hxxp://17ebook[.]co

Analysis

max time kernel
330s
max time network
326s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://17ebook.co

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673893692855701"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
872	msedge.exe
872	msedge.exe
3756	identity_helper.exe
3756	identity_helper.exe
5160	chrome.exe
5160	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
4768	chrome.exe
6272	chrome.exe
6272	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
664	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
5160	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe
6272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	312	firefox.exe
Token: SeDebugPrivilege	312	firefox.exe
Token: SeDebugPrivilege	5316	firefox.exe
Token: SeDebugPrivilege	5316	firefox.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe
Token: SeShutdownPrivilege	5160	chrome.exe
Token: SeCreatePagefilePrivilege	5160	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe
5316	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
312	firefox.exe
5316	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 596	872	msedge.exe	84
PID 872 wrote to memory of 596	872	msedge.exe	84
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2940	872	msedge.exe	85
PID 872 wrote to memory of 2136	872	msedge.exe	86
PID 872 wrote to memory of 2136	872	msedge.exe	86
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87
PID 872 wrote to memory of 1348	872	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://17ebook.co
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa08db46f8,0x7ffa08db4708,0x7ffa08db4718
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,4932747315396030480,5028441533378186590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40528e3-4b66-4173-883e-97c547059302} 312 "\\.\pipe\gecko-crash-server-pipe.312" gpu
    3⤵
    PID:4064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72fb9f5e-6cb4-4251-990e-6486cb32962d} 312 "\\.\pipe\gecko-crash-server-pipe.312" socket
    3⤵
    - Checks processor information in registry
    PID:2756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3240 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c24d932-5e21-4883-8e25-a3403675c89e} 312 "\\.\pipe\gecko-crash-server-pipe.312" tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3652 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67ad2e3f-0432-468e-8056-b0a5e5b6dd32} 312 "\\.\pipe\gecko-crash-server-pipe.312" tab
    3⤵
    PID:768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4504 -prefMapHandle 4536 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66a2b16a-6d81-4014-a2bb-80d637b46801} 312 "\\.\pipe\gecko-crash-server-pipe.312" utility
    3⤵
    - Checks processor information in registry
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 5264 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f083331-5b04-459d-acf4-77abd6601d4a} 312 "\\.\pipe\gecko-crash-server-pipe.312" tab
    3⤵
    PID:6048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d48ccde2-218a-4e0f-8793-c218154aea90} 312 "\\.\pipe\gecko-crash-server-pipe.312" tab
    3⤵
    PID:6060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2aa5217-2b66-4f7a-b201-5f06e9911582} 312 "\\.\pipe\gecko-crash-server-pipe.312" tab
    3⤵
    PID:6072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6092 -childID 6 -isForBrowser -prefsHandle 6072 -prefMapHandle 6064 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1160 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47fb7767-2195-4128-9caa-784db714b9aa} 312 "\\.\pipe\gecko-crash-server-pipe.312" tab
    3⤵
    PID:5344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fec3c87b-299d-4a3b-9efa-5445f74abe9a} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" gpu
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {463f9f73-4cf0-4c2a-8f21-8b2e56552e26} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" socket
    3⤵
    - Checks processor information in registry
    PID:5852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2864 -prefMapHandle 2884 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b19c52a-e602-4e16-b722-cbce3dfdfc10} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4004 -childID 2 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d74703-4758-4f39-8e4b-d148a119bdbb} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -childID 3 -isForBrowser -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {142a9ddd-a7ba-4a06-a724-8c60f0dc3c46} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5060 -prefMapHandle 4996 -prefsLen 29144 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c76c8ff-21dd-4a0b-9500-1ef62c6c7c19} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" utility
    3⤵
    - Checks processor information in registry
    PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5372 -prefMapHandle 5220 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {348c66ed-6746-430e-8c4b-3a8314322029} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5516 -prefMapHandle 5392 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8d9914-c9fe-4085-8de9-d176194d52cd} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 6 -isForBrowser -prefsHandle 5716 -prefMapHandle 5720 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b50a82bb-2709-4b70-b692-fee66d58050f} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 7 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc235cec-21c5-4c53-98a8-d40de1b9589c} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3160 -childID 8 -isForBrowser -prefsHandle 3444 -prefMapHandle 2328 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3f8277a-a2b1-4341-9a42-48be3c13061c} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -childID 9 -isForBrowser -prefsHandle 4652 -prefMapHandle 4640 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca7ded53-f624-4e1c-879a-0b1b2fc3adf0} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:1792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -childID 10 -isForBrowser -prefsHandle 6140 -prefMapHandle 6136 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02c05f3-a706-411b-b04e-1a341831b2c1} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6396 -childID 11 -isForBrowser -prefsHandle 6388 -prefMapHandle 6384 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e772e98-67a7-477e-a36b-f2f1e55f5eaf} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6272 -childID 12 -isForBrowser -prefsHandle 6572 -prefMapHandle 6568 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69375176-f2c7-4f15-82e7-9b80c253035d} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:1220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6704 -childID 13 -isForBrowser -prefsHandle 6660 -prefMapHandle 6656 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bac9714-1bdb-407a-94f6-5a6a2768f171} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6960 -childID 14 -isForBrowser -prefsHandle 6880 -prefMapHandle 6888 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34d4f587-298e-4874-a558-b068c730fd22} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6704 -childID 15 -isForBrowser -prefsHandle 7096 -prefMapHandle 7100 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b0be383-1ef1-42d6-8d84-db7cb02ee72d} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7080 -childID 16 -isForBrowser -prefsHandle 7296 -prefMapHandle 7300 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fead4db-ae17-435e-ae1a-966454e3e0ce} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7476 -childID 17 -isForBrowser -prefsHandle 7556 -prefMapHandle 7552 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f93c1ec8-1d08-4d0b-8a43-016c107339bf} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7280 -childID 18 -isForBrowser -prefsHandle 7696 -prefMapHandle 7704 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbcbfca3-e9fe-493b-b45b-6cf0bee158f7} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:4384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7848 -childID 19 -isForBrowser -prefsHandle 7856 -prefMapHandle 7860 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a19f7562-c581-49e1-b487-e7862510e0ea} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:3280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8040 -childID 20 -isForBrowser -prefsHandle 8048 -prefMapHandle 8052 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dce5507-5f2d-4e0f-aea2-5b992e29796c} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:4516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8236 -childID 21 -isForBrowser -prefsHandle 8244 -prefMapHandle 8248 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a8c63c-144d-445c-8263-0dff808ff5cd} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:3416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8516 -childID 22 -isForBrowser -prefsHandle 8436 -prefMapHandle 8440 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac413f87-678d-4531-ba5b-5948f9fcbb7d} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:1484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8636 -childID 23 -isForBrowser -prefsHandle 8320 -prefMapHandle 8640 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e9fc600-ee2d-4bb6-a02a-b9a0697d9c5e} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:3084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8812 -childID 24 -isForBrowser -prefsHandle 8820 -prefMapHandle 8824 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8822f80b-1174-414d-8169-cb1f964871a5} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:2300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6888 -childID 25 -isForBrowser -prefsHandle 8052 -prefMapHandle 4652 -prefsLen 26998 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cf21915-8e50-41f7-9fbc-bf57e284b8c4} 5316 "\\.\pipe\gecko-crash-server-pipe.5316" tab
    3⤵
    PID:628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xa4,0x124,0x7ff9f804cc40,0x7ff9f804cc4c,0x7ff9f804cc58
  2⤵
  PID:6220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:6164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1756,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4956,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4540,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5040,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5076,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5580,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:6672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5328,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5816,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5568,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4800,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4460,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5632,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5136,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3228,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5228,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5204,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4028
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6b13c4698,0x7ff6b13c46a4,0x7ff6b13c46b0
    3⤵
    - Drops file in Program Files directory
    PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5404,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5856,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3332,i,9484034040399111396,13975141256841343907,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f804cc40,0x7ff9f804cc4c,0x7ff9f804cc58
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:6492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2312,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4400,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5088,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5492,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5608,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5140,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5508,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3456,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4456,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5164,i,16295270261344410809,15998752541762936300,262144 --variations-seed-version=20240805-050143.334000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4696

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ebd1e0c475994371b3998462615f0d05

SHA1
14e355cb59a4e518018b776164c6d0217aca50e8

SHA256
6982055c717bbdaed4aeec95fd9209e1f933093cf5419bc09194366ee80b0541

SHA512
7aa0bc09e0f291418fe3b6683c2e6e83781a2d96af1d36fd47162a132cfb1fe0051135fe401c6f953c85948974aa79343fb88a0d40ed31be7c60249ae21a3a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\97cb5651-7f11-4c04-adc1-2746da54f9b0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\56679a7211016321_0

Filesize
19KB

MD5
7430687652fdd656b15e346adec0ac20

SHA1
6f16361536d6ea533630c8bb8c10a07b8d79b510

SHA256
da49b158ba55467c64ab3e8cd600fb87a0fc0d953d082618ed3ab70624a34317

SHA512
d44b6912c09ee7a6da45f5db06311c620f27c67b712457ef91b728ae7f8c689f91b29ccda1e28a0f6efae684a81f27655186b16e18ef2c9ffe5e79e336615f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6723311ae2cf5f1c_0

Filesize
280B

MD5
696b47e5f1b994c0a1cdec70b6cde974

SHA1
c4fd5486830ee9e617aec51616f6f5accf90f33b

SHA256
f9181943d87ab623b602fd7d71f57e6b3ce5f8e39b153bd931cbdec72d7c763d

SHA512
ed7209b451a2f6c3419fb5351546a29d3de820a570016a470122ec8fdd1133c7ab1c8ca7ab98e059add146af5b85830ad9a87e16885e7595d9bc095c6569b87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ea9b8918ad020319_0

Filesize
289B

MD5
182221f82dfdb2c7896cbe9abc2e7146

SHA1
d9db712724237ca7d8a8991cbcf16686ab755a49

SHA256
1e239c796ff95873b7b35cd2db235b1dc877ebdcce01a8361b3fcda671bc57ef

SHA512
7356a97d9df6084d11b0e91d273d234939c926858b1e59453fba7aa8cca58935d10a54149f607ced927dbd743ad2f3c656df6f1a96685e11056415972ed90ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
58a5766954da7e45c02c3969bf850834

SHA1
6264d9cf5dd384f9ed53f411e484caec4a3f1b54

SHA256
a51e2b999c21221cd9663f5e861c8e5b2fea8fae7481b9ab5dedc2477bb8c53d

SHA512
eb8c930c83820adacd052f8b262c5bc77567f3f24c46209e1044d168831fa7b53b51a4d8c54f0ecfd6c865d918b5fb0889ce7f8ff163a505558d20eaa6725506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d8e03461b84d578fcaea40697e42f437

SHA1
b87686849218e16fbc2980f702407b13d4292438

SHA256
99296e295ca9ca1609d6d1a8e117bbef839fb994b1c4a700a6c3aeebb0025c39

SHA512
5bada344caed8238c773e0676bb85723cf40637567ddf40e9356961404d75d07d726cd9491c1582166eec39f485785e306ce750b2afe4d0570e7b4a14483ff41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
19d4a23d0a4d02809de474e8b13c55f6

SHA1
a20f761dddf786d9639b5bb9f68d0aa91f5a90a9

SHA256
1f444b10a3b4c40cbc674d21e9a0478d3d37e76b5fb2d4d9b15de0bfae30a1d7

SHA512
8b25cd67beba59771a9efa0f7d2c092c5551736e944f3940ad3b6f9fc49b243d92b82f57d993c9c9fdb6a1b19855d4d320270ceef8f4151b2275da692117c54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
70e9f64f11e0855937190f69e3f6d978

SHA1
c31319648b4822cb5d294ecaa8f10b5687ef8aa8

SHA256
e46a6716c292978f3c9100050e48649f78198a5cef00c5fd6dffbe41214313e4

SHA512
f4a92e5adcb2616c4c60e6cb71566140ec6a5c76648576b9f591adeeb2323d7fb702a43404989e1cb71b9e731f4c4a323a341964420531b7ada43470ad3fedce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
75b26df09a4b86e67c6f99f6d73dac75

SHA1
76187757b9ceaed262661b60fcc10be0ed66b835

SHA256
80936556159d2a1baea0840afcce90ab3244f056314384a6f8ccec7cf8cf296d

SHA512
f943a448e8afc42627d20417d094fb2616beabdb436cd132ec4cba40e9d826137e4557c9991540f4c804b6fce822de564daa58105278869ec54fbadffac55986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e3a0c8ce81b19e9d5a335b48cd8f42f6

SHA1
2fc3fa9b74abecff9f289348d6704656c7015401

SHA256
68ccde3bcf5fb649a98b9ec80d1ff6e86664b944033c8c999fec1f45091c1014

SHA512
b9c73e737d69f5e97bee5236fb85754c12ba02c5234eaa5d0a2bddaa2dea75ef13f46e3dcd770325fe4b6afdab9874c2bb83007629756e288da88c57ab21e654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
94bb9f77a30ab6bbb0a4ace8417818e5

SHA1
49bd1f9e543d052ff964244a2e4168f92f023772

SHA256
4da34bbb161531ea1611c218a1756e0f1ccb4900477ef50816ad2cdf3d123fe4

SHA512
281e1d0c6e8d237710bca58fd03b16f95bfe081b7a7efffe7c6eda9e85f62d96cd1a62ea92759ba50c041741596f9d30e279cb69d52d64f97730608525994a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
149eda2b3bdad36439e819a15f66cfd8

SHA1
9e8e323515adc2dea02f813247cbcddd9a1e2be5

SHA256
fdcde25a7043761e97d5d39c1a922dd3e0d1c5c22e68dc6a29e5b7f221122538

SHA512
a81da7fd0b9972fc6f738d140f959a7b0d62758b6b6a8126526254292a55586fbdd16f22bea5bbb3ee87d9ca55b371075610f596bb1ab575f51b0a7c23e34b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6f335fbf7f783a34197ecca6c51f9878

SHA1
3a4c102f0fff2f63bd7a608a62b3b46596e0452f

SHA256
1d787cd63f5eb1e5ff2e4a2d31cd3ea5a2a340bd31db6d7d609c35e556e39c76

SHA512
7add0989ae1e6ec02bd063926194c7ed75ce13fb44c3af2cf15cdafdfa98a8027b24279729e95b38125268e79b946fba4ce831f8d264f7e0e57dde344bef8446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
900da0cab76e041c6cbf73537a08dae9

SHA1
d3ae8548d9264153c8dc266a4d235af27c468bb1

SHA256
bb6cf49511931daf30a175b852a0c56c538904d37a12fcbef647b2fb29c7d2dc

SHA512
aa11231ce8353f598bfeafe2c4fcae575d07e943d1a2369bb427e87ffe3523ffc00dc1c69190fe7b17f008ab5e580b048fb7fcf2bdedac8685a65f304ddb2f2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9e5eff42ec83eed2f9ab2d86b95683c

SHA1
ddee22fa1a5f9e0588153922dee849f62ca84b76

SHA256
8eba381b2edb959e52db7b016bde689a40681a5e2e84fab507ab29d5407e92a1

SHA512
fffb8306a0aaea3ff7408ed6d7e3dede35f61a469da8802aaa36dbb283b3095ad060997f799213fd7eafe3d9d28dd20a1b100881a6a33bb11ff4e728e55e66ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1877decbfebb63bc9d8eb07d8e829a75

SHA1
9253a7a322cffcd97a50f4b589ac24f514a62d10

SHA256
2ab6e091b37c93ecb749877bbb0d83eba5238869119c9cb54ff4580c8f2c9645

SHA512
250fcdb9c6e82935cdf077c576e1556ac3d3af19995dc42b1f0d899a0cd8695c7172c841b1266407e9f8d1d936e3b0c2abf8ea34fe32627203def4a570ff3b09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
64b0c1ec13fd219f75790c36936d8540

SHA1
71f2987a3c00a08c8b97c469524f8c84c69039ac

SHA256
97077663630658aee0c9278765921cecfc5d5c484734429ed692f1c48b841c94

SHA512
07125e8890fdd16321f92bb432673f989e66d282a72da1b635e6f18ae6538051c9f14d4a6bc86c50707c909f9e8ba32177fa5c7dd2aac316c19da62b42f48126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff235b0a35468b9a69c39adc371a0fde

SHA1
ac35e1827812dad1bbab6fe50adc2b01f7c2e29f

SHA256
444a4fc78cd6ecfa01af1c3f504c9f04bde953f325b4ea09a7de9f9e3c7cdb7a

SHA512
cec471ab31f9701b4d2c799a8a71a3490546d1af8365b04839607dae7a2abe2a3c1048df851f4b7297cd347707aa7954b4345415f6d3539744496f9ee8626cee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9083b968fad8aabffdcedfb3a71b583a

SHA1
904440a21e1fe481777a098e2d95e105d935e2b3

SHA256
976b81bbefb48df3206a38e1d78e99fdb041fc927757325295c9b19688004dbd

SHA512
908bed388aefb64040e3c4326775514ba94ac43e88f7b39378fe7d22911389c570280920d1d3419d795a0b9dbbff83a2cd5432b75c3205f9fabe3643734ebdd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
307d0429224b1d2b15e855397893628f

SHA1
67f3e3436a7f51eff26aaae4c82fabb5b44a9083

SHA256
0181222bd86d33e76dc1716e71716bb42d33df03f63a2825eb758c4ed3fe025b

SHA512
05cf6d761304208806041cd6fdb087de522bed050f484547bb0f79e0de2dbb20d1f462637d9a939a40c121b2a3b5ef77baeb794988caecd5c661cdf121a27f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
6e9a4db40716df59b04adc1e7cc56854

SHA1
c9e241877eaee68d2e5283328b4678abe9419cdb

SHA256
89428a3028fb161af0fb4d3325ae7c7ccf10de6b01a777e24823c181dd5aee4b

SHA512
b393e425f70125816b7b442823e5b7bedf6358b9050a7083306292fadbe22901e5b4b278fa0e97febe270df61ebe4739fb1fc75841fb43927e9fc4e4d1e5da9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
109e607f22e7970615c1e458ce834e10

SHA1
f4261946e39225ca84dcf8dbc022950bb820793e

SHA256
6980305de0ae144fe462e6c3faf47211012412ef38abe23ae099feaf6bfd42f0

SHA512
7a7d862f363eaf4f626a86faa968ca7004de3932738835b96f7d0d2a04c930856625874dbe11ea0dfb2e330935649e1cfc53ebb426426c2fa9a7d3e413ab10a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bb78a2cd05ea2dc2451a5f10694ffb3a

SHA1
540eced7fe99e262d8dad8b068fc57e93d2f0295

SHA256
a64daa42c925f51c61a1649381e83e7694386c878dd9b5e57befe8a6f6a9f012

SHA512
1d22ebb0b1929b89b5c6552f311859cf85bf769a6b955580fe0341b244411587dac3778ca46c08bdea2febb8b663d4e4351b34485355cda4c54e0c83159430ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3372b928a7f19b98fac6a58ffd365147

SHA1
4b981a2dcc3bf16a2b03eb575f796df502a95fd4

SHA256
f827e4cdcd924f9cc2dfb360f2c6732b7b0a96e87989730635be1b76886625ad

SHA512
19252f1ff77db8c4bfc1bb123b51dc92f084d59bbe5fcd919f330c2ab9266949b489e720948fbedf9ec7a9a35103818210f34c2f6383d0afbc8a4faa44d3ea8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
85c80e55251424ec4544cfa208d6e0f1

SHA1
d4ceeffed3448a4b493797f1c59cdf0837d0c261

SHA256
cc5652d0a9333d47be2760f504193b280d8ab469c485004d4c8bbb27e286e4f3

SHA512
f7b8c5f10b513120ead37946ce8b6dd2bffd8752adf93dacb60fddb1613fe1736b056d7bdbdbb19b40514ba47f6c9f90c685530b25d03f7ebd78adf57bd9be06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a212a24b2a6316e6ccfc055dec84abce

SHA1
96c3a2ddc3108c1de08ca613eaa4b605ed810e0e

SHA256
376bea160b4b36902cdaba140c71d6a8c3ef46ad2b2cbe62a3e512a98cb9c46d

SHA512
dfb20e77c702cb5b7da0fe678c2673938fd9296dffa46cdea0315a42d32a30e253fa35e87a63b97fced1ad08f09cdc714688541f0f7dd52f7e9ad82e1eabbe5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
625e87180d9f51e9333bc75c25c786ee

SHA1
282b055dbfc843e5a9a1367bdf4d8e2f7abb6d47

SHA256
8a71c52aa98f5b9b26c925bc1e9698872f8d1af6210783364fcf45e0d6f338ca

SHA512
8a625c013b62fd7f58dca137a0b5779f798012095a148147da14da0ef8b6eaa0803ced5a28b2104cc613e13a39cb06c2029d1be8ac4e8a54ee0d3e4675e7f3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
770c4816089d17444109cfc668885efd

SHA1
6397188cbf1a6c966525a83775bba47ab740e040

SHA256
6bbc7558eb5765ecdece5385c72889fdec9ad2b4b9b06443ba94e994066e0f0b

SHA512
9ff04338ef87460a748fe5b8189ce3d914e0fe566c58b4c06c3476fdebaac7fe428de7d075b0697b9db6561c1bd30165602436f42576f81dfb37fdee2eb72f76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
92d402c6014409918a5ff29e90bddcbc

SHA1
5642417b4ef4549f0226506db11a596a523e6b87

SHA256
c59edeb99edfbd800689fae188ef97f990564423259e651886af5aad9bb03de1

SHA512
dc207a9e0a718e6533a9275db43ab123904ce2c590e768cab97c33acae1e050eda5f71f30c03b9e57254aa0c262d9b90040aaa7b9b82d2c8dce20dc07750a1e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e7f04829a81f184e3d8def2cde4ccbf4

SHA1
764c2e8c123d708f4fd2a254eacdc56943e551a8

SHA256
40f1afb30b0f30564d39f49eafde0646332e1bf97c743355d869a6f34d1e48a6

SHA512
50bc505c325c55197ec23eedf1d6977c8c124aa382fdbd266d957afd44a433e5d4518f5b156172b8e2f151f817f5358526284c2c3760403dd41fe4e203d5f5d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9eed381214685ecefa6f446a6000f8e3

SHA1
a4c2b7b3b41886264a3cf8c4e7fc0ef675a22290

SHA256
f8c0b17bd3d7b81c7eccc2f8ab481639b490c8e48e42aa04546fc3e4ece18699

SHA512
9cc9b3d5b19dd5cabfe20d8b308912017fddb568d78f7ab10e7b8f7099bb2e00eac61d49c94147b3c43f70687c7de89d5185a47c2ea8fb0ad5d4380fab051071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
35ab02389ab30ac84b2cfc85ad2ac315

SHA1
3de439748f556cf33fcce5f06f626c970a4e6e9c

SHA256
8ae3490892fa5ff308526f05b9ffbfddc4bc6764151d89e134ef7c454fd17d95

SHA512
5547d3c70b0355a6efc3e5a3676dea804e7d866554862db5877674aebb2294b6cc40e18bbb240e712929d566d747f6d835c151dd06f6b6ae71d106762c027153

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
91a721ca6cc876debc4774d20570ed3b

SHA1
3263b974a44fc3ac09cd447bcce6f48db4054ea7

SHA256
5877f69532e913c1cf92f1d1724d9cc95522bacadab9246e492d0ffc9c6fc47b

SHA512
2447759f6490365fb2eb68529ea26f5e9ada6a624f5147ac9b6c4d009fa8a5f0605c5e7161db2c7bc434a5f66c5cc77f1e1066914300a42a7e406088a3182ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
b599d3cec527ffe9f8a776a37f3f3c0b

SHA1
bf2a68d9745bd1bc08810c64e4bb63fe4590f611

SHA256
d34ae1072c37458f2073b6feedac842853004424b72dc08149d12dddf30888cd

SHA512
2fcd7d3525dc57a65df1dfb2abfa42648b7c8aafb2dfc0c1e6c51d36a9a72a8a7c3ddb0f0cfb43ba5482db79ca4ca3630fbab3b0108fa3a66d5b09befb7f2daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee0b6aaf7c65a9d06c556e29c3794ca6

SHA1
9ceee8a55176d0f96e5b6954fdcf27cf683e41e3

SHA256
1ae664ca529ac0a276115bf4bbe0ffc552a851734861e66afaef7d6698566b66

SHA512
90c5bf62e29c40a892b3de73614cb5b797b5fcf4a4da257fc6c500c10e2cbfbc3e94a73ab7a5b0cd587480e092b5d393b9c96a736641842ad9fadc6b5805022f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28747e6fcbda5c29352ffa34557f9570

SHA1
5fb2d596dff210b451b8d540c7913e88f5325761

SHA256
b2d4145dac0c0aeadc312421d8f887a4738ebd7be328052b07ae434174a2b0d4

SHA512
053f453b15942429dd5b83f3da7902c88524acb9b2b54dfd91f73e32a285f5cb0073dd9c1cad57b5d0eda9bd6e638fbb08c8b616f54eb66790cef89b56d99ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86a0eaa9bf7e329d740b4b29a163eae9

SHA1
8921042484642af3a07dff5e8154d1b114fa9e0c

SHA256
1fe85fc28c9c981ea16e384ad8f6cd81b70693ca14ac672b2a189c89652cd2f1

SHA512
23e7bf8bc84f57a7f1789bda7ebc15771b78365fa02c19d14dad1683dcf3daab536c899f8aa02003208a304a894e6d092bf60c3a1e0cdd271424353267f663a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
f5ce99c7ef4886e644f7d59c8ba6008f

SHA1
0f50fc8dc415c2fa8f2f4b119bd23ed6a1d857ba

SHA256
7fa68f66edee5799aaf7761b1eaa28d6f3dd9f10c018cb9b9726c63d798983ef

SHA512
e181a1dfa42261f4ea4a5f11e42c350a5da27e00a6213f194a62d595f3ccf65e9d0d8ee3fe4ac7be8871d908c4f7f51c7c6f46ddd6204d72945a0aeb96445a09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
861f8c44a5632ec236131c775fbd74a2

SHA1
eac27bc2f2d4511a9b12fc18cbb8ad3b9f9cd22e

SHA256
ef3527fb573d8bd4c3e84928c16dedfb5216ef90ee949c306daf1752912266a4

SHA512
5bf925434e291a6d3f2271fa15181339ce4ba2dc13cfb06b988353eb1788ad96f522130ef6358ff971b3c709697c717537c6b9ff87549518abfab34768882d29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
1700d5b12acea0b7eb064edac3d521f1

SHA1
9c4714ed27a8a4c99e5e77b99bb030470ca2679e

SHA256
a31d1287582564510db9af9cc751c4775f1afa3da29dcf6ab6951d62aadf5ef8

SHA512
db74f347aa4b04a97622fb690daecb667d4f43edefdfff7d07969bceb706ada003be1c33a601ae9cfd69e8fa2959fc6a3c7330aa06ce4c38ca8253b31f111e93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
ffcd39c0c59e517062c77042a16c74e0

SHA1
d5488b16b5f8709e2031d284f7a490175266407e

SHA256
c360d5c4fe922ebee34ab40ef6f8a6f8677db7520bbdecf105eced50b00ea032

SHA512
f4196bf56bbb75d106769a49e47f750feeea6586de85dc32df243954fd7e88f085c5638f1d47b569da86f90ac1324a6bd1df7965804d58f4c9a6f9adb5fe7ca3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
91ffb77e441d11b3308fe3437752b35f

SHA1
8073985d6e087f5803abfaddf0f7bd153dcf4e90

SHA256
79daec1d7ab40f64def26f5ce899055c142941d149699c2525c15f7e9137a6ad

SHA512
b9fa51dde8ecddac8e21be21f1d8a7c59f86631360ac94838c80382eb9197c515edf9838f50755d8057f43d6086b304d6210fdd718d167973bb732f3bbde53c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
130KB

MD5
f5b8b7e20bbb47ebcfdccd2778a76ffb

SHA1
66e9a18c89d87f8f3740bcc9e3af12a4d6966671

SHA256
5e2d44c7d7c2d89b06603c966f5aa27c19d39d199fd62866020dadc01b15e099

SHA512
db12ac484bc942530b6291aca2defd5e516f13fb7300108bac3f21dda360816229ce2426525442c3c9b8827630cafd80e577b4d9bf065a4feb5e76446d814218

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\scriptCache-child.bin

Filesize
705KB

MD5
19bcb67b36d0284fb32873aad9382b44

SHA1
c2ce4e7798ff2373b2b576ded609847b5a472a70

SHA256
df3d383cba8360899ab4f9799f60b21d13514f32d5c5676a94fa985b501377ff

SHA512
0c19153c37e4fbeda74b0e32786a6fe99b2fab6c9691843a569f8613095e72b9d8c5a1128dcdfbc6c236dce4e5a514dce3c96ec17f22d4643120c7e00723fd1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
51e2b60b435eb60f5ffd1134e4066e6f

SHA1
a289984f92fa293f5f8ea3dd6137390469055dd0

SHA256
8c5bbf7ab0d3abbc7b3eb7856e887450aa8c966cc03c986a1b015fc6e68f6320

SHA512
ae88ba80ec0f78f74790597a2e7db2b2efedc9fa238be8e655599de1adf90fe40f11aafe80a83f26387295fd078e72eb400c64d998441569122944cf9afc8bf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
0a1c26f139c5727d270976587374c3a5

SHA1
fbba22ceefff2e7b963070d3c37469a8d6b1b174

SHA256
a5a6fe5b68ef4d79e6cbbd415b608156f5840b857a9983ae424ae71c5729dac5

SHA512
cb94ed10bc64739d041bd057205121ac4f303d6d159026107c8253be5319ed259ff0ecb0591f161a004c6c52528de3810c41c23e2dc2b9403f9116352a5b7c6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
6bd3796dc0023a736caeffe1be5f8fe6

SHA1
716e985f78af249a2fe25522e6bc9632ef723096

SHA256
d99fe4e7d9b60225056eff277c3e98aa1e2d7a11bc3e56404d76849ed07a55e1

SHA512
113892b5ed6f5ce4c8229e86659567af6bbaacba81bfad1a64675a52406ae38a5d079043a272893b1ece49e7665302b297b87cec3deaf4dec704d55f3b704078

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
a5266403cffccbb9f164bd8620d8020d

SHA1
6c24c2e3c5538ea3b5449fbe56b8490a68e80884

SHA256
08cad3876eb04c5c259f1761577ae577b81f566cb828c31f08be90cb3bdb3890

SHA512
c11b1335a2751a3a20ce4df28b99d1d7f85d752db02670a916ee72fcba4a2dec6e83c0e0058f7b7351f2fb9f2a12f58f7e79fbd68650f4de1fa4d7388b22f884

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
590a97353f78f705b562e523a31f01c9

SHA1
a8eb27b4ebe8b262ae736d1bbdeaa77e1de0c35a

SHA256
07af96e73ba415792a4327ebfbc6f0e99db1a29495873cb61cbec8d8b115cd13

SHA512
dccf324689d2453790ddee48e60378ec9619be95be602fbad95d089f3699aba8c5457e25bfabb0e819c194f5ada5bcfdb5572d546709f38aaf5cb2f4b5d2a671

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
6KB

MD5
0fb9fea27637c4006414aa8028ab95cd

SHA1
f14a994f710ea334ee661c81de4965dfd3238e88

SHA256
15df9f3474dc34060bdab14a9901d663f3246699d6ec74238a46eb5ef34ffe70

SHA512
89f8185937ebdfe38546a87d9e5e4b9b73b30e32fb51941d9f92cb5eb28ec9137e145c9758b102f74f4eef4621de7d7c5e4fdf851fda64cf83194dc4ae86890d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
cf7768d6b9b8135f2b2f68743672688b

SHA1
2e530cdec0295bf6b7c13798699bf7dd288ca74f

SHA256
2b8cee5eeb426767c5820b1416a71f114f81b23f1a6b3b398a21ff3f077b0965

SHA512
4c179994a04e6284837123bb5de07c3104d602a63df5f16332eb128213cf17d071c76189961d4d1b863c866df6fb3f8fc3a9d0976be4685d00f3eee169a033a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b41ed219e2c8dac47f2701562d092621

SHA1
90d507eae3ec943a121dbe5a080412e40470b54f

SHA256
cfed019635a1e14f74ae78f2c03fb96b40ac3da37b67489bd98c144afc200f1f

SHA512
5c6027ec701055efb3b6c055727af5ed261e8f1d5ba954e64e8a34e5c791679b1e4a6ef49896ab8089ec151fd758ba41efc7333611af42b851606a0544a9b947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\cookies.sqlite

Filesize
512KB

MD5
a01d1d0b072e63b2779cc7d3586f0bed

SHA1
177f2be100cd52a969074b0294f8ad3fbb9998fa

SHA256
1164d461b249cf16748cf1823f808d33963225e244e3d531f2edf1d3df9a79c8

SHA512
d6c5b27880d305671cb27893c820e877886db2eecfaeb32ca1ebe37af8732ba7a8b778cb48d56e7181c0f1366976d744a003ba61caac45cf68bb8cf9c8d4a0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.bin

Filesize
28KB

MD5
609b3dd0379d5f50e2935da3b16d0422

SHA1
d5e1ef5a2e58f63c290a51fdd2a9df1395906913

SHA256
9404c1aa892af0b95db9e4c478c5db0ef554151d134ed9d7c19c452521449c26

SHA512
ffde515cf2f0769f6b1f959bc4e3dd075a43a638fff0a7e23b56e08f7afc43f9fa6abe4fba35d4449b68df3789e8566cd5a7afddea18326475dadc83a70fe7d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
2881fab8b5ef3731e9498c02ee462272

SHA1
c37031d8bd32ce6d190d9ddb6ba1b826ede46a8d

SHA256
0d42f9aa6c0e2bbccb087fbcb70e6ceed1f3718ed925f0dc7849c976a01d6bb1

SHA512
f6d8fb468b653086a1366eece459e76294d41eb148cbf6f92ef959fa48b258bfbdfd3fbd8a5fa84c5bf3c449f554d60e03d780e491d27f3e55228ada4249a34b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
3396dd3a6ba799a1bb7988f46c6e5488

SHA1
e4531c9d88780370308f1a65da93c175b26c21f4

SHA256
2bacc02729eca4edf387c285431c4edb14eaf6bebcfbb78d7bf0aa9b8be03916

SHA512
54ac8976680994bbf59c024abc76d5053d46b49ab9b73251d44c8b77b64e1ecdf0f30a4b05354006016afb337a481a6271753874f1481054019be7e7077a46ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
36b00cd6f510043aea0a0117d5ceb36e

SHA1
2392c980d9fbfb22dc3c4d95f6f350589f994b7b

SHA256
d7f847efbf18954079bb2a09876351d6ab04991ce77b8e2b3ff76f009af013d8

SHA512
b4e841be6d98797a781aea0ab63b4be79d794789c46ab05f74d7d12ee733371cf3722a7b8fac9a90b3db5332a31497d95675f592c3c70a37e04074d9622766e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
f378bda1b8475d4b19c0c0d77cca0d91

SHA1
b519bc8c3dba771fed0124377d073e4a84d36286

SHA256
eb03a1e482df19495569026b54927bbf3ef009927eee74cc4c82127cd89e98ff

SHA512
f38d98a9cc3539ba158ddb15462df1c01f802584b7a6a480d06dbbe58b030948e832d953e97527f4385694bff6d8bd7fdb5b38ee97d8ee6ddeb9b0008ebae74a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
ac22157825ab6063e9d672315c44e29d

SHA1
757d502e9b0a5a8245af28c201c60b1653b6206f

SHA256
69037aa72964111f4003d33473ddeef7cbb2cca498790f669396c98ce000bdc1

SHA512
6faed9ab73a56a892fb3c01730250dd474bf75814b5073076808a0cf4c9aa4d8cf7ba1a7c00973135bd77ae7ba46a44a652527b6e55b8020ac39d3504c2347c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
ae05307c13e784f7dac7c67f0d010e47

SHA1
5f46ae79df9ced3d3513076f69ee4084be4b9a66

SHA256
9dd1392f71e7e8b31f237ebfb3286ed3e1f6ba05e7cc423520fe8e4a1c1fa841

SHA512
01264e055b18d58d1162c0a1029f9fd58e01cfc2ab3ce7872942ac8edb159fea154face3deb9d7cb5b6ff11581e57480aa714569a845330adc0020e4b3f680c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\events\events

Filesize
512B

MD5
b25907503f4927f699ba0f7324802138

SHA1
f184d08738899d34bb1af5d8b6faaab082314d4f

SHA256
80a4c5292b77cec5af2afe459a005820447d88aafb5a39411ddc3550e0a4e424

SHA512
628a21867d79372694afc087028f9fcb75c13e940a065aa34f1af623681637dcfaf8aa1e455a1d441880cf942f41e47443961ee8749a46c8206a033de8b90186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\events\pageload

Filesize
484B

MD5
a67e72caad3c9fa3065219a881d9c488

SHA1
3bad3ebcdf78088ea2bd7d02a87915b0193862a0

SHA256
3b89578ed77adef18ae65c01dca6202d8d72afd29406369e25b2dc55ea16b830

SHA512
609d30554d82588e65ac1df3a3e5632fb38ced7d8d32fc0f82b22603871306d49656cc5ffb470bf9c378efccee6e65fdd278713f12602f469bd2fc3baeb95114

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\12143b2b-a254-4fc5-ab78-843b4c797e47

Filesize
659B

MD5
0ed441f14bef77968c78dc5168f6e108

SHA1
750626d846ca45d3bf574d11ece452987daced40

SHA256
21631b6f0cc9653c26304011e7796a91121ea1296d2748a7bd638ba5baf07e7e

SHA512
b67a21804d84e5d22133d6a6362fb31214f6a2e915b6195a5a9bbba46952f4393a5b6b90eecdbc0db37533ff9ab3c229dc6c0f1eaea42e3a706d1fbc209705d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\2c7a60a5-4d52-4c97-8e06-4f1e49f38a17

Filesize
1KB

MD5
901d408400d6e1cd67099badfbb0f82f

SHA1
80342de1634066f56614bcd142f9a85856ecef5c

SHA256
fdecada56a727624ddb4ab63bbb3d64a09823201112e926a8287e17d8ab2c2a3

SHA512
73d36e51463f94a2537ae2de95cb16e64e98a87581ef01bebc3f833e7acb77f27daf01b8fe96f7fcac81eded5fe8fb7555e31049e51d7479e26507518b215228

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\74d80995-d093-4106-b086-77571eab3c15

Filesize
874B

MD5
bcdbfdcadb762598feac2b666556bbd5

SHA1
41427529df670e01bdb588e984d272a52d9a8cef

SHA256
bb6ccdd9d7cc002b1421edc836e4eab13f36a90da6224d35056cf5f35b1f4092

SHA512
528f918be02e09bf9c34faa01ca156c7fceae65219cc2607a9e5c074b019d9ac815fba1e70f14deb8bef48c9fcd458cdeff1d2bbf4ebbeb764f02887b80543e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\77a32ce4-c847-4e46-851e-4728e64783c0

Filesize
734B

MD5
15d5c2017053c827d6a10cf4d849bc22

SHA1
2bab8b03b43f5c8a9de37384602a492b95db53c6

SHA256
8d48ce250b2d854f2655f9eb3724ebea49a1317012c631e98eeb15a20772830a

SHA512
24f430be8aebb67a207f07c2adaaf00fd6932992b85d131a94e8b6f62bea5bbf840218d0c4173b51c27ecfdb16276aa2996346ef6e01303320ce8afbb753fec3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\98b8d529-38df-48c1-92da-53ab09d6a2d5

Filesize
780B

MD5
b198bac3707adb42e91c92da62cd6995

SHA1
7ad1f140cb549b93cad52a27f4d652f769231cf1

SHA256
a565bbac86753b49000e4867c478342ffdb07c4381a8427677f2f9b9a6001226

SHA512
65e85d48db5467ed4ee111f4ae708a440b155a4f18debbc20c30dfeceae93bf4a72c1d03bee76e097df43c6f6db8b01c0e6bbab5b8279cefaa5c3b3b92455dd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\eb329f1e-0284-437a-ba7f-c7fb146b6ca3

Filesize
982B

MD5
6462512474cee7e4cfb1af4dc2dabea8

SHA1
8f95d40c367006934260e45e3a12ae44dc5d6cfd

SHA256
59e51b8f106171ad7218fe87754b3263fe18ffddcbfe7caadaea3a735828da8f

SHA512
440962a69c8016ad182c63d269e053a65006d78126a397dbe1be5c4bbe2426f040c8c769f443e5268994083a0307ca2c0697563ad5965b1c53ad13899d9f6631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\places.sqlite

Filesize
5.0MB

MD5
ce9b8c7c7a82f5f108dbbad24cbc7a44

SHA1
613ce40f6ee9f37fc63486d264a21c2423d7c3d8

SHA256
dc34cd855683753522899c7e550031bf2a2bd38fb58d1c1d1c110a337cb15e36

SHA512
a7ff678983abfc51930c9452f92caf370a5ef9e0b3770913351959c9cff4be9e313c731a88f1a8a6e4d3faf2481f833acd4efc7cc14f8bcb4705a647d7f1a778

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
11KB

MD5
bf557d4443d98d529ec03405b8c453f4

SHA1
da3c37552a6fe48a3b3e0565d1e73610e0f6e454

SHA256
ebac088a02d809a26945db528713589293c91a4cc4620e7a50089a4d6c2e1454

SHA512
bf428c63ffd47d7796b9fa0f2831b022f1de0818b84c2631741a38967a417c203acae925ace1014ccbba61244c33861411c332eb68f1af09177f52f1c70c7637

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
11KB

MD5
5cd2ab9879f07ce389e2c8d2320967a5

SHA1
ca0d30c98a4944bf498529fcdf91aee9ab38cce3

SHA256
ab8e7c3f4c9d3390857d273988c212f420924be2891fbf32c64d150fe3d7d477

SHA512
f03b5e6bfd8545adc17ae974429b88643d9820963c7edcf1fcecb88a73427093f2dbbf42e667128acafdde57d5f14e1e474117069ecceff69874f84c9b9f7255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
0d5f84505b597ab4a118eb0210e5a86e

SHA1
66d0b76636481190c06d0938be2ef67478cd1f6f

SHA256
2afc7abc8e06c288c80043c2cb681fef2e0570b40f144d04468bcd08c22e2bc3

SHA512
0a4f62185f4c879b521c9f0ef5da3f94bc07184cccd7bc45d03386a065ab3fef455913d8374706483e423f00ced0fc59bfadcb0821fa9eb2b6b30fe668722bed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
1a3dcd0b717bab4d069043adc84aa1ab

SHA1
6a9ee74ce19d83b27f739d84dc3452adfc1cd093

SHA256
36b223f8d3bed2b6e3a3147a40f1a4470987c3b3580b4b37de0d3fd332737575

SHA512
f63c8994d36c4d20aba52b50e876d4ac760cb7aefa9c7504904e7476903ca763ba2c3243a0ce814f3fcad4c49b37cc28ddb0b8158f94e6199e06ef36d30a3308

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
52dfb236ccf7bf59b9d627b337ddd6e9

SHA1
5c2d4463f1dfdd1a84a114bbbfa738f16e453675

SHA256
27affafd248acb1ab1bcf4b419d574055f2a81415cbaa2c5c728a98dfda136ee

SHA512
5d00e07f9697c7ed277976f723310ac3af0fa2ee310cb41db026f6aade3add37b14ac3c053e5d23826ff6e6930882e64e9e99a99a53ce75cbb17a16118b41015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage.sqlite

Filesize
4KB

MD5
23605e20ec7b9c605b210ac3996e7a62

SHA1
e01d89d33f05c4e7ef9eb63d1487b297b420ac86

SHA256
1387ad3f14749464f83e64bff542db5bdb73d1ec9a6556bbf3041d943a7e3003

SHA512
63f6a0102efd24da5fd50b0fc6ff00da33baf2cf3cd2fb1596e6293aaf551ec41b2ddda9b868f606c3c7269132e282d06d3c815b75d71ed9c2e46354ce588450

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
eb1790bb41cac03c067980f97e9190a8

SHA1
2c89498e2a4c3e6dc34d7cdd7f81f1b695cefe5d

SHA256
823c1529a2341460e57685587f8a3917f74f855885ddf120962c2c60604916d6

SHA512
b31f87bf1e9a4703416991d271a20792808e845283fe518d7d365462303734d17b10ba929c11e0ae914b25bb64f6262f864860403a8bc2aeb04bc7d7b20bd51d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
560KB

MD5
5dd544a221528264161d77f2bd7ffc46

SHA1
3b51f34239cf41e1761972112ea484a3392140b4

SHA256
bee494e1d41e76a053029fe754aa34886c8069a99ac6f5b5406e12f7518f4b43

SHA512
4793340dfbb7ccc30deb6385392a46352e58724f0bbc588df41cb727874e362f9455687b183f0d76faecacddcdfcab664f83f613a63d34b95eab12a8cfb5bf36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit