hxxps://www[.]bluestacks[.]com/es/index[.]html

Resubmissions

03/09/2024, 22:41

240903-2mjg9szhkh 1

03/09/2024, 22:36

03/09/2024, 19:45

03/09/2024, 19:41

03/09/2024, 17:36

11/08/2024, 17:42

11/08/2024, 17:24

28/07/2024, 18:08

Analysis

max time kernel
401s
max time network
403s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bluestacks.com/es/index.html

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678717760474294"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{40605058-BD87-40F4-80CB-0EBC141777EA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe
1484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe
1272	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1272	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 2144	3584	chrome.exe	91
PID 3584 wrote to memory of 2144	3584	chrome.exe	91
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 3256	3584	chrome.exe	92
PID 3584 wrote to memory of 4680	3584	chrome.exe	93
PID 3584 wrote to memory of 4680	3584	chrome.exe	93
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94
PID 3584 wrote to memory of 3640	3584	chrome.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bluestacks.com/es/index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffabb49cc40,0x7ffabb49cc4c,0x7ffabb49cc58
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5028,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5096,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4852,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4940,i,16933868674268822686,16001357593216959664,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=728 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4264,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:8
1⤵
PID:4852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6108
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c614166-adf5-44f0-b9a4-cbe2abd1cb0d} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" gpu
    3⤵
    PID:4128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2340 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bae1e7a3-c28d-4deb-9d9b-383977f5bfe1} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" socket
    3⤵
    PID:5300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc317df0-6fc7-47fe-9415-49f6b0d87b54} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" tab
    3⤵
    PID:5592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4284 -childID 2 -isForBrowser -prefsHandle 4280 -prefMapHandle 4276 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54069421-9fe1-42fd-80b6-e54230a9be04} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" tab
    3⤵
    PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba775b2d-cfea-4535-bec4-951f4892a147} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" utility
    3⤵
    - Checks processor information in registry
    PID:6324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5184 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8900f44-3fd1-47af-b236-e2faeccde28d} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" tab
    3⤵
    PID:6532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc6136aa-5fc2-4ed7-9a61-5b3e89f5cfcb} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" tab
    3⤵
    PID:6564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ebe6615-f17a-41d1-a738-3f2706e70604} 1272 "\\.\pipe\gecko-crash-server-pipe.1272" tab
    3⤵
    PID:6668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4572,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:1
1⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3816,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
1⤵
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5388,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
1⤵
PID:6464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5568,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
1⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5576,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
1⤵
PID:6628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6104,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:1
1⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=4684,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:1
1⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=4252,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
1⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6196,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
1⤵
PID:6192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5472,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:8
1⤵
PID:5892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x508
1⤵
PID:6560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6356,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:8
1⤵
PID:6976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6800,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:1
1⤵
PID:6240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6284,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:1
1⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5944,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
1⤵
- Modifies registry class
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6852,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:1
1⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6992,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:1
1⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6424,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:1
1⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6792,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1
1⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6584,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1
1⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=7068,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:1
1⤵
PID:6240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=7104,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7208 /prefetch:1
1⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=5224,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:1
1⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7140,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7108 /prefetch:8
1⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7172,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:8
1⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=7520,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7572 /prefetch:1
1⤵
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=7100,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7448 /prefetch:1
1⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=6452,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:1
1⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=7544,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7572 /prefetch:1
1⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=7200,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:1
1⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=7208,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:1
1⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=7640,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7696 /prefetch:1
1⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=7712,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=7752 /prefetch:1
1⤵
PID:6284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=7836,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:1
1⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=7076,i,10065386245627775856,6567048529106473151,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:1
1⤵
PID:6348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3b79e85b07421ea58f201d33d62a53bc

SHA1
654673fced33ff6b202fd906d23e05d20642721e

SHA256
071dfb8261ca5befae606a3a4ef93a958b354cd92e0d01869f78eed025f86041

SHA512
a424867744214ca0e947906d9806cd0ea81fd7bc7f407fd2613f919787e5bb234e4566aa052e0b97a39797ff10d81dde7a44fd0334f3175b8116a59f32921a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1661d0a6224ec4eb_0

Filesize
280B

MD5
71cb8ca01a67a96706f5f7991d79d2ca

SHA1
ef620ad4ae12f7ef1214755a970eb8fe4368c81f

SHA256
ee0404e749038ff58a6d73de1e37aa42c30c9d0e505335e1d185d95d002caba3

SHA512
17661c4c1b60f5592082719e6016fb2dff5f1cc8bae1d2388c6ef01450c33399f66ec8904749654f0e215d7b661b8a72001b43ecaaa5beedbf014c818a0d9e16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d5c616b001536ebe_0

Filesize
19KB

MD5
662707b2ad29fa276c731309212a8711

SHA1
1b9bfaa7f0bc49f0a14ddbb2d5116956aec7bef6

SHA256
0cdf120467e09aac3f8c5c6ab9ede11f623cfa9d6e8c015d501c38ba44266fed

SHA512
81429c3f911915f667965d71c328e64d60cc59346b0eef3d983954d403b321b7ffc36317de36ec199d1fec00f233b5318b7557736930fcc0df5e2e4fb60cb8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
cbecd0fed4d6a6592bdaf76176758657

SHA1
9179d120ca2fb83af95a10728492b0f10707af28

SHA256
ba58f52b83e08bb8618fa788506066248e76abd9ca68c6eb535014e014da1ea4

SHA512
d3d0edaa57b44c4923c13831471ab7fcd526596b02612866871b4cd35b0b91ef5cd359e1be0d23be531e9a90ad0c79256c5691300da5c677f47313c52364bb3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
6c23ca5db6c08dcdc792ecb4dab837ad

SHA1
a4be86027381e29cca656d6867d9a1fcf0356e4f

SHA256
37434207f3e08c0fb98a0496d5b584b5ef7601efdff3c1a2546b84f2dbeebdba

SHA512
e0ac3a994f101c6c9108103b00aee0df55aef5d39da88d2e8b1a3ca4e1c4e2e86d85e9427a8ce1b97349e34570acb904f9d29f2fd86e048bb5d90f1535917254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
5cd47448db937f358c0ac1c6558b8966

SHA1
eedc2eafad2d0e4f8b8976436588209ea98a736a

SHA256
1034ae90bdf571558c0a9408f0b261be091d7d23755306b1f019a14b1443b8d7

SHA512
77b18867a8c53738b3aabde4428b4d924924ca6cb13a647a461a10de1ee7526436f7419c4cbdcab9d1614afde907d3ed7e9169ffb5f7988fc78897707f9040ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
e2b13301e0b510dbba0f93832138c563

SHA1
5a037bbb432109000f42340bf277cb2c397b24c4

SHA256
e8dd350845f2cc64221e20833692ebb5864c2c4ea1ea51da8b4369baeeb6624c

SHA512
58d68864457400a3e677cad6fca01d88112562e9b10664df98f8320e04c5a25c3404cf4c67192cf3ae3719ee0235b480c8683cde23a5f63ca53af42681fe42b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
958600b970503413cff090aa72ac776f

SHA1
cd49bb7e682f1dc6f9c98945a89f8cba275cb3c2

SHA256
9d1f0681db4dde69fb6473e8d882556e906a2809a04e84f8e89edd48825986bc

SHA512
be561c07a76a3a432f2916d10fb00d196b63143ac6576524cf07a2ccfa844309655b662920abdfcf649dd8850b80fcf579b9b458564dd6b654c058440d8dc82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
bc2d784563dfdf4409eb89304cfd4758

SHA1
b8ba03714386ca14707be1cbf6bbd2810f60b2fd

SHA256
d806e5ac4c5b57d2bd8ee86010af714ad36fa26a9481c59fcb998cdd38b6fe75

SHA512
8073d3646588ebb61d73d5f2b135e0c3bd792abaf1f5c5dc5a814543d7700e83408cda49048d02361d4bee0f4d3ab2738355e92cf4027a221312bfcda08883c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
6731d287ad6c3c626608a186363fa9a6

SHA1
24b3a5145ce936622deb9f5f64464df33bdb114e

SHA256
8272e621d86bdb17bd5e33cc25a061576e982764bf5ba8b1639fbcc69c30511a

SHA512
edb53facbaedcf4778438559f5cc9b5f5dca9921a5e0dff8e61c67a7e1782a9a639144862b9819990b39e1e07cfae2dea0d212b179cbceddb39e8973b6f2cf04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1473e6086f892e1e6e27698bc5dff6e

SHA1
7a16616a3b4c9294402b41665c045e436e7a7131

SHA256
36cbb57f55c2dbad0ac868f6a7180ff6cbfb7b1718a90312a1bec4ca874a0889

SHA512
4dab67a28babbf902e4b72d5f7ab8f250c43436afe1e3a4b0956baf223431e767d25d8480ae6c749ece9047130b1ea2cd6b70b1bf400e7cd9b63688c53fb901f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b47a1e5e91139298b8fb977c545bf1be

SHA1
3d2aa9b67eea3800eb75cca33c5abd5195837625

SHA256
9d5dbec898d82102eba9227b2fc49a4bff2f644c37f9e5ebf56d256211750da7

SHA512
54cd6c5bedb37407ea293c347c423aa57ae6a7fe6a8b64d36260a9aaf538f042f8960d518e6b65e43afde59b15829f72449044e2eca6e783f2c84bd241174c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd585f7a0f6b736256171acf3db42647

SHA1
990835a1451dc08f8994033080c0f625d3db10bc

SHA256
9e5cc935bf374c3e4fbf1e066a001a92959a1a6cc609cd116efd080fe8730d96

SHA512
7b23eb26f9cb23a85a09bcd4c715234c60e3103320dc6fea0b59fcf3412196be988ca332d5f2a2e6049122b1efa9dd7db777d178be221a4a5efc9a98da8ec9d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb2613fc597fab2dce52bb80203dd004

SHA1
f6ea5afdb2e2089d3765dbd9de7807bcd467ac4c

SHA256
785e6ad87245325c77ebb458dcbed396726a2f212cf2e5c0da18946a3c2ca725

SHA512
e3493abb533c8702f0eede4bd9bc19c5b26b8e7748035c5682b803415b370a3b9fb0914a0b17ed1182a2848a2eb5aea76c6b4dbde59d41b9317840f802c37525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c8a5a479ef0915ce1bde37a386f67e3

SHA1
175be18a062cc6911177eef164787c51e606d367

SHA256
ca1bedd5fe4b85528176666877dd7bf23802d6f5493ebd08369676823112baed

SHA512
224c87f802b6ca87e58288dcf46103525cd74bae9f242b518bbdd8c975bf775215269570ecc06df9fdeb91b85be8cc85c9becccd41ad5ca85d95c1f9e6c7ee76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbc9fe37db8c9feb1bc06dbb6998d8fa

SHA1
d2d2857d8d19589995a53d083ec784dd9e0f7f1f

SHA256
453944c087809899e4c8f92ca375811146794075af580d1d99c0c9e4cceb1679

SHA512
cf7ef6b1d7e1cccf2e9d8d48f5b92461d3d568504569a7a3025cf503fab9af31fb52b21ce73b5b4ad8691eef7f3a813e56d3fc86b739f368b0f6fdb5fbcbbe5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a7fd2911f765c6d5df0158e171b0d7a5

SHA1
0cc0a40b269c626ff69c0e86fda782bdd843e674

SHA256
af5acb53d45188dd59bf36fd914eec14d5b85476758012d56805aadafb6083bf

SHA512
85e9739c4dbbd604ffdf8c305462d9358e1ffe13a789ad3a763bd8c216d7b4f0f88dfb8aad8c0d7c324eb42bc72c8dc28b190c95bd590d7caf36ea1675a9d67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbe2da8d9c4caab473febf5b4761b376

SHA1
1b8cb931d87e5bebb3887ecdaa6155cfa6602c23

SHA256
aded119a2f17da88fe15ac1e8fe04e634c88d2001c00c038b4d124231d2c4476

SHA512
88bae8998dbbde3e7dcc98f224f2315ac553bfd21917771ca872ee09bac8ab7dac27fe0f5249ebad051506620e589aba6de7be8d94e429bd56c21712ff3150b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b0af321d0bb4b3836b67198d64f75fd3

SHA1
fa6db0e171fe433c64950c54e78ba1803e80aec5

SHA256
e2d4f33d0b5c0f37f79ea65bf849ceddb9569aef3aadce11cc99d5423bfbd000

SHA512
bbec479100d55191714790503d8855dc2cfdbb39caf1c39fb874da1e588bfab1253d9be78b65d53db3a8258c76d1e5053ac1c474fee48af51af0e4f576e14901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f4de9fcb37afb89e6f9461eefdab2d1

SHA1
63caa1022f88ee6a35c65d914a514374bcfe395d

SHA256
a749b01de77e139d289e7c5984e5821ed03752f06bf98f885ea21cdd2606a0ba

SHA512
3a1ee4e38fbbd990aa334b841e74e5747f82ba637da8b6166c1e044a41200639092698b8671ff9c24b0376098ebb598969b381c284f46a48cc18f8c2c21e623b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4401e4345acfcbdd2996c049618a134d

SHA1
017a473ed95563cf9a811a0bc39a63ca3210783a

SHA256
c5c11585ad77cf1de88edfd671d878ed20e1c995d07ab537480b3c939601d0f9

SHA512
5b55deb77ec6940a92a17bbd471ebada6bbd54b86eaf11bd04257f1e450f51c9c836dede7def0529db593dffe6408969e6e664885151d1c93cbf168614d3f0e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
790978e9aa76680b082423a7f2ab6fd6

SHA1
108fd3425ebb899907e1d10eb3909c0173a7b4e9

SHA256
35074d41ee24491f7c0d8c2681da06630ef613736a6d3befa331abe1eb5383b1

SHA512
f7795fcbca19b7cbab551ceffad4afe52d41f0bf4fca94b50e2d3cffc0a72d4846e72d1a961893480888597488f7511158e39f456d2d46d2a7860e864ea85a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17aa33af36e1683fb65bf811b266047f

SHA1
866f15f09059e2d3a10e068abe171a78a4d549fb

SHA256
375d3a859f155079c8a8afe339a9318609588efcd3d7f8d1fac88c88e3385cec

SHA512
6165172e60f79bbcf2d40381aa89c2af371eda8001061dc1552bc46130132797d9b6ad7d353ac83c75e73b5a5fd7c395bcd0a1c4a4b3f19f0946d57c4745857b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86f79302a7df33648d0699a1437bfe84

SHA1
951ce16bd7ab638eba8bb964f7c532ca9fca95d7

SHA256
55f9ecfb970404817d4ed33f7c64916ed1d78af756944e47cf78ee675d77c7ae

SHA512
b0a6b7c64aba412ff5bb052f828256f75ad33c775e8fcc7f95267650f9b74729ff93b44548908475ae4a5e637f2e6ad6280bf0c9977f95b3d2fcd8f33ff74726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
268aed8036c7bee4f84d99b8ad99642d

SHA1
12fef285fd437e458f45fc2c39e91c7a62f354bf

SHA256
dbeae3c3d039dd792e84f83f46dd439da6a4d91a5f115cb29283b4f0764080c0

SHA512
76fac3a9a1ebd7779c198dbf8224c0b1ff93a3dec35b38a0721373d26d63126a6246e8748c686c81592393a789032c9d81e6205aa66d7f09fc9aa308969f134c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72156ace79ed519087b001a56b6cabbb

SHA1
7627907169800e228f8e11ea4bbc9e2bfeea3ec0

SHA256
99e9f7a15b1dd79d99151c88709645f13fe0a1bebc6fe08f9e8d64812f7376f6

SHA512
cfe5ccec8fb5e7c2fc2a729c4ffab913d15b35cb0d675f762724bd0bcf25fd9989a75abaac3bcb9cf6d67b6b74b674cc58fa2ec2356a645a577507961dd53ffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa0f59f8f2018448d8e03982a3e7399c

SHA1
0f92124d991ddac7c93177d3f4be4de6a124d74f

SHA256
dca90827eca8b5f99bc15e8436a03610e227fc92399df3d80764e6ce38e60006

SHA512
d58f2087b67b47a7f025d34dc1f10d13be3e69da1ea9178226c048caacae169e1af2e12bee9286dd4bb315a2a8dc726d66d4722394e55b489cc8ad26b2ca171c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4044c20696e5400438e3b324c4415a69

SHA1
c0ea581b7a3eac799ca6f6c02ce044871b54baac

SHA256
64b944ef78f2e751dae6bdc103157bfb8eea0aad221d5006bd39488285bf25b4

SHA512
aec52819de777ff6f78297cc39e7cc476f2bf732872a96e7b52ced730877fc87dfa61166d90b26041d00866031e561bfc77f3a9b2163f58d5685147ee1e8b3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07c2c4c90d9130fa34f46eb9b99b0114

SHA1
02c8061fad13e3cd3110a36080aa3545dbe82001

SHA256
aedb7975d424b5ccc574eafd054f3c1979a2f2aa96f6bb91e154df9063dceec6

SHA512
1d605d06af43469437ae08cfe06f011defd8ba4c09286af9a6cd5e5fbb6bf4fdc12c7f72a9cdeac7ce2ce129b02f851aa3de9519fb4e10c29d164a6acec32ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6cf39235c9fe653282534b26bcc97163

SHA1
f1a34abb874dc93eaa5e0106537a46af91aab34b

SHA256
9a328a0c0e426dd9d8ac845681b3c448d5c5bb8b383f1c65810909f2087b3adc

SHA512
cc1f412f898542b4f7fcea817776759d4ceb9f336b66ec6ac4576651e3571aefc1a85e3bca7e256a2b2c5ed7c85dafb956ee576cc8365c36ab7638622df81d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c22931457cbc006b9ac79b39b06d2cad

SHA1
678623ae51dc57bb70bcaf202efa21e3c2255406

SHA256
2881102da42f1ee0a533f7cfce2138eba6b93dcf8373f658a5e7b5ed76627494

SHA512
9093d5ff4fb52bc59f2b6c66754f2a80fd736af8eeb21d65c25b98ca15e87d6117c5abfd684bb371ce99fe2106307cf38394ac481bc0f8a00c9ead6197abb04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c194f4ac0fd47273b65d8135bd75d07f

SHA1
3bbf9320e13969bf6320c8a5c90161d57b81d6a3

SHA256
1502b81e794ef3c551075c7e269ccb39c03e57b0f33f6232870d72bb3734639a

SHA512
4f13b92d7c13bfd46db4dd556a4fb25e26bca3fa0309b0034cd3307502dfca129ec4c61aa47761ce23cbe9c1a4e7ec15716d7f02670b5aa4b7bf36f953b0d040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
028830387c398fabccd2b9b687df25d3

SHA1
76545ccee81a9d17f9dda2df81270566d83b1531

SHA256
2b9b2112fe094b76356abbed8e22a534ab41fa6e3e1e96ce1a6918608ab5e923

SHA512
5f894a676cf78bd54e799350cac3813b0d4dce4336ba9eb994bf9089980478abae6d75d6f80bbdb9efa336eceb48c49742f8920a8ffc366f0b584e5d4dcc80d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df3668d2766eeb24f3bd6a92ddc84711

SHA1
4b465f95c500ce94a137b45355498f00502af528

SHA256
3f9ec3067b35eba12e85a7021ae3261c992f706e03bebbea4157fb3bcdaec6c5

SHA512
f46cbf4a7015da52a0ceda86daf1f8d6207d11c9bbc1c840d47c16f637875b3e49289df7b69c0ecac2115de61e38042d7e3575e728e2576e8506a497da1dcfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06064c19d6479ef76d4a80f1bfb3ccd9

SHA1
cce106824f51425c2c533803fa1505ccb0c489d7

SHA256
3c7c1d3a9ca208016085bb5d2e186b7a51c413b99fe47fe1a70c40533656e180

SHA512
80e50918d1cd2895f3254b7ab10d428406bd9fb5f557c0e7670763036182a983facbff7f315254f12307e887cdf9b650d8913f54b768b005f723a8529dc5f103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5de41371698a1ce03602bbb3a479725e

SHA1
c9ddf36f207734e82afffad1bf87fcc114664bc7

SHA256
898a97f98a79cf70d0c8905d5172ec867d7ace119352d99d323311c682a01e70

SHA512
67b49dc03737c8da039879aa7bd7c41fcca6113335a0fa7d410c83b68953bdc7439d26af0367b672f691ae0f1f13c28687a0b96a35aebb57ebb325ed3c01fbbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f6b761e0-59dc-4b12-950d-d3ed0fcfd26c.tmp

Filesize
10KB

MD5
7ec5698cd2bcb824f7d4e8b004e94e31

SHA1
098248e7836d63e0ba88cab1e14092159473a249

SHA256
aebf842bdf6724b23b9d4e57369fdc57b4c63257ddc51843abe34771ce81089b

SHA512
3503a32a2060a564f51e0019dd7ab1e5208d234a81468b56708f4b972baebf2a06c955e9ecbff01c2c0d738b0e18b2d34deed02c636a1eb17aedb14f3fe08b72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
68405c89f682845d0b068a18a3c2bf62

SHA1
eea2addfd6860e030fe6cfadf79cf75abce60298

SHA256
a0955c166a83c8fbb3fbd5134e65e1222eede6ef2ba9902bd454240033b80a48

SHA512
095d58089b64b716786db619170789f0cd528da82bef8e32e52bdc809e99afb302a5327c8e7b81b693ea2cb50a00a4c535edea95f959694b8ac2dad5358108c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
15a94dd124c2df1cfd0554358632cb15

SHA1
b26b3d3250fe9d12993af9e2096ec58e293b9e4a

SHA256
acf1f8456247558b3730ba802ae5ac4779192c9d51bd0a62f209548d22beb348

SHA512
8ea417f789479434a324e2923eaf5e2f13fa19cfdb7a6d706cd801de22d52123f93fd59632e243a7ea0793587d9c8b252ee5246bdc911611bddc095b5fcc502f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
7b14ce7b6d3d9b4fba058697727232f6

SHA1
357212675587a4f00c84ba2432a411b676b3db71

SHA256
a69ae23858e1142e5e67cb46ee20804983d0bce1c4dfdfe1f2bd2615d1ba5da0

SHA512
f7353ffe6632848a5b63649d65e3cd280fc3d2e81b2aff73588ff06c4cfb0463d3f98729024b61ef4bfe39365562ea371be675e25e13ef256b6a63720327e84d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
2374ac8ad52bb9d02580a182bc407dc8

SHA1
19e299d1e7b496c947c2a159d0201ec0d891d5d0

SHA256
cc5f7b217b6352a413323071fe5f5c0e5413c03abb559fa65a7a6338476103ca

SHA512
9f3a8fdc0544a51b67cee0e389075f6380fcefc0daee734cecb2d665efdae45aa14093f5463fa9b4b00b9af06d0f230f66faf77fb7f10f33fc9103eec6b4712a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
8KB

MD5
d64fba9214eafac2b24e4721a4dcc9d0

SHA1
81e7c38b0625b44606779d4296f5c18768dd9934

SHA256
29e32a5088ebc46b4e36337c4f12886bd2c45d483dbbae4a23488564240728d8

SHA512
6c8e327e5bc0da9dcc183fa11fc6cd3c2ce41b325c63b5cb972991a6b3d6e5a026d5884509050be81af9d44d6ad40e61c620a65da1e07f9ecc096f1ea8461ef4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7de9e19cf4928f2b7ed797299e8a7779

SHA1
dce2962450509c298f2343b9c8174e343ce45a1c

SHA256
fa8a8682a36ed5a1bc0a7ba2893f661f40bd950d808374cd83961708efca1403

SHA512
d8231156581b2b4b30e1418f9dda27a5a476c50dbded67df47553579aeb872518a88472017b3655e099153a97a727280140863c0eeefcc91b69bc84072e618e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
4af62b209e807f95dc63d4ff45aa8b2f

SHA1
f871e2f2b1fa1dd5bb3fdeb2e234460cbed904cf

SHA256
aa49907760860bece8e931f099449d744d042162be3475e043d1ff761a022751

SHA512
62dae4fc426ac9f7a9af89d983991c25829a63644e3276571253e789a853c30aa321a9002752f7e21490ea4097a5e25d5a20dfe89d1c6875a9a790264dee2b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\4e9f2c0f-bcc8-4312-afc9-37abeed7baf7

Filesize
982B

MD5
7e53c4a923506a75bfde34db1d59f83d

SHA1
b99973a141074b85c61f79f047005ebbb5be1d9f

SHA256
42fa31d8fad3d5602671753901595dc648d491194f99f22b3b95e3acc3daf723

SHA512
0cf1f7808290116bcbd1f7fa4b0489357d2d5ba811401feeb32e84297cd87931674484aafd1a5066c3e2a11ed818624ec33b359d4a93ead96397d3e2a56776f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\6e28092a-061d-439a-a091-256eaa6b2ca7

Filesize
27KB

MD5
b18e9324b0c461445d411e7266847f72

SHA1
b67b17c13c8590807638b13934a071c13ecdee3d

SHA256
6ac2acc44b9133292637ac0f4d4c2f541688a255fe6aaef32a24421e91d8635b

SHA512
0395e0fed2701fc745b3fe33de34e5c006355a99d30228211a4679a80bd527ab0408055a18fa72f528286fe49fac18426ccaa1b108b5a5da547a2bb392f5e2b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\75940ccb-62b7-4be2-95c0-303aacd69f89

Filesize
671B

MD5
1506aa9c462112a9241b8483fef46856

SHA1
95e2342e86bfe1076d611a3709b50bd1f835b0c2

SHA256
5e41ed4624887b3a3e24ba1c57c230c4e0bf1e94737a8cc92e31a2d1566be6c8

SHA512
f3d8709cf7702894bd9927968fb6ec4e4a7e2e12e04e9d9f9f607108b2e9222d6441036197c47d7f930297e0a0ced33a6da65d5cc0df382148d8a73acf6a8ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
b8e1c1239eb580a62e0b477d619e1a64

SHA1
9a14ccd25ab3405fbe72137fd0bbeca88440c93b

SHA256
c8cfa8a754f8bd6883f5b50a0e44d42826549bc31d3ab253abded3ed8124df16

SHA512
67b811744eaf0e0c294d1f128cb428b88039a85d8274b1a520577add5efa4f2b4a03ab7175783738b29a96d5e5e1a5057b9a76f43ce055dac80499a0fe3a74f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
12KB

MD5
6b001f49373fc144c0e4d591da4d6c64

SHA1
2709159cf55ec55bbf8fd327b56d19ded821d63e

SHA256
745d2eb2723f8a42d67d366fd8caf3e421f61ea6a93e971afa3400df1b431064

SHA512
83153b0aeb1c32d97e8d89263c9cf9713bc3532448c6b85324213c7b43e5c115b8a416d51b5a07f705ab3c61b5bbedc967451516e434787199a6acbe81b3b8bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
6a89ec7865b6998603ef1c12b2418142

SHA1
02c610d366c50e7ff5c49841884a88eea6fe11a2

SHA256
331c8aad92ca05c81ad5ef506f188db584d8b4ddd0d4fa56431efb05faff117b

SHA512
90c1b171ef2510a2ebc465b71239d81b9bd4be67d3e497d4e1de212fc1797a35bed4cc16c48eae5a164d94d4e1536b8fd976df181ebcaba0e13e531d41833af7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
f6d31fb85f8ab8c60156865bae558d73

SHA1
3ef45b879567cc72f4c866e99ee83bbda0eaa8fe

SHA256
de46aecaf02c48592661686d1af47065b9369892ea993ccde8475b7b69917b9b

SHA512
8d99b4fbdc39d6ce8371ec23d2ef9be2d8fd4837eea4585314b3b7a018872bb5cdce5088374583e1c642a497138a9a2b68314fc3bda4cfff6056900345073f18

Download Submit