hxxp://google[.]com

Resubmissions

16/07/2024, 09:31

240716-lg71nswarl 1

16/07/2024, 09:28

240716-lfggbsycld 5

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
16/07/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655957283917606"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
668	chrome.exe
668	chrome.exe
3396	chrome.exe
3396	chrome.exe
3396	chrome.exe
3396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeCreatePagefilePrivilege	668	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe
3004	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3004	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 3512	668	chrome.exe	81
PID 668 wrote to memory of 3512	668	chrome.exe	81
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 3196	668	chrome.exe	82
PID 668 wrote to memory of 1576	668	chrome.exe	83
PID 668 wrote to memory of 1576	668	chrome.exe	83
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84
PID 668 wrote to memory of 4440	668	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd840cc40,0x7fffd840cc4c,0x7fffd840cc58
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2320,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1920,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3004,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3536,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3220,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4760,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3308 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4884,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3420,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5032,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5464,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4384,i,18271566132441851950,13774652842090597204,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:452

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4620

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004CC
1⤵
PID:3904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5108
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba870975-4052-4618-bd77-de08173af05d} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" gpu
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 25787 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10acad1d-90c1-41ce-a960-01ea67db9efd} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" socket
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3188 -prefMapHandle 3384 -prefsLen 25928 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3df86cb6-ba0a-43d1-b817-71d339b58719} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" tab
    3⤵
    PID:4888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3788 -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 3880 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68ff497d-31b5-4f3a-96aa-32c7dc48e831} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a539b3b1-182c-42a6-867a-b23faa03675e} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" utility
    3⤵
    - Checks processor information in registry
    PID:5392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4356 -childID 3 -isForBrowser -prefsHandle 5292 -prefMapHandle 4784 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03c4d519-5b26-4bac-8341-779e61d59229} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" tab
    3⤵
    PID:5772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5424 -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc75be54-26c6-4bc2-9021-fc40da99cc04} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" tab
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5704 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71ab108c-8d18-4093-abc4-1ff71f9e8c34} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" tab
    3⤵
    PID:5796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6084 -childID 6 -isForBrowser -prefsHandle 6076 -prefMapHandle 6068 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1a8f42b-57ed-421d-837e-44df5be65093} 3004 "\\.\pipe\gecko-crash-server-pipe.3004" tab
    3⤵
    PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fffc2283cb8,0x7fffc2283cc8,0x7fffc2283cd8
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,344060238656151578,2774137878802326554,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,344060238656151578,2774137878802326554,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,344060238656151578,2774137878802326554,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,344060238656151578,2774137878802326554,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,344060238656151578,2774137878802326554,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:5688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\78ab860c2c61b8d8_0

Filesize
280B

MD5
d5ad0bef76a48fc4e8e28751c536f1fc

SHA1
403156be3c181b10857e04a7d74ba1a918517e38

SHA256
08e8b249735c9080487ac3764e9c586c9a2d2d53badc4e08ba3c36c86cde3e3e

SHA512
9a6f64dad98baab6df641cc602638eff5461030c8fef6fd5abc4da435da62faca98c03839d04a9b2601004f0c9e2524eb8e6b77839e256423d28b05f54e0fea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae376cf034c57098_0

Filesize
19KB

MD5
4fb72e4f53ad4b64f565348e5fb6f86b

SHA1
b5584877de20b2ce10cb4fea988f205b419aa746

SHA256
9d3d5b0fa33e8ea4b2acc7ae0fbc8d2999d86853ba943a66e072c38cf8049c40

SHA512
59565ef2aa4051d1e8ea0df26de4c9eb4ad8a4ecc600ba2597c8918412b99205e7b13378b20f58764b90dfed49c71bdfd9854b9c6ed14b47bff2d23f481aba63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9e12092ec09c72043509e9f852e98969

SHA1
ee2a06e5a6db9ac3535b85a720efd68ed1185fc0

SHA256
b1cb5ec3943bb321c060d93262a13eb51c1e0e8d13b16dfe85267faeb5336d5f

SHA512
eb1d7b7815319b454d3331b86165d0e862060b1816779e549abbe0344752a486fc5e884b329a929659fdc468b55f93537c2cb30f1d87ad1a48e280b6adc33223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b22e962594e9252e64973e8b68b72dfb

SHA1
ded614c02294bc4bffb85f46fbc03d2466b3f33d

SHA256
1737939145488f9c0d00ae54e6bc4ab39d2de74bf0c7ad9d5c4803719f24efd5

SHA512
88abe3d73074dfaf41bcf30d8bf7c56e13203a06430df5302ef4612feece2a11e6385e367e92a187f4b7529a9e999d7936093a5e32b0dadbb74622c384d251f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
564fe2937bf140e3fea591436d229242

SHA1
6d3b190cda59765f2452b5045423392683924800

SHA256
57168139c097aaa1d9587ac3855bd22537ae97ecabea385209abba4a469f7779

SHA512
c3e3db16e01c1f3f55049271591128b36b349afecb9c4370543d920965421f9ff6aa55b6d32ff8c43f9d6d7105227edf480167605de7d3e51f9f615df9927344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
46e78cb54d72bf0214343f1afa6ab6c7

SHA1
8a18871cea7557f97006e35afaaf813ec5a64dc3

SHA256
49475c3aeefd01ed7211d5cc26f5c60c5f512970bea66bb23230589ae3d0f148

SHA512
6168469c8fcf2b950c1d97bf6243bee935113bf4899b2311728cdd351f813b93c78e488919a0456e050306d499320186848f3bf759c810ec8acc2bcfbd0341a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0835ca917fd760b64aa8e7347786be5d

SHA1
b115a4617eedbae6ec9ff13747fd6f1588b0896c

SHA256
59b9751dfc9a27a3452fcc8963d68cc70ef407744748f3fca55b49a2ff4d2291

SHA512
3204c6a32667b300e14525491605d402125079f7d2d2678507b3423f79c607351b701405b43f3050a7329b48d092032923d14c67a7457bef44d4a8bcb0b3c819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ab7844fa5326f845a0fb0f0de3cdfa4

SHA1
07a631b8414b49105dcd55c3b73ba7a6c63dfbc6

SHA256
7a8a77c79c1569cbfc9593e42a7a862702ec978409a0c6e4af4d7a8d5dce7ca0

SHA512
147c333d2f9416fd339ecbee5b03cc756cff89128acc64800989dd0529dc31ba1a5e4870972351bcb530f897f0a0facdb40b9b7272427114d7c97137b8c5521b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f7182fe614d1c1ddee654a4fc49bcc44

SHA1
a24e9e069945afe3cc89e4207059f1c6b4e47a0e

SHA256
d26979f52c649637e5c5dc3e140bcab19f1e2f409d4e8a69a2a8fa90e3b2e4d1

SHA512
d674f546d8ee130342ea918056fc92e8de7ce97a2003b5a4993692b69ce2e6b1b2ba62e376b7af65f41801916b1fd79e294ebd633bccf3c0b605dcc219154f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2171faa532aef10b2c2688bbf67b26f7

SHA1
3e2a01b0f60f1bc3f3fe4ee506fedb17826b811a

SHA256
c07f390f97172522dd6485a9ae96aa5a878e46a08c1b1714db9f177c18c80bdd

SHA512
168f85412650621dd153ce1408d978d2505f1808793de3796719eb9423a822bb078f5ec103072ffc1c9967b545456ecb54c751b104ec3d7795143895c088f8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46f73041cb153cec5ac893bbe7879b1e

SHA1
98649c2898570762a6c06cf63fa40394e434d538

SHA256
811f47c09df9899432eda567b33108f6c66d12352483c16d9bb7692ab9d35155

SHA512
a8a62fc0ea555c09e747933c270b3bfddcb3b7e9054096e4c78bb7635423ee69273e307222e9236626eb6108c5cc92d6948c923ed1cca751cba39de75ef2e50e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e72f93c6e345b491624aaa1adbe07468

SHA1
6dad8d9b765871dc2b606c6a613766de84032da5

SHA256
ba176f5d67ebc133bff988f41af39937695eab40f17065c7b0fcc6dfa9291ed5

SHA512
3e73c3ed2c1deebfc68113ae48e364c37e3c859f9551bd69ea3362974878cad5fa6e3e36ccbd2f6cefbabf34dbb8201e40b68e4f97d20b42fe9240d7bfe39a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45948000e73fd606ac962a900afd3128

SHA1
d0519d59a41dd2476a90856a774ef077d735ddc6

SHA256
ad0f9a01020d436b9ba926f29fca3c66c9afbf57f72342270fd7f087b9e495e8

SHA512
2a97755daac3e01977f0fbb9aa554a0120b1be1920528733051d36ccfdb0c79c7bd8ca3faee4b47a6375a3e902b7b8652a3b430f9cff2ea66d8ddd7cad83cc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82ffaac1030b64b0b780ca5aca4f542f

SHA1
68c18b018cd3eb30ab9006c80bde697052e0527b

SHA256
83c5798930a1fa85f738f34b7d9f8a5b4465146e3bf198764f469795cb565557

SHA512
568b183830a3f40029f9bb239b7ec0836f3b32dcebaf19a19e7ff86c1aede975f3883384d28b9a9574194923d2847580286c7ebc777b7f5f927bba3032841830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16b2d13b5edacbb53f0181c503484cac

SHA1
8b9199f45a0883a143b8477d5be3d05e23fcdf57

SHA256
44d5ff3e66c98dc31e7ea5e97cb1269fdaae5f68578dc7d7025d97720eb83b40

SHA512
ebf91316621ad15ce8592dd0e12b90af7ec70b87c3bcf9bc58f6ba3ded4b04bd7743da03fe97531937455f2f719603e0f2469528b26f46438bd7b72c735b8163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e5925679664c70279af5b05d9a2f01d4

SHA1
01eda924dc199559a6edc417d76c12919e095d16

SHA256
85bea3fbd54e588ede6bfa3d6ada95f0b64d37a2d571060dcfee5e0bb3c27a5b

SHA512
d331b1b944999a38eada673b7bf868b2ccfe5584f51cd1eb63f89d8e98d5643cfd2e48655be1242a3d024b779d8271308e02c8ebf025e6e8c305296a2a65b8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
66aab5b22357f2a60d8a86d4b94651f2

SHA1
ab6d3f75cbbf9b9a91a7450cfb6ecf746d565808

SHA256
06608fed02ea5d0194a5366c93023d7dbbe4d7f309138fba6165f2250d8a193d

SHA512
18ea79b26a8c0948cbc5df4a060d8229f8385c722f8779a8c64c383abe3d461402e7c84bdce4d8f1d524237f0ad43e74fcdcf0e6dafb02382d82647f7a54367e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a7addd9987ddd520efb8dce5eab062ca

SHA1
1f2b2bd23c941e0be690859a387b567f5e0ed520

SHA256
be521b567ff23e5784fb0d833fc8ab9d0465dd3d9f59bedfcaff3f102453a2b1

SHA512
3558c2d33ddf8ad7931a313ec53d31f3727982ad547c4257abc32cc20b4f227fc575029b0f26f21f2baf9de5dc5c5ef4bdc3ca11463369f2423df18d2bd770f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f3912adfc16d2514a3ddf1f737273784

SHA1
1a785cb793df1fb0a41c1e3148d8b74408bb5a0a

SHA256
80e47477fec11263fe7c8927565f41e5a817e0c259596c61ed6610c5b44b5c4d

SHA512
5040a21be2401b92d128ee2e348af129ee63793c04338cbf488761426792cdfd4d48945590f700d0ec89c025cc0d5cd10cc54a8e85906882ff16c92004ace06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a2c8c5e384774d958d45a35a2261336c

SHA1
7b551ea1d472a97bb898557ed17b8cb73dcd381f

SHA256
32f5de378c422c3e4c08bede42e7343dd9c0f3b0f7116a18fd27f73ab0e19295

SHA512
0e61d7098dbac731b2e424dc2c4e32e16e002f9b5e56cd9eb6fb6e8a499bb662549f4913670f4600237b2bc4841f8a9fedd35a88b69ae5afaf7dc55472811556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
0bd357bcd89dac112e00a81f1777b858

SHA1
41653157b85d083c646676cdd0777abfca31f46e

SHA256
08b6c672f481ec3f802bb5a8cf09231441388812445ac0ab48022938828c951d

SHA512
d11b238407944386e0d59951f3efe7b24219b50b5b5bfb183470ecb11fc0d9ebb1de0802bcc67f78f7e1928bb4757dfb64b89d296311bdda1d475fa56b02653e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a0bcbba0ec2deab5c33f15461e102143

SHA1
15b6b96494808f9f110b4f5291a9ac385cdeb4de

SHA256
e41aa86232e23e8b8895c75fa440bc6eaf47d180bb10a032b75d621f5eb67690

SHA512
e37c7f666c4d507cf1828167a24086bfb566079aa98056998b05e3b3fcc064442c18633489a132a2e2cb42441934987ec00153b7380ca501e3823a34ee69076f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
da316462069af9fea1da1ffbfb150228

SHA1
765f7242be81c97be40e00e3585da2d8abcf15e7

SHA256
1450a611b3d651d0f84e81772f117e461c8f9cb87f8c4bef5b0b8eb6801ce621

SHA512
89a5b8ba3186bdbd525fb2dcc2e076916e5791ec9770d76e617ac00717e8c6f688b5e6fe2ddea4c5143ccd33c7b79e5c297b43e2f766610d12cb992cad601ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
562b59fd3a3527ef4e850775b15d0836

SHA1
ffd14d901f78138fc2eece97c5e258b251bc6752

SHA256
0a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430

SHA512
ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1ff2a88b65e524450bf7c721960d7db

SHA1
382c798fcd7782c424d93262d79e625fcb5f84aa

SHA256
2d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409

SHA512
f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e6ee38807e20829ee4b5cb235b972732

SHA1
ecfd0c7f3e6abcb04f37aa7d4b3175e3bdd16e28

SHA256
8fe134d98ab30f780fa84ab34cf4779d8f777de51ec2ada804aa912ba8170dfa

SHA512
a4749d969dad658bc164c4f18c5faad904debd0fbd8903c5df296a8347bb9dae0391b285029e63253226e462373e3f53eebbad94ad57039f2130df450e4036e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
2f117db5b20f8f31cb7a0e7e2cf00fd3

SHA1
7f8bdd370ee9c819f9267c59d7c161042cd869cf

SHA256
6536839200468d165395d792be97321cff7f3c1e465384f6557ac45cb8bbf082

SHA512
92f7c2aad9af839744004fb3c2a9ed7a12ea63b5102136f81dd61328b6b3c19900d1bb1a142fcdeeb14dfc29daf58b2c8777958a4bb510639add014f6a72c1ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\AlternateServices.bin

Filesize
8KB

MD5
f3b38ebb9e9a9369e97380ce610e762a

SHA1
837ad818874f4bc0c27b49bd07646aa06e2ac24e

SHA256
c74f2d2b7a4fca9706a6dd0d0a24147d826976270f3414c8545d5c267aac12f1

SHA512
df9be61050dd0abff277d71ac2bc87c107e422e696a618d3addf6ca32736ec9e7c37871988c4e97fc671810b91d4dbf495c82320d714af057ebb7ba6f2ce3f04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b5fa782986243c24d258f1113eb77976

SHA1
8249e3a4e7360bb9e4a4457f198918e41cc21395

SHA256
7f716e26954e56d3d46a89e7d2d295fe9d29afc645d89ab5242add0cdbd33dcf

SHA512
0a9d01b5ed854a8b82f852c50211ddd21612fa2c80051713727f10c044ede3e413a12411bf4b6daf3b6f11f24f4e0c76646db3cfb3bc4ef33beafc0a984717eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a517b8db2bbd5fdb555ea446c3d0d32e

SHA1
72f08bd031ee9aae12775e6e05b6077c6e8ff5d6

SHA256
b23a0fc7d621042af1d58f978c258dbdc0aa00e999f5ebeff90d5e9738b114a9

SHA512
506e02884c5daa06f8df57ff5c7681ed74f81db5bd893f145852c53cabc7251126150f1ab33a4b370f0ed935ac116d17e5a1a2bc951617cf40b50ae815057086

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6a59a92578973b770a1ae1b0b13acfdf

SHA1
9311c571492f2cc1b1ac3a127f1946489f21f261

SHA256
3702962e380eea6930de3f286808c74228fd532ad761d17ccaefe4378ff63ce5

SHA512
9b933a3ab5b9ae81f6f0fe627ea236a62c62479f008f4fd300da0c411624853ac77317d32b6249beeb8c31b210b1eefe6e09bfbdb0a8aefa48ff5a2a51b0cf91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\1d1f6941-055b-4fa4-9282-f8ffe3aff1dd

Filesize
671B

MD5
6bf8edbc23c992c0f286b13349d23ba2

SHA1
c250cdf0325f89c9903f92bde861746667fa96b8

SHA256
8b52046fc2120f51648cf5b5ad14b4e24095eb64ecc1d546820582dd73637f7c

SHA512
1b417ee4a734ab2242cdf08af6a533a7274a6c5a5a3004e5abe6f0927431c9365a579a8330924749e3b3833f1bd6b4844b8e66aa941314f56383fc563187b33b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\39d80971-6607-47d3-9ac8-c8686312305f

Filesize
982B

MD5
0671a8ac2f5a66ee09dbcb88cfbb7d09

SHA1
014fb576a67e8e0e7bce32959a228e514295e52d

SHA256
4ac713d6cb36762a713421177deb77bb98239c0d31234b39436e373cfe3c83cf

SHA512
87141db942fe2d7b7b5f748e3e3d9a7b3aa7665218db37adda4449e5b8beb63707eb4432206f1f4d78e23809f08be320db3079010b7a136a692b5b4cd9ced6fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\datareporting\glean\pending_pings\57f7009a-144b-4446-9901-dc436e67e97d

Filesize
25KB

MD5
90b8ccede08d4e2c4f5fa778c43c1a45

SHA1
e2d41faea172124f796360ed4acdc0bea9da4cf6

SHA256
d9b17f1ff083d17b7025ad4343adb4033d21686ab50759811d0b55cd6fa84c07

SHA512
cbb7d51f73a1e21c22bf832d6476a1160cb470258aabd871736c6ba5ee1c1efb38f01a84af40cbabe5e6cb23f5cbb362fcca78aeac1fa95860c6089f6226909e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b0ht3gr0.default-release\prefs.js

Filesize
8KB

MD5
5a4bd3911101af0d0285b1a4d2784875

SHA1
353b946d8fecdd915ff4912a33bc601b972a74e0

SHA256
6d12b5399e023f5d2dd2327a4972c71193fd2cf9a8b150986b6abe4f29213057

SHA512
bb18a7b7611abc3e5da74c8720faef4444924b1089fcb37b4faa59d04bfedd4c68a1270edaaa49bc2005d2387f5eac026b430a04bf359f3e836c70f1a1149d9a

Download Submit