hxxps://www[.]topbuildersolutions[.]net/clickthrough[.]aspx?rurl=hxxps://moonworks[.]in/dow/webm/webm/

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 11:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.topbuildersolutions.net/clickthrough.aspx?rurl=https://moonworks.in/dow/webm/webm/

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679367022092555"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
1964	msedge.exe
1964	msedge.exe
880	msedge.exe
880	msedge.exe
5672	identity_helper.exe
5672	identity_helper.exe
6604	chrome.exe
6604	chrome.exe
6604	chrome.exe
6604	chrome.exe
6152	msedge.exe
6152	msedge.exe
6152	msedge.exe
6152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe
Token: SeShutdownPrivilege	3400	chrome.exe
Token: SeCreatePagefilePrivilege	3400	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
3400	chrome.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe
5708	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5708	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3400 wrote to memory of 3668	3400	chrome.exe	84
PID 3400 wrote to memory of 3668	3400	chrome.exe	84
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 1432	3400	chrome.exe	85
PID 3400 wrote to memory of 3684	3400	chrome.exe	87
PID 3400 wrote to memory of 3684	3400	chrome.exe	87
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88
PID 3400 wrote to memory of 3544	3400	chrome.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.topbuildersolutions.net/clickthrough.aspx?rurl=https://moonworks.in/dow/webm/webm/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc4343cc40,0x7ffc4343cc4c,0x7ffc4343cc58
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4676,i,17578376054680542347,1054491966373959838,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=988 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6604

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc307746f8,0x7ffc30774708,0x7ffc30774718
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,1495635523088329109,3737940102524529411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5688 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5804
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {697a4df1-1210-40d3-9767-8ff2c6291bca} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" gpu
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7eddf2a-c12e-41d2-8526-febef99796ce} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" socket
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -childID 1 -isForBrowser -prefsHandle 3324 -prefMapHandle 3332 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff5f07f6-4cce-42a4-b02d-9e4951789eb2} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3904 -childID 2 -isForBrowser -prefsHandle 3896 -prefMapHandle 3884 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c12d98f8-5988-4fef-a660-76f5f2a0804b} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4368 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4468 -prefMapHandle 4460 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a3687c-db40-46cf-b26a-4e6b0468de9b} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" utility
    3⤵
    - Checks processor information in registry
    PID:6808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5408 -prefMapHandle 5404 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52fe8cf3-1d61-4572-8738-9a739e2faf6a} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" tab
    3⤵
    PID:6860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5632 -prefMapHandle 5628 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ace1a98-95e9-4b3b-ae36-3b2947fa5730} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" tab
    3⤵
    PID:6832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5756 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57c1bc66-89a6-47ad-9899-d073c9383502} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" tab
    3⤵
    PID:6304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 6088 -prefMapHandle 6132 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c54424b-f7f6-44ea-ba3d-8e8c1efd7d1d} 5708 "\\.\pipe\gecko-crash-server-pipe.5708" tab
    3⤵
    PID:6844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6d394b4a-c7ff-4eaf-8315-cf3db0d0b3fc.tmp

Filesize
649B

MD5
3d6b33986b58ae2e9aa944b0da2e0cfa

SHA1
e94add176f31feb5d92f33a10f583b1ffbf3ceb4

SHA256
79d495b3484c20733615ac4529420b33aa35801b7fbc08b642063b10db5c2eef

SHA512
2ac615fe5a96c245a37dd72b6b9b9180c5b146f3e48541a501340f407547f30ae9ad3da5467d14f2f9c7148d6a621a80cb55438ae6bae5d315fd739dccffd945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
fdd2b0c4b2e148f735a5a37cc775fc67

SHA1
908cd4e54239f80ba4b583ade23ec5e072099092

SHA256
b81fda83eadb2b7e2f1ac774f6393859687012d900db25389242106fdccf9da7

SHA512
1fb158ffbf2289cc9c83f21ccc1cf03fecfd0fc7c457ebb842d242f79e010b62bbe8d1297a817a42440c181fcacddd77a24c7e4da2226d29a81aa2c85b3823fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fe2b60dd4717b6a171077300fe2c55bb

SHA1
63382ab58353e1c0cda84d536dba116f2aedce4e

SHA256
94eaeaf7760078af3f178004c00c06893fd7168dc17681e3c13e566e75a9d6e6

SHA512
31940cf70d3d03c4100bb88e9eaa1bbf8c3bf6dd17110803a5804f9e38fba608d4ec222e3c0b00da3faa03b0798fc30d46accc339b174c4e75f8a79b5aa697bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
1a506831a4f478bebe9f540ce74ff92a

SHA1
ba0ad7de4d1bcbc12bb287c67b55b01d80f6e6ee

SHA256
8d50d83ef4dc97083416c3afa6f8adfc1f261f807e1f7a95a3f095c3ccb4c5d7

SHA512
c2cd1b55dea70c72f2f1b5c8cb5b2e45b7cb39ef08de1e948d509072d5bf4e3be8981b3e2ee2130166fd0e89dbbba21acf0ab95f1c9f2a1937d137a7ef9afc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dddbd86bf04aa239dd830b1aabf976c

SHA1
22543b6d925da3fe95b2bc4ecc975ca5a0830303

SHA256
a4b00c0fc80fa024f418913d4ffe6c7942a88a2af4dee24fe208e2a463de4a00

SHA512
1161a4a03f89243a1fc9811b21ac40522456ce4674b14ae4495af6fa3bacedc26dbb7d2da211430a70c794716b75d80b3ede1939f61be4d2c8de4aa8d953d69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d35ec57b2435a3b6964b613eaa405387

SHA1
5d79d94d12bd716e36c6b01637bd57cc5d5ac748

SHA256
8d0ae2827c22c6e086ba1cde42d51dd8c3f76be76a1489a22be3413037ac3bab

SHA512
f7de4af1356c70d9779b7453b7963ad3b9d36775dbbc4199a53d5cbba929381c7d46f5bd865fc4c21c2e8a28e53c38af6f0451c83a8e915e888bdd434ebc61db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c3de80b655f71295c39e3118820dd1e

SHA1
b2114799ce1533acaf32e8ba1c4fafd304127280

SHA256
471199db5dea3ada13b57b59232bef325c9f0d8460d4b14b0abd2216637bec16

SHA512
f3d86243e59d58a0b0f78157d315c005cbf7b56195149f221ff275a19a3d706caf0c906f4af45bcd34efa9bf25cbf0e8043bcf7bd3aeb5b8143223c7051c572e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efffaa9e7de108deb7ab0f86cc781336

SHA1
af9a31ab9a2bbadaa5ad0f00046ea5714404473c

SHA256
ebe3870a08e48644835c66f286fa445c60341e2b19d39464ebbe2292cc0891db

SHA512
517229cb7ae1efc157d77ba3c58b8dae8cc02b4ef4de7a99761add9a132e09b4cce15b2aacd417bb8ff45165c497ab6c926b516c8c52f5df3520f4f9c8515059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aba1462c3dc7e333128b2cf90ec49cef

SHA1
198536d248022bdb3789c857a95f6c39aa7afae4

SHA256
aa029ba9a0e9530a4678f80f826a04b2d620fe6063c827498c80584edc43a9bd

SHA512
f09347c4d32bf20afbbed1f0dfb8827fed27edb4ef3b69a2ac07a9030f688173f43cad589f5ab77fe13672992f02c6498fcf7961abf32b9d9efaa2530a521b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91193bb75850fee78a7961f042252f21

SHA1
9f3d2d8c5e652548a25f695ca4786d2289b39521

SHA256
b8443f5ced88f37547fe41886f133965429db08844baefce895e81ef8b4c2ac2

SHA512
29b4920c20d116e5b74cc444005e26dfcdc3369147bbb3a7a78729a45a20f3a511bb577bd7796b6a8a3e680fed48c744cdef2a1232793aa84cbea12264488b8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f343c52bdfc492a204c381211a89ddfd

SHA1
2bd2db1fb8fc9df25b1071e7d72b34ea13545321

SHA256
b0bc089da67519c132ef3b4690a0430869e87cd0f13e19747b17817d38780232

SHA512
d043257b08a99483b2df5cbaee063e96ecf3fe6d6a72f6213c0a438b97967ec8347d6c0cfc8b59800c6e7a64f26bb0db2cbf1d23f41ed96bc975fc6182ecd1f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec0f21837cc0c7588453f6667bcfd318

SHA1
ed76dc930e5fba1949a82194b41025fc60cd0591

SHA256
9b10b2a31db81b884c081b01c3a5b2c73c67ccd0a3ba8e063a2e8242117bf680

SHA512
55291ab60d47208af6c1d3d47c4207f39050517c3510cce6e04bf5fb115418484195bbe6b20c8e8baa424008e19d7ff679c7eae61d3bee684b64f584aa90bf93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c37743f236660c6d5ddf58dfa52e12d3

SHA1
c6656f7d3eb422478aed7036d136e856d0e0eb9b

SHA256
c3a77dc9d10d52a90f0867959b65b90cff8817b42045f89568431efe7c1c2902

SHA512
90e2c368b85616eeedbffe01692d6b6ce87e2e2481e2e4cc2a916cdb70d1559581c1d2b780816e981270239db57ff68c6f8fd3f4db772c38c2c1f49c18f47315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a99e86e9afa8253dee7a27d73a675484

SHA1
88b195c4993d0e743751b59d934e51438b3203ef

SHA256
de7d3201bbda034fa7ad35483042dbec63c9347fb46075bff621a5854a133bfc

SHA512
663f37ca0b88b48da689e26b9f87b68f79af83f071ce7ca05a5cd6ee2458874f9c6975f075b272f15855f1801997f284b26bd773c76ff1993b8312cba84c72e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a1a7693250bf946c7c154f62fa3a0d5

SHA1
7438720072dd74bc1916843cb7ecc059fb9213b2

SHA256
305f45e409b1c66ddc43f0c543d6a8145f031668be214f2c1e93efb113ca7366

SHA512
65003705d69e55ea0151c0b89e8ff3a939733ea911b5484b7b87a7b114ced8be0abbffcc7e3b5fb5a1f9793732e50bf615fa989706f510fc90690edf940cf67f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b4259e2fdda0e14facda1d2c4a87b68

SHA1
0d92f083c8847c0b48e174a2020a7b11c1801aba

SHA256
9a7249b1c6b12f09b671cc784e1e0f60a210c1bd6fa1825f2fc24a74a8c40456

SHA512
90ae93f388c6b07c97f27bf9c4fd2022b2bdbea983fd76c615b400c58f567754cf495f57e0a48ec9d293fafb8b2dd82a7496b8edd20ea19dcf17a2f2a8207629

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba7065b1d839fce1bbfac91e0b74daac

SHA1
86cc676212b41970120ffac61ab3ac66afbc0a42

SHA256
f26f00dc6e604e7e85b3ce01970eb9c7d8403cb9c0526ce496a25619aa8078be

SHA512
4cd61165de0144716a0c0bf657a168fa08c77b2b4fe5e4564e0480fe394fe978cc20837ac68c2f7e4844e06b9c7796cb6167ae69e377d0c79e2ad5d96d2be952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4606a1cf8e6f41c37c5ebbe6e754b80

SHA1
a457a2945a2f900f3c6ce2391996ad7527c6806f

SHA256
e1bf2fc47ef6dae6c4ccb24b8c989cd517a5bfd043c8234c8847ff1ae94e701d

SHA512
bed3cdc8a45d2e3533c67a5d52adb41a0384a70e178b94fd36b66bbec892e747f858db185ff2100ccd977cce52ef7893e5c7b761f6eac30e8efc87dbe1984721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8acfb87e2f67fc416538f09c2c89c6dc

SHA1
401cf60a641ec3208ddd23e9b36d8bb09e6dee8f

SHA256
276a78437fa9a26f6c122078b39185b4bc0cc73eb12f03863b6a9afb10deb6e7

SHA512
7edd442e930c97f1e02f2d8a7adb9dcc524b1cc75004c10eefbd005341083ebb31ae60d2c786f484440c75bde059d7f9b383841c23ffdd25a1faa569f2407a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b772c12c36902c172e9bac449f58e98

SHA1
501164558d9cb21eb6f5e8793fabb49e1f178538

SHA256
163e181362ca5dbf28a96eaf18a13ff45aaa20896856f164fc20e8aadba49337

SHA512
808978a7f193827c3c6b1bc1afd588926c13f2ef8035a091a62dc8bdb190f3f2060f423579426983c38e777dc70748349636937f304df0ee5e9dec79437996a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0981200a6241830003e2a8bd6d5be59e

SHA1
56a9437a59d7ad3342e71651aab4b44e403b5223

SHA256
e7b047086c062d3912bc47efa90a3878b725e18a9dcc95174b5a3e9120c9514a

SHA512
82af2dc1fc93f498f337b4c151ec55bc32c00843a7a97a186eb4a28676252446ce67dc2510d9f657f7f9cc5278e7dc1a6386aba974a4a82a12491021a5525398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9502569a5f067cde91704dee8831e87d

SHA1
50836be713fdddb1dc5d243e3b10a378d694d77f

SHA256
b21e64befac21a73b27979cb8f5a905ad5b2847448d8b098ba8c5839683ab77c

SHA512
df0e3d43fa50374575cc7114a348dd4f4e500b07808d38beed2d673a4e1d2fe61fa8c1771cb4044ba5c04b2ab7ccdf9c152b57e347bf86b079d92440ad31b349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec054a0802749d3ac57e0bb52fb60c22

SHA1
3295eddd5128519055b44b13b654ac6fd7f6adfa

SHA256
43ef167c3e7e31a4e150d3181f9aaba6738da953411fb0b1d6ac6c57fee2386d

SHA512
f02b643ef5a2084f025bc4836896b3ff4d9b1445720f554c3186dea35e4d40fe7d2a7e1823b1809cddf2792bc9d8c30b5495ca96d02cbbcc7c41b2f00986430a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab9044c41b8fe5bc91ee68ddb109b33f

SHA1
4f1ff3c2118a279806b5892edebb0bacf8242a85

SHA256
8532ac123bd38e26c1ac0f96ceb9efea3c44f8f678d1cef55a64892f972f8e5e

SHA512
9a9cb931d02525e534705b69d258cd96599aeb4547552a6bf29feeec36329bab16b72e69dcc647ab2e6199122136b86f5288f8d5fb7bfdd7fcbc1c42e7087941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
27029f4aaf82426cce39209ff2d7446b

SHA1
036e24216612a29a900c729ee26c83fa9acb812d

SHA256
931662d2a90ab66d0d87666f1781f30f4f921eecb2d9da07c932b0074112e779

SHA512
8e62a8a007341914bbf0321f643809061595747d77210cdcf3bb0ea556f781a1ef6108451040d7820569136ffc39def7ea966b551228d1abf0c3747be9db65e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d1bf42e1bcf3b181eef29b5d19b355e3

SHA1
27fbafe9d8a1d8b0ebf69fcd00141402af1644fd

SHA256
2828f6f4e96e2608363ef56daf27d319c6d0fd7faa47201cc04c0d614a9afde7

SHA512
7d8e3e865ec4ee51946c2bc9c708846ae340b7a3fbff7948b4f6aade65f9fe11b9aee0a41137899fcfc34429ca21bef62f838f4fce62743fbee5bcbafa21661d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
571d4e0393273416936757a0b20e3181

SHA1
ea59b676382ea9cec4587009462c8fb10b592919

SHA256
e962e834eeb54cbb4047a42066cf6a1da7e4e9dc066c26bde255c6ee5896c655

SHA512
0868b5f6cc1251db6f041660c913c2fa32e779c305e0609dd5ad1f299f5641063ac5c35e92e4a55497a94208ae12161c0b88f7e94b5dbeb4308c9ccf54ab4979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
258B

MD5
c8d9271b0f2a0a7aaf8f86bf8f12520e

SHA1
f981e8d520fc0cad4124d1fd134e3932a68a97a1

SHA256
f82e15698e97197a56993289c5150a8e76f128a9abce413af715d5a931b21892

SHA512
0389187c4426faf19eef15244b21d1f8699de965a09ebd0acacb2600fa840f5bf664874c3e28f2416968de91a0a8dcc759396f6bcbdd2e77d8ed8fe6bf1d89ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
407ade7cb162c15cfcded7e800c4f6fa

SHA1
9482f632d01d5f6623551d6ad82207654b21aaa8

SHA256
c30bb0f57e9e3eda5e28e0f1f7ecdce6d7338f326fc03080c3a131500d078651

SHA512
2e3ffb15e1aa0502b4830ee32cf0d3ef3251201d9a11c5b5bd8106eb5435b6a6eb8be4f6878958dbdf8c5c2b5085ab5436a58bb6fc923d8486c8419dba47bbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44484ba28913f47b438fd8f69a78316f

SHA1
6bac7f6c51682e746a6dd1eec0478f6ae49079a2

SHA256
cd71eec4d964fc58069f0c853eda6aa2d63fdb3006a0d2c5d076e9d5d8d84c07

SHA512
90b7192f74596dade1dd11a9fca5b53813ff766b5ea1ac30dc7d6ce1441fd4eca5691bfd65cc9ff063bff6fe8ea7ba3ca590eca566cda4ea9f3173e766a10aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71fd23a038801c693f37aa39759d1672

SHA1
318bce93f2cbbf0ffba4fa76830eb8150c08a041

SHA256
d9daaf8786b5e3fcaa6a5cb90116fe826eb4c38129e9978028e12af3c6297a45

SHA512
54d1905cee869dde61a4ce71133e99a962f8b36da4083e8d0457fa77974818a2f792b506f77d18796f79cca2b2319a489f2500b1276bd9a3f728e23c15d3dd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ab8cbd779a3c82b1ff389848a0412e7

SHA1
4e63d9f6b07753220ae131df502ada82c3d4bc4a

SHA256
aac9327d8960b3c55101dc82c612efcb879faed02832cb863bc26b1985eadd89

SHA512
80f82c36054b4970379e72bb05f39ac0e6e4239fe7ffa509fe2a73cff07ab683475ef62600c7b4138410508da6c8a8eb03c4343249a6c3ffc2c1b496b79ac853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b066f7e9250657bab95551a03134bd0

SHA1
6922985ce0f2b04ae506bb811e2df1b95c9a65b2

SHA256
719a398cfc6403fbdd18ef432809c94295d1a36f591fd3bc87c93cdfdd262d0a

SHA512
f6366adfafa01897e8e1e65c78c355af8a4a337612c11bd791ab3e40945e2d3181a0b19e8753932659b4e575731525b5cc794cf2a62d961b983030276155a8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8c26dde17bbf13c980659a9298d4c5a

SHA1
ce3a5e4d805e83717d91f5dd46a69cb6fa4b381e

SHA256
8c8c942274528e8034f603cdcfad2b2e0fb4f93e4266b3544636b4d674699e72

SHA512
53567d925eea13573898dcc68a852de098b066ddaee92c28455b945e2f6a7f9a7c50fc6b9c5973a895e8dbd0fa42024cf91868a98ee85183a4be6a8aa1ebbd18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json

Filesize
44KB

MD5
1aa11bdd6fed1b8be48d1ead4746932c

SHA1
13c69f62ef9d3e2fccd4e0bfd1951c3ce8bc02f0

SHA256
ef1595e5b981bd922f4ccb36a12d7b2178d901273d1d5183d345a7c5492f8f42

SHA512
308e4195b0765e27473f3f6aa4d135158c4c11dbe6bf2d293246c4b089398111a11771cacc36d9f80cdedc90bc0c24642b8ad07709b303f0f9d705392851ec8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\0E2852D3D690906302279FE9F31F3E4B97C65718

Filesize
34KB

MD5
a4313ed8a655a1014a360f0077637fa3

SHA1
3ab2c67d4b3fcdc101677164cf6cbb58dd02275b

SHA256
e374a282b4c35f51f60c0328f50ad528ca6e6350e0431c99a94daf4aeb9c5a30

SHA512
febf6d6e00f4e0848b7ee2fd0aa3af26e35ba3b20e0d6f4222a646921c7e08cf2a26544fcb8d99ea3193530308a30d3ce95d505f821bd990d01cbed6567a9952

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
efbbc3767977d1a39986d56904165e3f

SHA1
218cd9067226d7a0e32e7c8f02e65a2d5af663b3

SHA256
841a7df9ac0949497b3bdeab00c64ae695d08e3b86d47060492d339a027b6c7c

SHA512
80ce21cc6f423241fb92f7046d8b445b798d51120d6729422878d751e7caff9fd2585d1438ad9e17214464c7e565222f1eac4c910f70a8ac1f1c8bbbe92f6565

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\OUY60A20VOPXLH1UGTKC.temp

Filesize
7KB

MD5
7ca4d773b514f0ecfb39f1d555e86dfe

SHA1
ec955547aac3ed9cd438591a51edf935fea8b34e

SHA256
70bb444432d63fe1c0ec1177ea6bae2ef4134b3483ffba428a22601c119c5cee

SHA512
031216cd2e66c18b00429ab15dc538be79fb65b25bfd03f85dcfe21efb84f2d2c1d23df46678a14ce34fdcfef5c9173c959d84e276e105f6ea45ab5906edbfb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
8KB

MD5
e0b9303c02eeb1196672d043246a80e1

SHA1
e771de959252c461d34e466f572da58d84177615

SHA256
dde72e1094108a6da3864e0a223d119b10ea58ae50dae5f5f1b8c2e9965a4a08

SHA512
a0acfcfe07d0f7296c0e5baa9cdbcda7c27bfa5a55d726dd6998ec0f49ff68bd3e66fb7cf3949f184b4860c4275f2d3859929a2e3d99523130961fd8a1881b6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e6d06b100336ed49635b7347cc69bb43

SHA1
6b0eef73299ee90309fcc367272fcc8a00f5143a

SHA256
d4f440962a8ef9eb60e4234896b2c8c9d2cdb33ac72f11da919a6c91210673da

SHA512
6acc0bc1cb4bf4734cf874d579ea03a65e54426342e1d50c69bd4fd1c210a1fac0716224954664f0a9cbf05909f864819ba65465c092ce30f8894af8cdfa31a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
955ab83f906bfb770c78087a9b36f1e1

SHA1
937670fe7977eeeb089d621320658033c294af86

SHA256
93cd4965f7779697dec3393f93d2a9f540818c949bceb42d4a0df3614df8d4ee

SHA512
4a4b99a1e7165accc8c648dfcb4b22f093e8b428e04f6c90941a71a7a683b58c138235c74174a9cd3086907a48263fcb9196a2f4265427b87263f704c1a217b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
242f8750ae1da99ebbe307eff42dca29

SHA1
872908dd35e7d72883b402d7a7e584020db781fa

SHA256
76592887339835928b7d646d2c18f7cbd990ae543fe6e92d16666736a9eb074d

SHA512
54342f9d5eeb915b96898dcc98c7d55d1e645de65f4e3e5a49e0eae0c620bb05e5126f19fb74ce8c04fab0f63cbd3510d3f7c76c5d40f64b4620d9a40e23aae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\736699e9-ae95-4bb6-b1b7-7926fe8e34c7

Filesize
25KB

MD5
5d43b94049fa9342da9923130ac13bda

SHA1
0bb308cab5e61f9f38e6e64a9c52e16a7abfb33f

SHA256
2a575f7e5758f809bce62edb214b2152468fa603a44d9dbc478e9ac1573fac9c

SHA512
c54c837a4bfcf6dfd2ebc8811b4b22a134a8d1a2561e3c40ca22fc002cc70d0d2369146183a780e62889bc7176212a57038068ad1c39e9a504b836eac84a0873

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\9da2a21b-2aa4-4e13-99c1-54371bd5093a

Filesize
671B

MD5
bd3f0649df8d7ca1d4cc0d9278808c03

SHA1
8e3bc1fa9c6bf763ae3d8b2234147096551e0c2d

SHA256
53ba92dfe1e7cdf4a338c0435d19813320dd8bf922d04b7b3b9acb5f29d3d178

SHA512
90e9393e46d3f71d08078faa446a821b9ff2ee2f2f88f31a9e10ad32f684037811d10517fb56b77d0d2ba903ae9a2bbb2e571ad8a70d6c7daec3309b6b8491c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\a0a8dcfd-df0a-4c3d-8c56-1835a1592d64

Filesize
982B

MD5
b9ecfcf651e06e9d6a7bde43ca54bda6

SHA1
0b12cc2a9edbd05eb004c95ae7a474f76e46e15f

SHA256
8ff85371e4560352a9ae2dd74ae0001e2875bdd4e50a923184af429d5bac6dcf

SHA512
e7a3460ae9bf5eaaad843f89131e8c0f3971dfea9be825a2a58687752c4b74aee428139ef869607fd82a09ce14313c003192b30fab90f12cd931c3591466a4d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
13KB

MD5
703e4eb3557c4dbd2b4aef928d80a742

SHA1
a72dfaf53d6207b88f3b9c14be6c87bc4c69bdb7

SHA256
d793a1a69dc7e030619c6f4ac593fd5e6f826ab8754e622fc0009ee9557ef403

SHA512
9e0f9381ef73585a8f58b336b7b6611171619016af390cf7bf9cd099d209378ba76d9bf129e368941ddec95d952aa5655a6344db9c2471616fff143fcf84165b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
16KB

MD5
e360f868b7fcc64cfcc22e9867f9e8a4

SHA1
574a7b5a39af6f813140baf60e3f091b49e7ff5e

SHA256
bbe6e05c6852409edf8a5ad194f11ada53879c871191f41fda8c9e0a239c9253

SHA512
08ae538e510772f8331b8d491866a2d8fd8d9da0c34230a0de78a1f040d2e3159f7ac5e8766f1f60be32b339753e85807f970acf7c434e70d53b79829831533f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
11KB

MD5
c5acde5926d4ad1317c2d8ce491ea73e

SHA1
a65962494db56a8be0bb8090e068a122f437f224

SHA256
9db98fb21e498e05944e925fef143c689e1a46cc7362280201be631c55d8ee36

SHA512
7fd53ec7eb1507cccffe61c8e2e2439c912dd019592c119b2ca644436c482a3dc25a60e03db110f5fd4c8ace5b5b057dce054425ff73a65541867a117d8d63be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
f588b4d7103c48500df93fd6457a94a5

SHA1
fe61fabf0224f6c378c21a38cf9b4ebfc42a2b26

SHA256
82a8561b35ecea286392c468a57fb613e0ad876212b8e15e4fc243c8a4010c17

SHA512
3a83639b639c1bb101dc613b608ed9e3dcaf6cb2c181a2d0c6553972649c1c9b2d1a8150f92d62f5640cb58030d55087fd385dfc06b5471fba59b1552aaab172

Download Submit