hxxps://drive[.]google[.]com/drive/mobile/folders/1dXhP3-0LifXCi6cgwInhRJTZ_Sa2MmBj?fbclid=IwY2xjawER4xlleHRuA2FlbQIxMQABHXJIyqyOJXEVqUDxrEWQ_JjPJiUZARgIxfWCgKXyNTZLVaR6OAgTKQ-zHw_aem_juJ95_GezKj5a2-yQBKDGQ

Analysis

max time kernel
31s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/mobile/folders/1dXhP3-0LifXCi6cgwInhRJTZ_Sa2MmBj?fbclid=IwY2xjawER4xlleHRuA2FlbQIxMQABHXJIyqyOJXEVqUDxrEWQ_JjPJiUZARgIxfWCgKXyNTZLVaR6OAgTKQ-zHw_aem_juJ95_GezKj5a2-yQBKDGQ

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
92	drive.google.com
93	drive.google.com
149	drive.google.com
150	drive.google.com
151	drive.google.com
1	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133665870198512254"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe

Suspicious use of AdjustPrivilegeToken 54 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 940	3988	chrome.exe	85
PID 3988 wrote to memory of 940	3988	chrome.exe	85
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 3440	3988	chrome.exe	86
PID 3988 wrote to memory of 1804	3988	chrome.exe	87
PID 3988 wrote to memory of 1804	3988	chrome.exe	87
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88
PID 3988 wrote to memory of 4408	3988	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/mobile/folders/1dXhP3-0LifXCi6cgwInhRJTZ_Sa2MmBj?fbclid=IwY2xjawER4xlleHRuA2FlbQIxMQABHXJIyqyOJXEVqUDxrEWQ_JjPJiUZARgIxfWCgKXyNTZLVaR6OAgTKQ-zHw_aem_juJ95_GezKj5a2-yQBKDGQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffaed4acc40,0x7ffaed4acc4c,0x7ffaed4acc58
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,17922892697857498851,5231036204372017804,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,17922892697857498851,5231036204372017804,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,17922892697857498851,5231036204372017804,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,17922892697857498851,5231036204372017804,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,17922892697857498851,5231036204372017804,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,17922892697857498851,5231036204372017804,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4880

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffadd0746f8,0x7ffadd074708,0x7ffadd074718
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10366980443182511307,13213701769480146858,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:6048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5452
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f881cf-6b3a-48fc-8879-f4a4540e522b} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" gpu
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 25791 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e64e10-7317-4258-8f39-5ec43efc7a22} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" socket
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2812 -childID 1 -isForBrowser -prefsHandle 3912 -prefMapHandle 3968 -prefsLen 25932 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e779162-1bac-4d55-bac7-3c9ebbe84c00} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4252 -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db1c13d0-710a-427b-ac98-d9d0aa53b7dc} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
    3⤵
    PID:3752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5084 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5068 -prefMapHandle 4900 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63739f4f-264c-44c1-91b9-2aaff9b6878e} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" utility
    3⤵
    PID:6736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5324 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a8c1c0-9fb9-4290-a71b-af18132acf7b} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
    3⤵
    PID:7020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5616 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {819a1bff-2878-47d2-9979-d04e99305b1f} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5364 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c988f95-ed99-4013-8b44-7d65e849c88a} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
    3⤵
    PID:5368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6040 -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5864 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {789a46a6-87ba-440f-adac-57d7bec2e17f} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
    3⤵
    PID:6208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
860d8962b394a1babfac857ce3e3869d

SHA1
2570ad3319bdadb7f528ba42da8e8e69725c8737

SHA256
07098f716bd714036c36d95f5f33a3e22db4e9d6fd461991c1fe53082d10dacc

SHA512
31d49cc2297cffa2c844c98c8106282ee9ace66346d6e482547da32f72a6ad392e5b41e55b1faf623c9b8c6f6e4ba3954a79693e969f833a19486e519f58aebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2c161176caf3828e6bac396ff1a8f7ae

SHA1
507243e0fe291cadb16fbadc40fdaffb277f2bc6

SHA256
0849b17f9c11b8f84b42104c30ad9928c4fa9ea2937a9578ae610e726d8a4913

SHA512
d46881c0773fefa06cdb70015f32b6302423bcbf0ab31f257863f20bd99cf7f5abb81492ba4aa30a1b9ae0d410bbffe7be8b6d5c7eeef2e34c918c22b302e872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ac62cc45af2feca8ea87e805e2714a83

SHA1
53b511e9e0e127ced12c42b95edc029f22d49c48

SHA256
0a9976459e843efb1a603eccada3ce3be55c218a0af5f06512d53b36a170091c

SHA512
78392103cf526706e1e5e66935b6bc25697567e856e9f6fd12c25f7df4e037a3b57694f66492c02c2efd1b1caaa86a0616f705d5071b9477d476d1f298e095f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
30e5ae44594411db10b8b713172a4270

SHA1
0352f71556c8fac86dfd9210dc5048aebe2de408

SHA256
a30e6b6ab0eae3e998bea3c0408d31d8b78fdd39a250a69161d72a6d47c34cfd

SHA512
cf6de3d335a02b7aeeae7a53b70e5dadae776de7d7a75efabee8bd61b03da58c8209588e5a578a9352711b7b384f973376b4f47477b1386509cd35947e9171fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
d0198f2ad603149b92f01ddd4461d7c0

SHA1
a6c3af91b4226cb1b84cdf443f943727e1e499a1

SHA256
f024cb4ddaa16b5cc56c353f2830a017592b7a9f0b0dab7d406cde6e128d4ddf

SHA512
95b48ac2580001034a033472a2f0466adb835a6c5d1f23b12621d9e735ef0a039f78a7ba016286aa210b1fb3ead63937a4efc15c3bc24d18a27773780a5754ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
8462f544c2c8c03cc8406517b89365c2

SHA1
425e429512b6e4fb0afb9deb51cffc07f4270313

SHA256
c1b669432a8a523dba205a570cd3934fe244671182f23ba167e0cfabbd03207b

SHA512
aa907204d5ae5c000977342af93271664e2729cdf60481bc5a84392ab4fd5b9013def78e341c9f501bb274b21d20812e6d5f94546ad6c257e144b64f8e87ab9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48c71db64d5e626686d356701d9efa74

SHA1
9660ff7e68f3e52cd968d1d9a2e6d06ce420cdec

SHA256
81b674dc70a85029d9471704e20e0b1b9367a9e99d7a225422fef47794e53961

SHA512
cd174fbceb3ece3244ee2e9cd99c99c304aa202e474918cf015835d28d4c072389ecf892260ecd32af0296c5b27b07e716d5e32e4516bc804ac416628e6e9535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82239e839185918d340ffef90f4abca5

SHA1
755c2306a8ee9e0e120151dc32c67edbcb238285

SHA256
f39afcaa11a4918ce97972ca5050b101cd56907b6da19ab32958299d48e3fe91

SHA512
d0dbc05fac00fbfdbe2f67aed9d571e3517a3245e1b71880547411e9fb73478d3b1e75e06eb3b3409c6c1405f6657bf71a2f4db1f07b4eddb3fb4ce42b74437e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d9612cb5672298fdac5612d0de2d672

SHA1
dd226dd6ab9293b8319c5e45c80eda782665fb5a

SHA256
0e6b11fe9d4ec95c84e84d8eff2c5c3c480cab88d7e5340d9fbc09894b814a3d

SHA512
ac8f7047548dbd71f3becfe9aeebe8198d2bc5bd38b403c6884fb8e8170ae26c6d1f32a012bd58126ee274d2454bae926b1508973c0ab3d9b378bf7014238bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
d9c2f3122966aa03f073b57be1676e25

SHA1
459ed632f6620cdb0601ceb3c5f44206b930896d

SHA256
438af3221a23e8bc08fad11a7117b6f54feb9ad66d26749aa4e1128077f61b11

SHA512
7b64d91d6e63d13b657ff9eee0e120848508d716ff23dd5cafb2de58dc0a71cd4c649c39777a5e71ce5137f269fa26ef5927bb8bf2d5be0961ab5e537b274daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
be10a7a34b867ddfb9ce6fc09b3987d7

SHA1
0e77a7bdfc39c4e21ebf2e3aae9920a9b8d0a463

SHA256
fb915ca987f947168662aa65b07af4cbe4edb3959a9a9e98bef7834dd3ee41b2

SHA512
7189acfa86461c4a58d8dc33df600f11d65dee8bd2dd85de304439d04465f97200328fb519eafe6e453f52ef3df69ddf0eb0b4e755fe188ed5a2d4e06798ff43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
49ba2604d38793769d3fe385e144be70

SHA1
e1586e04a98fb96227698be74d6e13734026f28c

SHA256
c409af61499a2872af8b582fd306f7f49e8364ea04f460fd50773aec392fa64d

SHA512
580076db7e5bb4d1b09ad6acc94d400328ce367ff93d8f8d30791a486a49f457104edad078c39e9188ac2f59dd7d404a7c9aff89824b684bc9c174dbf146befa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4a18ddec290de637858f25b0e2555337

SHA1
2a34cf9ae72bb117aedf6274aa00a15eab6af5f3

SHA256
676cd42aa3299cf944c7b8d65cf225b0da011681dbfd115b29da69dfd17347df

SHA512
830115ef34915fd4165d2a060a50d1be900806666bb6d3a0d2af2edacce5047ca0ee5987d25b6d1b8ac675a9de68c370fcb9f0f88abdc99cb53604d530367e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
409KB

MD5
cb7c60389cc17b4dd8ca078ee80b7378

SHA1
3079bfda407e81e6bd2287e91776acb1da32e916

SHA256
afa9d126cb07bfefaafc7e62182f1ad82bb72c414c37673c1191dac2ead1442b

SHA512
618c5dabae582c0efb20c337fee25b43388229c6f9bf5863fbd7bee615a791d93951742e51b434593afb986f3f7c6aa82d7ee8248a10246aa98a5c1527313a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
110KB

MD5
c4c3b31fb8ed06e405e2eabfee6f0ca0

SHA1
b27d7a2473a56120d70d0f57fbb17435d6835529

SHA256
beaa2dc0346767d734f891e7c794c823bb768f2d719d96f6a2ea947a0af565c2

SHA512
53b1de893a6c3364896c739e84903311a6380921345928b243b3556be16670cc3c2de3781183f82429a7be412b4491be57581bfb40334d3b0381972c5e650393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
337KB

MD5
95794a0189765b9c0e9622f8de20fb78

SHA1
2de81d9cca2b73a668d03c47695d862cfeb4edf6

SHA256
4b0b168e37e73f97da1da000e43c0f1de76e1053d22204a5f024e85c27b0cc7f

SHA512
d1dce971a88985b28f67679853e2f0c63362ffb328218bd02f626645deef3efc6302b6016ed55b300d0fd41c04fc5804907ba0eeda6b754cdb8a1c71b2d96779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
34KB

MD5
0360dbc6e8c09dce9183a1fd78f3be2e

SHA1
6cd4b65a94707ae941d78b12f082c968cb05ec92

SHA256
2db6bc36808d43fa89029c652636e206fa3e889b35ecf71814ab85f8ba944af3

SHA512
93c9f1856142da0709f807ca3e5836065e61bc8160f9281fec9244f31ed8ae8df500cd5c64048ac59b4dbc36ebd18ba8e7fbceef58134dd76441079fae147ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
43a56afc7ccb89b6a743eb72acab2fbb

SHA1
7d579461b6f54e8d5cf3cabbe46cc62176e2fcef

SHA256
27fed86021dc525e3b056efeb747e7ba4ace2a18ebe35541798cc2daadddab16

SHA512
fd56b72174c907e149d54e8fd4e5c36da02b8353f97546ac7a365503f13f8c127c80b6f35bdee6c52a7cdf79bcd86993320bd5774ae5bbd10653cc9c1f553eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2959ad2d059b2e64a39afa231952a5d7

SHA1
ca22089b17136ee364a25d7899e120dfe4d48352

SHA256
e2faf2f2d5be8f3e1e7c83133c31daf8414a6cf75dae1f7ae6cb08f000dfa6a3

SHA512
76f601137660898b7927cc1166d61e60ab2cc3caab33d0f0d373ba3db3e0ecde7619d5ba37b131dbc5afdbae833cca49fec73390c275bbed2be006572bef76c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6be62ef381a3192d9d3a17c181ecc6fe

SHA1
20e67c3779304fea7122ddede799729228cb7e3a

SHA256
239179a76026f5f6408bee5774b69ec0e123918c16ce3b477b05e70b032d60b7

SHA512
ab223bebc3693512c694ef21edf34419aa7e4b73dca9639844e23d1b59dbac7b31f253b3e858726c4e19d736e4f21320c8668c72b2bf03a15535e06ac6ece98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d66a8245c3c0646676307d6ab19540cd

SHA1
5296171ae6b871b43ab37ea4f6ab11145c9f3068

SHA256
44360bc0287071f20599021e3fb05b3b17f206d59cddf51a88d0cb752c95b0df

SHA512
4d0b70749b6f5b0577b9015f7af24d1f26d254c97f8e28fe8d93bd37b9f1ee69c86de219684acea81f41d683e0304acc1d23c8a615019224c697aaddb7cff2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0af53a17bdfefbf9c1e7a3904a681da3

SHA1
0217359cd8cfe2db2a8158c0e2a03d0f5cac1930

SHA256
3a9c0a7dfcfb2d75f957f5830416069027402a2e12040966cd51e806a0df0382

SHA512
73bd9b75c29edf1cdeac0f5e6846a5eacacded9e3844bfa0a2080c89b14534d6f214015b981ee2f89c29cbce3f6df475c57f5588b723dd0e051d188954e31534

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
d623371ed241d2c9720e61551e73f87b

SHA1
d45b7a2cecdb886caa9d5485dadd19794004b9ef

SHA256
2260fd53141083a13aa53210cc411c950bd67c99ec9bb1976678183d2e0f96cd

SHA512
1755271cc5c4d89b56338244939d190a3c3294481c4fdd635ce8fe2f31049de053ef9303cd9b81409ccd0a96b85dfba389aa85684e2c5e56b5fc36715186e76b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\3BA5B42AFEDB9F4C71C77DAFDFEDDCF9A1CE8A10

Filesize
247KB

MD5
dfcd2dca01b760c98377f79d49e63e96

SHA1
cc5d25da49c977d4a9f55f58ba5e14423c4dcc11

SHA256
2540e27e3c5295ce93e8953cee98512169b63ab3476b70ea3714a976d48c23a3

SHA512
f6fca868b1eed2e06cd221b58ba7bc18b05cc451a682f8773317fe70577ca2f2732d74b6588d94da3349ba1cdc2456384244247d5820ca7c1ababeae07693b33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ehv06adt.default-release\cache2\entries\9A0C602007D99C839E36733711072713A16A8E06

Filesize
50KB

MD5
2b25980e2a9cc1e0dc43a514b2661e5a

SHA1
95a6b7161c9d056fc35ea745330f82a50d4cf471

SHA256
7451a8a8809c93079fd8ac91a2c7c4ec5c6af3b23f45ad9bd0ccf66e2b6c6a9e

SHA512
5bd3b10a3cda06d6ae7907ea63b60a9974c66b74d43e1ec1d06836e81abbec80a4ad451142af6ae2d1d1a2560084aca38810dece5d902af8244e886993b4d774

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\AlternateServices.bin

Filesize
11KB

MD5
4c2db2610357d8001c83333972b505ba

SHA1
b4767935aacd369552e915a48cf94f09e33f403e

SHA256
55cd8c635fb08cdf053ef11f76f6b0046a48d616bdfb0c0df5cebddf7d74e261

SHA512
82d19193ff1e778b46cda9581316627079365354fe013c430b338500e93f3e4fada7d9a9fdfb3898747e48054ca5bb464ba18cc6ee7db9b224c0841aa2f5af89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
267c2de845ee53b82911ca063374166a

SHA1
a51fe3bb29271a96acb11f6eb13a0ebe4b59db16

SHA256
84f4da63dd5beca94d9b1c23392ed34c01f1a9199272cd104ac577594bc5fbb9

SHA512
2035d9c6028109ea5b6a119ab148e3c557ffe75d60d8697f2e556ff4e689193a023ea1c409658194261dabbb3b153c128518e388c0a322d60a2107341c5a08ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
05619c3cb44773e42c63aead37bf65dd

SHA1
11cb57bdd8c41666bfb5c134a7963cba6740d9bb

SHA256
a9a6c6c96be477ae0912bfa9cb29e5a088f4639ee8254b077c8e04f43f0455d5

SHA512
785748f6e2c812325f321af97031a877bb5b59927e8765d6f459a01d28678f96995a1f85fbbae8fc355fbfb6b826034d2d260c94ce7e0eee22efec6bbd6af999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\05f62714-bcc5-4a46-800c-43dbe75e4f32

Filesize
27KB

MD5
2962d55a56583c4948bae2f48ea60cae

SHA1
b1626b03670670d8e4d7d58e630d38fb7ac08375

SHA256
694596bcc50ae78d95fc2fd42b430899eff016574214913fd592bf5c9e73a565

SHA512
ed06cab252b493e3f584b4b6b3bff273fee3ce75c247ad8ef44d8e68c30efdf8d1cc32a3fe67bab6ea75ed8af86bfecabdc445f44f7c7f5fac6018aa49146157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\71012573-1a84-44ca-a637-0b0c3706a847

Filesize
982B

MD5
fa1fdc54e2b72407b8409eb5affbbac1

SHA1
db2a3ee6c50752a88a78aa80db6831195f56f5b2

SHA256
856af16f012131577061f07d5dfc4113a8ad1c3f32ae1314c88609dd4bdb8333

SHA512
cdc1d44a2783988211cc7a0bfe923ff30da3eac2fac92f53f95c645e08dc5d2b9a89992e758dd7d88307bda11bf9a3f7f91896a4db38a5ea723db384386357f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\datareporting\glean\pending_pings\e7545c6d-5a21-484e-ae55-7f2b97ee582b

Filesize
671B

MD5
22315154fb065c811114eaf740b737dd

SHA1
4afefb45d4349759f4ab3cc2af2c2ef5f444358a

SHA256
6124ba4b8459c2bc7c37a2012e776e2945ac37adb91197d686ece02255d444eb

SHA512
20763e6b567df87b3a4c8bd2400e788399a34cfe51e1d86cd99314c02ea03c404f4311456e4b624b68391f638030d783c7d0401e41b6a923ddbafdfebb93ebbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs-1.js

Filesize
10KB

MD5
da4d72f74a527e55ff9ef5d472482056

SHA1
806e023c31c0cb9e9c2eca80b435a7be19276db3

SHA256
362298bfa071d6892d9fae32239911a0f08b081a1d190757d17c5b7c88c04a8b

SHA512
a155be4b8f79cc78262025ba61d22d2a1ee9b8e0ec4ced06bcbc6608d60a2031aa893ee7c2a3893657990753e88da6af5a89ed1a7d3627ed1a0f70ddfd94be11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ehv06adt.default-release\prefs.js

Filesize
8KB

MD5
5ea7120b9f881c1f59b5407c4526feea

SHA1
36b5580e19049010445f426926ff746bcae05bc9

SHA256
cdee6ecf9132cb3f78dcd0ad2821d8ade9ce0c96ac9601cad399c021e65706a7

SHA512
55a15621c6eed814084c88746ec710e42ce5bffe21384d633a79fcd0217605e562c5b4d3ccb19e751b19344b39f00a3ef05dee07fd601767971d2c45c7ec4af4

Download Submit