b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22-07-2024 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498.exe
Size

89KB
MD5

8de9426cff608a8152edfd338033f767
SHA1

b54d876cdc6e475dca0f6e5375beae9da8332077
SHA256

b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498
SHA512

e9d7d5532bed18d58b3f340adfcfe7ce9aaeaccc555e890104e1b00fd56204029fb60f0e203a59c67e2beb44f4e3e8806e3dbc51c64e8a0c8f8d294c24954253
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfAxl24Oq:Hq6+ouCpk2mpcWJ0r+QNTBfAT

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661657553276295"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3924	msedge.exe
3924	msedge.exe
3164	chrome.exe
3164	chrome.exe
3632	msedge.exe
3632	msedge.exe
5600	identity_helper.exe
5600	identity_helper.exe
7020	chrome.exe
7020	chrome.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
7020	chrome.exe
7020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3164	chrome.exe
3164	chrome.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeDebugPrivilege	4736	firefox.exe
Token: SeDebugPrivilege	4736	firefox.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
4736	firefox.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3924	msedge.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4736	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 812	3608	b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498.exe	82
PID 3608 wrote to memory of 812	3608	b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498.exe	82
PID 812 wrote to memory of 3164	812	cmd.exe	86
PID 812 wrote to memory of 3164	812	cmd.exe	86
PID 812 wrote to memory of 3924	812	cmd.exe	87
PID 812 wrote to memory of 3924	812	cmd.exe	87
PID 812 wrote to memory of 4000	812	cmd.exe	88
PID 812 wrote to memory of 4000	812	cmd.exe	88
PID 3164 wrote to memory of 3576	3164	chrome.exe	89
PID 3164 wrote to memory of 3576	3164	chrome.exe	89
PID 3924 wrote to memory of 1928	3924	msedge.exe	90
PID 3924 wrote to memory of 1928	3924	msedge.exe	90
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4000 wrote to memory of 4736	4000	firefox.exe	91
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92
PID 4736 wrote to memory of 1656	4736	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498.exe
"C:\Users\Admin\AppData\Local\Temp\b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9625.tmp\9626.tmp\9627.bat C:\Users\Admin\AppData\Local\Temp\b7c7700047fdf4729b0c8768ac41b306fa8c2347545abd584fc6ffbcd3641498.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3164
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcec14cc40,0x7ffcec14cc4c,0x7ffcec14cc58
      4⤵
      PID:3576
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1820 /prefetch:2
      4⤵
      PID:1016
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2104 /prefetch:3
      4⤵
      PID:1392
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2192 /prefetch:8
      4⤵
      PID:1520
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3148 /prefetch:1
      4⤵
      PID:5156
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:5164
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4436,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4536 /prefetch:8
      4⤵
      PID:5680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4468,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4784 /prefetch:8
      4⤵
      PID:5044
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3776,i,14634615337961310141,14529466312342768874,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4388 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:7020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffcec003cb8,0x7ffcec003cc8,0x7ffcec003cd8
      4⤵
      PID:1928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
      4⤵
      PID:4268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
      4⤵
      PID:788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:3444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:3464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
      4⤵
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
      4⤵
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
      4⤵
      PID:2080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
      4⤵
      PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:1836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,16596261497311465018,7345678737960343063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5788 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4000
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4736
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07f4d5d0-14cb-4730-b78a-8628cd23e1c9} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" gpu
        5⤵
        
        PID:1656
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6769db06-1939-4ef9-b173-ac091dc009b4} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" socket
        5⤵
        
        PID:3336
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3420 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3092 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b0d9904-2ed7-4296-8edf-2f881e6776eb} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" tab
        5⤵
        
        PID:2716
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 2 -isForBrowser -prefsHandle 3892 -prefMapHandle 3888 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {888c0c7b-cdee-4298-b58f-85dedb1bbe7c} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" tab
        5⤵
        
        PID:4440
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4224 -prefMapHandle 4276 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd458e2f-83cf-46f2-a8e3-a4e03f7b5062} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" utility
        5⤵
        Checks processor information in registry
        
        PID:5540
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5428 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b61fe1-8991-41d0-a1c1-3472a7b15cd1} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" tab
        5⤵
        
        PID:5368
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 4 -isForBrowser -prefsHandle 5716 -prefMapHandle 5712 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcfa8ede-0eb2-47d8-87ce-e4e6dfcbc2a2} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" tab
        5⤵
        
        PID:5464
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 5 -isForBrowser -prefsHandle 5832 -prefMapHandle 5840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e73ee29e-9809-4c12-a370-74523114907b} 4736 "\\.\pipe\gecko-crash-server-pipe.4736" tab
        5⤵
        
        PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3dff738b86b2f8333fd04c0fcd21009e

SHA1
6edcb69d754ff9dc57e6e680c4d362e5f8b60197

SHA256
acb058072faa2f4a7f60eb3b4a84aa09e82e998094bc8f24da552f4f60bb4ecf

SHA512
ea92e168b712fc604addbf9b1a4f546c10e8d8780f016331dcd8d070885eac890e80f0cb90fa79abf0edfc5cb7508b457e36c3cea659f47f73ea19f43286f7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
0a4ebc64d4da159412c64e59dfc067e8

SHA1
f1aeacef917163041c9940e19171101c68166f21

SHA256
0d5592469acc1c3130a0937576f753bac609911783b56cd399a917d2392dd7a6

SHA512
ad469bfc1677ba3e80870b2cb7856afacbf68fcb4028d46871a3d8f95f4c2eb068254ac216a76f19977ddba9b0aa59016e0f05a0d8c23f07867805dd31effa1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f0a1eaffaf3b3af49ee97b4a065b8173

SHA1
5cf583a03c1f54c2c8a54694d182d3a886f0d38b

SHA256
8af3aef032ff4ba02b33e9e5805e2429b136dddee8f8c9bbbe63a46927135398

SHA512
b6482f9e547be430477ae9fc9031779006bb9a8e5316239aa6d8cbe95e01ff4f5455170de79cf92e576a5ebb112f7ff5c1cb340ca1b1d7d27961764b90ec8465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
918ba57a3c1c2e1156a68aff87c23e04

SHA1
cf33ceeb8f5dcde81c1df2cae41db9f36dbcbf67

SHA256
e69885053893e1c21b7e3d1cd19c8866adb854a0681db8491f3a1eae34944747

SHA512
8ac36c67ad9080f0e2a5a2e9d1a2999c0750d54063d1dfc9a9b96f53cd435b60e32f683d6ea2137b25f6d1b132b85bd1264e269970e40919ddfb2ec7ffe3d068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e539c7ec4ce06097367b89b96e29990

SHA1
ce8dfc2093de7dbd4041ee488335bbee677c33d5

SHA256
211a0ff666d7fbf0fa89cffd59ad70db3b3eb2362848176d549780ca2b1ba6e5

SHA512
b6ce22500f8e6e7af6c0495d1bb10c36950999771b9d48893cbdb8a4cdf7cbbab9bc44250f53466c1bd944675437cb813dd321d95bc83055f6a1271c626a66ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
805c682e128c7d44fc67d3b3450b2cd3

SHA1
be83fc8987bf5502554539ea1a9bac1e7e291e09

SHA256
293474bdcfee00af0764c0e7fa74f6a00e7cb9c6eadb66f2a4cb81fac6967ef1

SHA512
dd2c8f3613f7c8d8fe92861a7bc658ec7cac51e85268ac0c20bde805e96af8d6a01f341d2da87bf7b9762929dc6b628057d06a22e861478f6b3e45148ca176e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e462892eb1a31af511b6f7460d3d8c96

SHA1
ae0e1457212df43bd0078ea5982d0be9a8f81777

SHA256
a8aa614d01fa238621664712e7443991ff03aa34c7199e5a52c0c59c8738879f

SHA512
12dbbd5622521062923d4c6411cd49e38ce74a86b479a9c329f97f955d06185e4a5bc71adf34a20c06f7518463dabaddd0dc2beea3ab683c03e060fd6a975164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
522de205a13cccca0eb5548aa10b5c6f

SHA1
0cb38d5f190ebe0f32d6bd4093f7b55db5686859

SHA256
4fe13c535f2205d1edbbc6c61a14a5860fd662d542c297f2e8ed03e172a9224e

SHA512
7d6fba22e9e7261e013a703eec1e2fa785a34705f7c4964713513884fdd71eb7cf1d72f9d2efcdef93042f5bd56ff5317c35aebd582ca423f0afdb8a097b644a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbba6d45ddafe272a886c3e65a1c7e07

SHA1
f10d36d663c8b1046b7a5d5d54d844465eebd1c0

SHA256
8b317be784e2c4c534cba9f10817b8ccd57c39cd7d3687bc67b6aac910ade806

SHA512
4318d9b9038b70db9f4e24c1edcd5fc6e45d745863d3f75681e4f9127244ffec7ca2aa3073b5910c0eb632b2349d1360d6ec1e6a2b3e071b52aad32ceaebd969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f06ca820742b26bd274b55f22eaed976

SHA1
7ac9278c51556fddb2e64eced2f70f892fd1a10d

SHA256
ceaf34b7aa483280a746e7b699e9f123f1135199114e1b2b282df9ac297204ee

SHA512
5ee35458aa315545d26ba6de3f3931ca7a2ff02e7bbe3241cb1ed3583757c66cddf45b2931e6186d0b5679a944f9ba2781eb3ee8031b3ad4559476c5f7a8f3f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c683b9ac6afe750ad576c4d63883de7

SHA1
fe2a0ed1c70412f6d3bc8a8062e293a8b19aba22

SHA256
352e0fe158cf6aa6f0d66c9c9f8623d66f158ce51dbe81da7945d6290410ac21

SHA512
2e031cdb2dd17a8619d4d8a6f7be0b326e6a64543d61b7fd2ccc4ec3c8f6e8706833aa87ab88b189c6ec9af40d79d713cf6caf075ed962d66707c7935b458625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f0e54855b293cbfc84bbe05b44bc935

SHA1
38478fa8289facfaca19dc2460d35d6aafce73d4

SHA256
941a9a66554d45fcdaa02315f97c4b9ad5ec341be130f476379cd9f6f45cc2f1

SHA512
06af601d029c2d7e1788d67b699209373f24015b7bac2f134807d6ebd566be19e4dcfd19b30f447c525b7e8dadd389bcad5d6d86295e677db837df1cd4208641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ad93bfeff3d5442d333da79aed0ec85f

SHA1
4bf0b9cfba103f282cd9e8edcbb63301ee48c43f

SHA256
9440fcd61684b39b4b4e818ed4ce82fc527dcb4b30931d1b04eddd87c775fc12

SHA512
b96c59a673c335c0ae69ce5840957fc04acf52af04b0e52233206286586c61f181a3cd74fa07c002b936c8a0c609eb6c8edb5914960cd37e82a0d5ae1ab3c5cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
add2e9a56ea4594564fdd4dc3420dc62

SHA1
dbc98ea031bb6914ae26bdd4383c4a7301f483cf

SHA256
6c884842434f8cfc7a87f160d3ff8c453c9824b04a123d29c4b979e3ca85c471

SHA512
087870b81dadafe10a16b30b9f1a89dba2987c6cd0409bf88da57e76497fd862246fea0b8ef790a71f6c004d6fa87be797957e74c302a8c3cbba7130e830a479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7c02c761f185bfdcba7b2483d6a09022

SHA1
2b340d9fb4bc1e9070b509f4cb53dce97c8d95f4

SHA256
716e5a2c0103b73378ba3b3018691e441146b28c2f17f5829b7f1a424df47fe6

SHA512
d3dae1a9ab825292eaee13a27516f2d55d51e1abb0b6f4f131de6c2af5ebe94a75bbdfb9e3b2adb8c7bcc4ea9e1de1c6608036febfeaf7bfaac85ef7c6a71aff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
d9ed566073997c15edc7250a2e9edce3

SHA1
bf399dd99823b633ef380631cadd55f22548c0ea

SHA256
11ad05c619306919db6f7ffa4769276b4d1ef9cb129ba7dbdc8ac00d1051b9a5

SHA512
a155066fb18734b5600adb7eae91ce2a90bcd4f52ec30c5a477501e09c7df951818bee5790edfdc85a594f25ca98dd0fdababd182be53a93aea28c57cab76df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
c2960fdfd039ce1a67fcc6384c115f35

SHA1
82b465add962a7f93660ab94942e8db5f23e3390

SHA256
ee7283e70c827c96d9ed0b7a1c64192843eda0977cb86815aa1bfd4ec073ed6f

SHA512
5ac9701a58684c6f05cb1eea6ee390f960e12e59ea06dd91cec6a8ced8a52e2b6c0369c25d0d3e81199406a2498b8a9fb5e6c66e5b8bf08d810dc755a3005ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
38KB

MD5
5b78803c1db2350de3e45ab8f8d14e88

SHA1
448cb59600d208425ab162c3a4b438c33dec931e

SHA256
11ceeeed67a94a87a0e9d94c7fba801e48e59a8cf970893f7c19ec4b37eb9233

SHA512
1aea7d1bcdc59d12ac37d4936beffa9518789b5667dcc883f70744e635a81585eac69de4ebdf0b3fd7cea59b42b4b1ad84e3824bbf86e7f0e0e3698ff5dd3ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
66df808dc41c7219b555f4f58103af0b

SHA1
b4f44bc7b9214905e4bd5dd50582ea511e69987b

SHA256
4a720adc49fb2a08c9e07aeb52f1f2f131a5bb07659419dcf4ec560aae31000b

SHA512
07176826b9bc8e9c8ab19921434911f038cc9a98dbe276ad8ef3997c444d6e4c05807541196d1b5eff3b43d182975ae4a6768ab04eb3191df9da1556c4e4b39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71de8873657d25f160645020743d4118

SHA1
596348169a9186e8d576bfa411ad417214f52204

SHA256
eb0d5911b17b89d00d8ccbcf36e35cff991a962a50582b6dec89af583ae59d67

SHA512
c4c8c6738ddf8f4561cbbd459e14e66b581a7501d2c601d1ed6047e95ff9864f536318cbf996ba491909ab9287f617b39bb8354176cf2cf4b2ba11aed1a66a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bceaf9350c118966b4b798c6e1582120

SHA1
945fe8f8164e64ddd6b9c3f1395840082451bf5b

SHA256
356c76a2d09e9a1b377c2bd62c344f971fedb8941316a0da2ca223f89df27eb9

SHA512
1743fc313295c991e7183ce366d587d11490d950531a96743544d43b34471ce75a9e84d2b12c7a37ec90e828feefc50eaf7c8a769bf2e97136f076932c2c824b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c493677b98c18e94263adbfe51ae0d81

SHA1
dc3c94403774332410196ed421d330750814796c

SHA256
7d068f7534c72b0b6701c3e8226b0f96f2ff97764086afeeac89e7b63816feca

SHA512
03712f468bf60b667f29df46ab2c8d20204031f8d1f5ae13953ed3437d5c13f5122732cc9e7d2a5492d17ff0583e1c0daf1e2e54951a9c10e282b7565a10ba8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24a3a63adf1f4b8f324274776493b226

SHA1
2d032a74dddc1e793377379fe61f51125d84c479

SHA256
37cd58def546f88eb93be735cf8a60933f89a67bf656e3356afa4f6f15c326c4

SHA512
11445bd1dfd33c609978cdd5cfd432f55a7946fc10948e661badef48635bd2f6f12b58e695897db05fb0ff671567b0e0a15400b6b448fc2d4ef6a5708b648c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
884342fb1d35ad15b6af7b79981bab5f

SHA1
4c28956fa11ed92f77bfbffcdc76cf3e60f13558

SHA256
ae937ae6f3120fef15230071dd6af5a435a20b5290d60c606d98b6937118bf65

SHA512
33270a9d67756d95e5a50f2a81b13c63bf4995963204c25ba9726ce25e535e13b3fc23fadaaadff9c87d124a273e6020daceeee10fb90761c64ac7b84226901f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
b7f9098b36a585182b787f189f792bb4

SHA1
463f0c555552b1b7acec67d82fd149ec9bdb8a07

SHA256
c7dda7fad3f92d0ed395182380ca984f20872ff1e4cdcc73e4f75883db134dcf

SHA512
fc9805c00e27e19f93f35cb1af9d12a4fbf73a129de4e44b60f59bbef7842a84454422da1cc4ee944ca1ce67c82b7f4d65fe2d5185631e011d32b8e227d0c758

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
f83f51457235b0b694814652dc400438

SHA1
c708894804a08ac4f53940ac53005667e08e18d7

SHA256
cdf14e82aeb68cf6301957cacd16283907a7846211a80d33ec9b46bce2f62a33

SHA512
07e1251b805775844e3ac17f451300108d523fe0d845757a50a5167ab754a3f5ab12444ca977c76c784889ea1559a06b54c6264f3bb9d1e9d13dd2b6619d543c

Download Submit
C:\Users\Admin\AppData\Local\Temp\9625.tmp\9626.tmp\9627.bat

Filesize
2KB

MD5
de9423d9c334ba3dba7dc874aa7dbc28

SHA1
bf38b137b8d780b3d6d62aee03c9d3f73770d638

SHA256
a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

SHA512
63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\AlternateServices.bin

Filesize
8KB

MD5
635aa46a105d74ad76520dfebd8bd925

SHA1
ad1c527e6869afc7b8da8c35e073808f5c758af0

SHA256
1adb57e9b4cf01eabcc9454fe6e40c4262a682dd9b1a5e41dff4ed751d9053f7

SHA512
9c84888de6cc6d2f53a5da8178ba21bb267f39af99bd636209ef12f859da9523efb296b5d566c8a58bb779fd047360dfe575d9176a902d5eaa263768e8496aaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\AlternateServices.bin

Filesize
17KB

MD5
69a79f3e0635428f4a118abb00120118

SHA1
877247ff8b84f207a96e327c9cee95f7a0a6e280

SHA256
fa709c6d29cbab32988a1475737c9cdb5810329c3028eb7539a0ac02abf85ca6

SHA512
5be17addc2a86badb36187353ed30e81e5c08b946982ee3f814ababa03f6ea01e357b81eb4f8c28f53e9d0399d94a19eaf3a1c4d04da7dcaa947e5fb43d4a723

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
8f8283958b5d1e7ee04e779b55fcb037

SHA1
7eb1cbad4fe41a3f9ad7cb59dc95a3c9807c3804

SHA256
07fdfd65f87ed159466be3b4fde9cd7bab6f14e5af9094f021a500c12dedf9fc

SHA512
f530e309de690c6634e814eaef472585c328837d99b28712fdbad3ac4cc46bf613045f8766ac8ca7ced0c8b668698e2921e4cf14d7b16ea028352874c92362bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
af7d5276ae848da952242fec8fc03e3f

SHA1
f3f2ed297d4f166a89ca5e6d06b29272bb9ee4e3

SHA256
d0c20af9367dfaed42b9758c58d17e458ee19406b0d13e47dcec1ed24dc08349

SHA512
f22e9dbc094587bca287161e2c5fcd7d30cf0f80cc2cb1a35af2a18f25f11642679dd8d3d8369d9a0359690ebd127534fd8e026260480c97f1c86947e974d6c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
474cb04823b68d3b2dd4730d2e67c145

SHA1
795053300294fa056c2a221559ded27b9779e61f

SHA256
9f0fca7666b395888a28f3bc3551e20b1e3b105f33cbbf690a2e8bb5192f1278

SHA512
603af2cdfa4ae7263ee6b050fa38fc90e62e7c4fc8ea86c511b67f86945f7d691dc1e6cf6a9c5f2aab16adf32d743c83bf8b7fdabd54d8e52f137d877dffd16d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
91ba7f9acb3d0938b7ac7a8654766353

SHA1
58a72b1d7ecc2fac7f2027d91a57f3c57d585452

SHA256
d73edb497f775ee3b0f07d3abcc029ab7972881d4a9164c6a2e3895e7af81948

SHA512
7a80fcb42a705ad4b6712efce7409f0a57e8e4021b95575753511b7aa299bff9eeda636098bf8eeaf6fe457bd593fd2ccabc505a9d160bc8afc307c67e509380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
195df982262549c25fd04b28fd04ba20

SHA1
26604b033889069de99627bb05ec58dc6e802838

SHA256
68297ed2762b98fa448ed688b46837c96dbc52322da1df777e6b61dd9fe413e6

SHA512
955530872ca38bd321799c7d27d14dc99da14502134b604b5dab543388c5e8285735b340ff3df639b56e593ca5d4c9331f9209b1eddbd6ae30897b158d7f8c15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\pending_pings\2b9e0ff4-e7af-4ada-a6f8-cb05782770c0

Filesize
671B

MD5
0ca027ddb1dd10cd53d7344475f4fb74

SHA1
c6a965a2872f2a22f86eb2f0927d68e1e5afde6c

SHA256
fe97d5f52252c7741062a5b6e22b3fbd2e6644f8a366f28ca9ef9da445d00efa

SHA512
020fb3e9994393cbf43659c6a6288e97f343f8e3a821370636ac2e5932478c37c1c92f8f4ffe32b57caf95452c343e610b21602872786d3ccd189bbbbf6422d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\pending_pings\8c5c8d48-2994-4cc0-bc04-cd8e8cd025b4

Filesize
982B

MD5
e9e6d34d98f5ece97b200f1e72a3e667

SHA1
abde6424f364f0e58d30898a502b35dabc918007

SHA256
723f5507e8c754c22d25b27b180819f1eb4d53581a4a7a8e4b91358f1c967afb

SHA512
0f5c83af300a8a5342349e8579efd7cfea7ed41dd6678ca80916ef6f0ab112add3bb7863a58b7b3cdce76d5bfc966f9cd63598763fe4de06c28e8bbe476a35df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\pending_pings\c99dd925-b8bd-491f-af8e-faecfd754a4b

Filesize
27KB

MD5
c10997fe34d0f4aa09f6e6d31be1ce84

SHA1
6501756723d437e61cc3b9ad2ce5bea14e8b1de7

SHA256
9f3c30450b2bf3983312faa1e6c98e824c92ac07f0a01b431abc789d49b6b0c3

SHA512
44a773a9846571ded513b0dbe65e26c7995dbe7f4230a0f9bea5aff99d2ca736f59c1539e867c498ba46d272926202fd0b4cfcaecfad82f24364bd4163fd29eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs-1.js

Filesize
12KB

MD5
5badc2833f71c1b5e132d822973a077c

SHA1
8067c19bedd26b85a49e7b0a8005715046078df6

SHA256
914561bbbd9d32d7589c6c0e7bfa2bf060a63d309d1d8cd6009ee5578519e164

SHA512
06ecf8637aa215ca1993b1447f75cbb90a8a0a1e741593fe9ddfcd9e26f7e4361dfaf32e1097582108373576ed14b7815b3490833616e9b9e987957275de03fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs-1.js

Filesize
16KB

MD5
8f29dfc6ce6a3f9302c2d40af29e5b29

SHA1
86c26d2202b29308b4a3be57c133f8c8a1f7d8c2

SHA256
39436cf27678d96c0c71882b05140bc6e68f6412681c5e73317966672a5def82

SHA512
424305b5018dc2a177e27f1244b6adc262bc3fc631efd5a25cdf5663b9e2568626ef5e7eadadbf15c164d9ad31a3596e2992a03221c67caa215d577a7adccfa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs.js

Filesize
8KB

MD5
b100144485ad26d3455ae41e6956236a

SHA1
6a7121b2f1f8db824616d39bf76beb38c20aed57

SHA256
7283b50d211bb01123a76c3e6087b9fe014d7f2cd2c974980d1de35f70cdc4a8

SHA512
b890e6176ac9e2370989aca1b9564b1ded3667d275732ba57144ee906d987ac8b9a0ddb47a0a1c642981cc6958d4809796ce38821a53492b969fdba21c922b55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
5fcf454b4c6fe6f853d5e62bbd59f3cb

SHA1
5b7b47fbefa90e2c72a5b673a2cbff5ed36b4be0

SHA256
60c498566072ac8f78814f699d314a584b94253d8782b8f5eba1f5bc9b2af5ea

SHA512
867108b2e40b6fd9628feb2f7b743df4107cc3522fa190f2011398a2c84f886422b4bd53a16a21db092d72a16dbc03ecc121d1bcb9a5dfb1a8ee12dacb69cb38

Download Submit