80f37bbdda6bc22a40be87737f48c07dbaf92aaaa614f2ec8df3cb1424003d41d191ed0f914b935217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c90cbd3b8d00366839911c8fddde4deb

SHA1
7529dfa965877e9a491bcb1ca82686ca5f09ea6a

SHA256
923bca23e8b8c60f96db9158158e20cfb076fcaf711579be83e512ee85a89011

SHA512
85167af6eda635c270a35a9680aa0ec370c71ca6380cd95e82703fcb10b7548d107358558b7595d8852a4050edcd6ab40a2715dc15182ad792f6e74bc7997ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
7ffcb048eb8159db1112215566dcd428

SHA1
974abdbe482b78a2cdbc3f522c8ffef8a37513a9

SHA256
86df180f238b90da98f42d341300086cb2e72e8a05153e585dc23d3c4b57e845

SHA512
efc17b02ced89c083dc670ed26a4dbcf7d0d180f547038feb9a904927020a0e679dac754e575d33574f7e20b7c05354a653c36a7e7a8a5f6359a22a9f6c16d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2ecd589485830a7d0de0637a154f3b8

SHA1
080e01daa8850b737a2786dabc04ef4bc112885e

SHA256
91df92abe8137ce1d0cf908c9f401dffbad4c99be1eb1b52cd53bdc933f440d1

SHA512
fd8f0aea6832a9991378faa489ea85b3bc46d2065d5fe9d3dac9dbe43592f4547e44dbfd794fb01fc24a4f9d852ed4dc74b8d89569c68ee362cec090b39aee1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b49ae9a682bee90153065d6a1b7918de

SHA1
de74dba9b7834c9a5b6f67fd9e223d0d7baffdc8

SHA256
72edf5ae4d131d9782d32710ed8b22c1340fd85845df7785371fd27d651ef156

SHA512
fad99449dbe445682f03505ea4603e01b60428b97ec9db1abf5689525414785158f5a45396e9aecf3813429f12c26c8b5643378f35f12c5afba6e451d72c8b32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5cc7295702a39dc5f8b3e409c7efb621

SHA1
a1864ae64d193a4915ebb47348c7ee3dcbc4deeb

SHA256
0d758ac9cf7753cefeeae4605a11ff31649b22ca6153a15d742c0ca6c54e8a86

SHA512
788365247e6eba5f98c97f30fafd19b42764d91419e64b00d2e1bd7972c87150600594368667ebf82f99145a5ce1ab6025a6f816bbd54923a0c25aedd2f88184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c950c363e51ec1a05b16bc3f27568b96

SHA1
3521b760eb3d598ada73c640f59a124ad4d15a30

SHA256
9ce06e82ab4db3d7d1441ec8b861d728e3992970a30c0691fc34b289f851ace8

SHA512
c18b94919da397cb1f93946fb5066318e93e68a73039b098923f4fb7c6c7677cc590401cd43d94da8e45abc4e1a2fd85e9844bfc19e794a01a31a46581d007b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fb7f30d08e42636adc7939bfbb0fa086

SHA1
7508a438a670fd6a01002c1c0510ca440d372f4b

SHA256
4e86e5aba4af2fccd8d475bec41ab4c01725e2c48c3479d4de6685dd31ba2bf6

SHA512
329db44f867d5551909ee325fd1a46569168f0559432451a0aa25c92b6384593308a5fe0259a602adbb31815acb7fbe0392eb280248a3e006a4b8fb49a1fbe93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
910b91afac8998d471dd57b18533a090

SHA1
ce2f6be4bf077dffc2f662d05f964363e63c85df

SHA256
744fc7ec7ad24d8bcab23c625558c430ef50651372686b700f86f51427c14799

SHA512
846d706dc0afe14ed9f7e42e9d9d7fe34cd3d7335842e4889bd088165b1847b80efaa27563f0b51413a5a0ccc15fd1b677658dff7ded861686b2fc2922efc528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0950bbc961798a2cafe979755cc65be

SHA1
3ec2c0ec5cd602464596daf153740bb4f7734863

SHA256
eb0ed74831b8d7aefd20f71e594b8f51d32f61611f98799bac407e6b85ac42a2

SHA512
74b41485dc348d8397389ce32b5eb86391ec27306914c8c2818c4000480b80461a06b21b2836ab2a8950b7a5e6fcdcef2ba10b317c0570df1f001ded1f70e0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d65b12e8ab8d542c8470a9b2be57ebbc

SHA1
bccc507e62edc4e0c567f46097c9a8c0f22429ef

SHA256
4d7353355ddfae3876e3bfbc3097dde750e75007adaafea4044a062dfa688def

SHA512
e21fe43db150381950a973c9ea452ee2d7aa49c4c69decf3fb37be47f062eac61b5a932fa0ba2ba62f0df6b4441a2c5ee9121af0531a47f5251fd5c82df0dbcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
951354f270d0f138de27d144fa5b7536

SHA1
41659fc65f9a7581346e6245cc412aaa8d516b80

SHA256
457c29ea783ab990b029c2e7186ccc1af2fdaf350cb027cf1e45cfada88c9025

SHA512
38cc4c5d296f552f15e163eddd08cc505acc9d7ed9fd297169fc53c8cb2bb0300c296fff1f2dd3308d52607fcf02d9af53ae65022cc4924a0743f394c5c15184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef3a301770f732827d82593331d38887

SHA1
9f2d471c64e2517a27c3dbf3047562ce1939a66d

SHA256
20b2f879d5248d5442ea75ea92c62e2607671266e4b8fa96ad8b076f4fea74a1

SHA512
bd6a3f5cb7ee30e0bce96f0c4cdc5fdff8bda393582b55f3391988ff8e581ed58419ea2125cd8c071b6152d358f80139d9f98966348dc21d1fd42ddbd80dfd0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3457ad8ea6a66f9fde08fcdc935cb501

SHA1
92d3958d3196756a6722068c1ba375cf7a0434ed

SHA256
324da85f0a06ad864664d190cf5e3c562046f9ce1e0ef5bbee18d69c07e6c9ec

SHA512
4d1f70c948e32293bb22760b37925ce82a5c710e1647e29083c392975ecc6b61ffeaa005662eec66edf4a753f5490201913dfc8806f1e3ec5e0b7674e789ca31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bca4c41dc9dc1741286bdd5cfca7a71

SHA1
8a55fb951028cfe2b5c6272891f4c6a3e5c40c6e

SHA256
aac57b92cb13e19ad6df8204b98d3d1953f5b2c6672abf77bcb9b4c468e7ea66

SHA512
e34ce51a21aeee6b8593143e8d2e1ba5eb39b01dcdc99b0e20f1a9fd34fa09d94bc3cfa33ca4b376e19b52b1e52e56a8a68c1c22752756b1cdb156c2054d8b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d66d4cc2408798b03c1cc378c6635c13

SHA1
b45e0ab59f497ae60960acf736c964782772923c

SHA256
7414ad85a8f98e1ac1934e8b2de1aa6398a425add0e99136d21a6a1f851275b1

SHA512
2ec507dda2acd095177cb7cfa1258ab7aa2d2214f2e47819879b709cc98961ea9c097cf135a39780d61a3b41219b24d0ded0f52830934ffabb084822dfba05a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9ddd04fb8446ccd1f219debcafdcd163

SHA1
74bc8e34d4ab23878a55fa1a9d50dc40c0228344

SHA256
7fe3e7493849887fdb0f62e2b68aaf243469fea0832dff10d405f655330ce772

SHA512
bc5cb3a4ddf885ee7a1ec2941d1becb0c960e29b8ee0379f70c0bdf9326c8e720ae0563a0dff4a5b5b4a643af03d47157a27dcf858b1fbefc9ee294186e13823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe603dc8.TMP

Filesize
48B

MD5
31adc6f825bdeb5841d8015cbfe5b877

SHA1
6b2b70d67213bba713b7f8ca337452c4db90b882

SHA256
1713c3b47dbf6cd82bc3e14391d065d66c9b9a67c97a46e1dd7a6bc572ec0dad

SHA512
d75f0d4245505591a9ee6ad0c5c4a7f7b0d01a7b73cba2cca14467cbdab457768aa001c5dd053b076bc6f95554254e6851f4bdddbc3050a87402f2ea4a14912e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
84b94fd1d95a0e63ac08c35cf049766b

SHA1
805e6aee3006225b04b17a615fe842ff0541a05f

SHA256
d11bd39addcfa4417f66f1a54b623ff20da7b129706206bf1ffbf5f96a940057

SHA512
85d835f43e864c841d63fd444c5dc7cd984e038e9ca537db8a602c2d09ca95137b940e9945076481a9dffa677fe53a87a3838b955e759b07c54e54a38854ce4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
d2395d64db3b2ecfcbdf086a073feb2b

SHA1
f0f8061d17c309b8db3d011ca08a300c2bcda83e

SHA256
b8308ff17278289ee59139eb93c9a09e40bace1a71cbad385290bff72196120f

SHA512
b3ad3f65c89b49450103a8b77d5676dfd94acd2d1f396c87d6e634d877755ddb7c256016e96350a9e7855e047748dde60dfcf6161cfc34e92fde151f78006e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
3807c0c62fcc7d582cfe64790d7e9d0c

SHA1
faf4403456fe42f99ef088089fe3448f560e7483

SHA256
d7d78fac74c3a9871b2217c16c4d7ec4b17dce1bdf75550822c95ab2ed3bb0a9

SHA512
a8dfc926354ec6b0e029e2bfe5d6f245fcd57b772c8e06af0aa345b6a529e929092516e6e230c629a7a445a94f550f35a79dd2fbbfe7bb7bbc070e192e5a5cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
3bc8215f7961126ef9bef4af9242867c

SHA1
d5773d793c8cb094a0065b7d9d1403ae6b14d542

SHA256
8d0b39611d14d063e856537d74a8ad35716fa350037f7e0d38452f317f3c704b

SHA512
5f79cff7df130a0e69a5863d21f79fa7ce88d35c11b2313c37067972fe101211d3c0313c851a51ee45507036640e305ac14eaac228e8a941fb10cd527b4d107a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a5342.TMP

Filesize
98KB

MD5
f0c44e2c22a541c2564a890d12c54a6d

SHA1
3618f5711c00c71de0ce0b7506f1d8c4af76d84a

SHA256
94eb1098fa09ea937d64656c9d5022a19b484f5d4ab4e1d6d88f9c794c63cc6b

SHA512
1b0a69a4989eb3a50ccc24fbad054541056a6cfda32ae5a833393062700be549d0bbf6a56e7c659750ea58985215cf05cbe2489403e0889485726144625a5f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
73f2ecd9650f16d6205d7f64ff7af5ed

SHA1
aa203bd754a4c092b323d8779ba7126e1a10a7ec

SHA256
cedf1eebf82e83d4de53d8c729c64bb83943097e2e22ac281340b9dcdd15fbe0

SHA512
b0946716c41f3e254b2bdc5f4dcc90a8ca50c8635c17b62da5f1117f9327da76e798f930985c0b830da166b018fb982cd6f4a3f5c8c213ad28f006415fab9633

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\doomed\12879

Filesize
16KB

MD5
b540d6310554601e5867bd3f6c534c89

SHA1
2dfcc9bc40d442e6be94f7c3239c92781772f7c7

SHA256
6e0d7ec97d5d26827c3df1d1b5adcc7cf54c5aedf334ca461696ff59bec44f38

SHA512
74ef7cc33f1a8c520f3952ac71fe2b121c001358ce4352575d9022cb14b8e093699a07ee8c28878b20ea491bf96076fc100207eaaa1447895ddf8d1f4b3e93c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\1EEE05A75D6200A1FD2E29E301597CFAA58E81DB

Filesize
63KB

MD5
c6a3b95ac73d8991d8f1f86f84a679f9

SHA1
090f705e09facbb8fe42cea4cdb7b186c6e825e3

SHA256
171aad384cf1c74bd3c4a4fa9cdf024fb848024e2e76fe048dd8307d0c63860c

SHA512
294e6f8b6cb974f99c06ed9fcc5da3e99e0f919b8b6e06501dba24527cb8d0cf0128fce758f9c01acba9076068ea97b3076382e9b2f0f247fdec1c89295ed39d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\2FC6E0BD4A8F2DFBD00187B03865B2CE0189D6FD

Filesize
201KB

MD5
a7df2c6b4d6d212f7af55bce92ef737a

SHA1
54338e5529cd6a548d5e4ec9d5dbf12ea913d575

SHA256
e8ed319f4a59038a40c8649c6546a355536e5151b0dffb065fa7e15d914bf651

SHA512
9de5ae07ea39847bf9493463920f98aa1039bdc33a21722d9264d70edcbdbbf4e1a5c5783c43ea56b2fe55761bbcb66ebfbcb119782837f488af5608f1852c3b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\6529F459AE863DBFE091E49CE9A33A134A5B96D7

Filesize
114KB

MD5
64aabce6ebc962fbce1f959927ac323d

SHA1
8d892cce9aff2192a73f784b7581ed640f8a88f8

SHA256
5916c28ed69c0b8a3a304d83d2e6063f7c00b3eb4ed31bfa406bb5e8989d55bd

SHA512
0e8fc1532d7bb9d014219f815948002e90ca937d27dd29686bbf34ac907abe314ee9bc0ea3597b86101f5823f1be3ee8c79cd4fd0666f84a022fc6243d9e0828

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\6FDB13786AD8C18771D748EED3173123339363D4

Filesize
26KB

MD5
3ec1a5ecb543f1d6ca28c09cce22836c

SHA1
4ce2affa41f41ce6fa05c4a6e340c1ecc3227bbd

SHA256
9484a56293bc38c488fbc50368cdaf8f13e4c743dc1ebb4db269367b0939ec3b

SHA512
ec974dc38592bf6a0a3f8307c1039e0e2d28beadc8d48ce5cff641fa8c30dffb3f58b592001f5f3d70e4c51727e5daea4c4df902a7143abd1c33784552476b42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\70E498071123771AE69EC627ACB111B82020F9AD

Filesize
572KB

MD5
73698d60a3d1aed3e3e1f4165bf59563

SHA1
6aaf062c1d2266a069e4dd6124abe310ba1ea9f7

SHA256
17cb597a6cbe5e5da81d89053522547d8b3f9422cfdf05c3c21a6d4f5a813b50

SHA512
ef55e6f4a40fc47e90ecd33e27836ee69b7ec522dd94e0ef099b197a220cdab0750b2b2b20361cfc260e73748df0b548a7f147e9e8ddd636bc83e120c7d7f4f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\8E96A7B8F904734FC5629DFED1DD6C01310C59A8

Filesize
100KB

MD5
6017fe649ff02d82f24a90ba736e3ff9

SHA1
b9aa18bab76333e2ff4bc501bbfd287137699604

SHA256
8d403e84b194a297f70c651ab26cceaa86403de73fc4d5d63389cd49c396159b

SHA512
f32127d9756907c7d30f1659287d8c1495a6a2d42ca7a01da8a667e6dd8a9dcff3be068640e24b69fc0c43142df577eebf1d616c4013548c947fa61f7e4896dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\cache2\entries\9595D8038CAA905C218169D7D685719A64E56844

Filesize
29KB

MD5
40e391bc61783717cedf0ec101b5042b

SHA1
153774d0212f254a51b2d4338049c36f96e732e9

SHA256
c66a2d43cf56d27f6d66ff55b2166d0137a917979019ac2153c7052ae983a0cc

SHA512
fed3fc1bb4180fa5b2b53dc5431c6b28f20eff289c197a002441c5e7605ea0dd940d62b4d7bec7f86fbbccdb10efd90a06f88f1de578ff4c2d798062e8356aaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js

Filesize
6KB

MD5
d24f1b3209c1a134dc8c202406e2770a

SHA1
7a439d8b2d05eed4546ee21c31d1090014d400ff

SHA256
d8a030f031fb19a58a25031ddbfbca42c61f3d43f8373a80a2c853dc1078da7d

SHA512
a0bede22ecafba586a4f9209bf01ceed9c4f5c64271f4714739672345f99f03779fb6f412bb91ab6b415ffeb8f408b3547f74b17b9af0924f675f575fb26a18c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js

Filesize
7KB

MD5
c32e212bd9ab278397f465f7d57b07e8

SHA1
7ddb0b912e50e38de2bd95d45729f7de6cb9ab19

SHA256
8a509e065351397831c4444a25da51ff9428135212c5004f352d74161814cbfd

SHA512
65b5fbb6757d6e31d8709c7ba7c4bdb017ae09f72761e3100b2c528de7f899df6036f8c60e7eb2b4072097cda4a3ac7b8648593ea5e2db528dc3d042271dabee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\prefs-1.js

Filesize
7KB

MD5
981d010bec1a1152d1b61562d77608d5

SHA1
24711ac2055a5d7b038670de1a9adc5d945a0561

SHA256
ac1c751611287d3d43d20f51a40c50bcbc78ccec2cef1460736ecc8fd4129370

SHA512
b7ebd211a6bd41059e3ef9a111f6d224e5e5bcf0e31417715249cc6e526fe010fc04780a690ad3f8aee2c5b094a2234c56ec9ab43c20780ce6dcfc61efa1d51e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6baac1ce24df088f009f6dcbbb4bc5a2

SHA1
a5505ef580179654e26e1f11194821714ec4c4a7

SHA256
880ac36479a2ed09dff36ae61023906b71aa2aa8c7ca3214fb4c9553e8a3dfdf

SHA512
5d675abbaec7588cbfa2b5c9f3f9fcc9fd8072b89a40c14e6a4c8c913c9207bcacb7e60a01b076e8a9fd82f0af4c9c92380330402ecb842fbaf21e017967a624

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
a09ce50afe49c7ac8e2fe1e12342c660

SHA1
d4bb8676f710b8df3aa44fe9394ea222ad11f642

SHA256
1855ed682d1bcd0120e07dd0334772740a3c2297dc8ff5f48ae0bce1a7d7623b

SHA512
90f15c3db8eff4b2a39d9cb0542d2424a81bf65151fafc328e533275457bce07b55146f43b4182bbf18acf377f7ce9b862ae6fd0d23ee1d6e8c926f7a6c53df0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e981158a01d74d7b687acec5035c99fd

SHA1
f1ec4752c7724f49abcac39d266fba9e5a6754ab

SHA256
7ca03305108938cd4c0460d1c96b1b4a933fc95f57def8d60bb89019f1e4ff50

SHA512
6bfec3e864d1a2af34800c6797fe96373ade7f56c5226a620093a89a7755d99c779251775b5650b1dab48f690a56d3f3cf263bf1eac2e55f680d60fe68b5fab2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
3fce82ef7c14525bb60cdae65ac40e68

SHA1
13966147e47a2f7b8d57dbc8a15639f3ecc4f2de

SHA256
5864babd3b29d8b144443d5c7e23a30651f311671b3dda42527cb8e9b8e4568f

SHA512
1531a27c46c9209ebb3d4d1bd6351f0b2cc6d89f67f94057646a2673922bdbe83f3739ded7338c3f861dbc01459b1c57557b58338a2a61a477fa6168796f8475

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
ae81823680ff58f46fbb601a11996fa0

SHA1
127948056b1abfa97256299fd6c3cb63a0c34f4d

SHA256
3d4d3ef866c559b1b28d1052cb18507c1dc278f7fa95a380d90e6f7571f92faf

SHA512
e603609fb05db7fed0638b5b59d5d97e2af843336b490e8e9082dd77127b8b3738a6cf5c1105b807de8e0c7e7807a8f87f32b702322728f41184ca18eb8b0e8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gcdxm1e2.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
110efb896c1b40332b65d6db740c5c5d

SHA1
ec243919e1eefa2be04024fe2aee1eb2cd9c9c1e

SHA256
b5d1a09d68023a8c2ff708a8251f46f2504abd27728d3b11197804a1eb376b34

SHA512
e42143b579cb9ae55e42261e32fec8bfbe87443232642a7d9e82c0ea8c5f091dd1d2c525536e621ea6756ccf2491eea1bfdf5f58e126ecc5b3bdfa61f84993bb

Download Submit
C:\Users\Admin\Videos\login.microsoftonline.com.har

Filesize
683KB

MD5
204b8a9fb058f51de74823fe67131ae6

SHA1
af97c14ce318f4b1dc6847be7a59a7a01e0593fb

SHA256
43ffb5a5642f06a1f6a278e4bd1352e98bdcb44065edd37431a6323289bcd596

SHA512
51afcc401719129076101348df18cd5985a86252a9bbbff302fade960af94962f4d5b34c76f6f4f50cc94805534a27f8810926b559a8a0ed47d938ce4e7bfb7a

Download Submit
C:\Users\Admin\Videos\login.microsoftonline.com.har

Filesize
1.7MB

MD5
b677b05fb8f9ac1f809f5b3ca6b02838

SHA1
a4a84eecdb1e6b00864e71c102715581c68cb6c0

SHA256
ec97f84324303acb125de8f1445eb41d2bc8546fc142422510217c655ca08a90

SHA512
ac0513bc28959356d58043cbd615c9283898c06b830586e388d89f837ae59f3ecde82c092dd908a20e955882e89f798f2d3f2d3c9cbbbca2b2d992c2b0a567d8

Download Submit