83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
17-08-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe
Size

89KB
MD5

022a82f54407e185853e6d8efa72f6c2
SHA1

3279c0a28eaa15fdd997e3818db043cce1861a1b
SHA256

83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965
SHA512

b190e6de166a468d32ca513dc4953410d0ab7e5e1bb0f184b5e6f603c0401de0f000080cbb8fa879407cfc92cd4892b58619714f681c08e5ed0d79f1f150f11e
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfIxyvO+:Hq6+ouCpk2mpcWJ0r+QNTBfIu

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683986598230024"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{37047131-E1F2-44D6-B91E-2CEB0887C2EC}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
1364	msedge.exe
1364	msedge.exe
5056	chrome.exe
5056	chrome.exe
6596	msedge.exe
6596	msedge.exe
6164	identity_helper.exe
6164	identity_helper.exe
5056	chrome.exe
5056	chrome.exe
7092	chrome.exe
7092	chrome.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
7092	chrome.exe
7092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3372	firefox.exe
Token: SeDebugPrivilege	3372	firefox.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe
Token: SeShutdownPrivilege	5056	chrome.exe
Token: SeCreatePagefilePrivilege	5056	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
3372	firefox.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
1364	msedge.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe
5056	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3372	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 360	2680	83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe	82
PID 2680 wrote to memory of 360	2680	83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe	82
PID 360 wrote to memory of 5056	360	cmd.exe	86
PID 360 wrote to memory of 5056	360	cmd.exe	86
PID 360 wrote to memory of 1364	360	cmd.exe	87
PID 360 wrote to memory of 1364	360	cmd.exe	87
PID 360 wrote to memory of 1144	360	cmd.exe	88
PID 360 wrote to memory of 1144	360	cmd.exe	88
PID 5056 wrote to memory of 1564	5056	chrome.exe	89
PID 5056 wrote to memory of 1564	5056	chrome.exe	89
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1144 wrote to memory of 3372	1144	firefox.exe	90
PID 1364 wrote to memory of 3408	1364	msedge.exe	91
PID 1364 wrote to memory of 3408	1364	msedge.exe	91
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92
PID 3372 wrote to memory of 1752	3372	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe
"C:\Users\Admin\AppData\Local\Temp\83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\952B.tmp\952C.tmp\952D.bat C:\Users\Admin\AppData\Local\Temp\83aa0fba2c2ecba612b5bb7d91eee5c9a0c3e2f471f61b414d54d43ea6aed965.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:360
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5056
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff95433cc40,0x7ff95433cc4c,0x7ff95433cc58
      4⤵
      PID:1564
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1820 /prefetch:2
      4⤵
      PID:1172
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2100 /prefetch:3
      4⤵
      PID:1092
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2204 /prefetch:8
      4⤵
      PID:328
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:5372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3180 /prefetch:1
      4⤵
      PID:5396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4424 /prefetch:1
      4⤵
      PID:6004
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4644,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4612 /prefetch:8
      4⤵
      PID:1620
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4368,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4776 /prefetch:8
      4⤵
      Modifies registry class
      PID:6036
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5084,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5092 /prefetch:8
      4⤵
      PID:6816
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5288,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5296 /prefetch:8
      4⤵
      PID:6880
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=224,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5092 /prefetch:8
      4⤵
      PID:6640
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3744,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5460 /prefetch:8
      4⤵
      PID:6648
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5092,i,16023650671399559786,17637798552474836558,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3956 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:7092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9540f3cb8,0x7ff9540f3cc8,0x7ff9540f3cd8
      4⤵
      PID:3408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2040 /prefetch:2
      4⤵
      PID:2040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
      4⤵
      PID:2904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
      4⤵
      PID:6884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
      4⤵
      PID:6916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
      4⤵
      PID:7112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
      4⤵
      PID:7120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6359295425234013235,11969385975702968263,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4860 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1144
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3372
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1916 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f657bb41-bc14-4298-b508-ed6cce885206} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" gpu
        5⤵
        
        PID:1752
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2384 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5455488d-883e-42c2-8e15-d518b6f4aacd} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" socket
        5⤵
        
        PID:2428
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3028 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b72fa37-c550-4df8-87ba-6a9ada8d3c70} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab
        5⤵
        
        PID:1704
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3360 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ed4db11-f42b-4446-83ec-8e66ebb37742} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab
        5⤵
        
        PID:1680
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2904 -prefMapHandle 4040 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04f3611-562e-416d-b77c-6c09ac99e839} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" utility
        5⤵
        Checks processor information in registry
        
        PID:5856
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 3 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20697a93-b686-4e1c-8b68-7302e7819825} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab
        5⤵
        
        PID:6156
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 4 -isForBrowser -prefsHandle 5644 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef4ab5d1-83fd-42a8-a90b-06c4aea2f98f} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab
        5⤵
        
        PID:6168
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 5 -isForBrowser -prefsHandle 5500 -prefMapHandle 5512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38dd56de-01cc-4466-b657-0bc20913075c} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab
        5⤵
        
        PID:6180
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6180 -childID 6 -isForBrowser -prefsHandle 6172 -prefMapHandle 6168 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4271cf1-2d32-4f90-a7cc-e2cfe7206d83} 3372 "\\.\pipe\gecko-crash-server-pipe.3372" tab
        5⤵
        
        PID:6720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e1d84985ca6e73ff72e6a0f3a28b1738

SHA1
910eeecd408f3e63d272e7d1fe64e331c892057e

SHA256
f01ca1908988a191160612cae83d7e68ccb2beb0a9c05bd9a243d366d0705847

SHA512
551c7e44e8efa7c641fdd5765f65870234a0f4b3a3bff7bcb7d5b11ae20b141b36cfca5277af94e16c00720942915a725d278f380183a0dde0e86d3e2fa8e845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
d137a6fded40df49177180a5b104197a

SHA1
9d15a3b24f3940cc45b1194b45b5a852f8df6ebf

SHA256
9eb78cff6ee5a6d8e6fad56b992731fa3403b85e57f6e96e9e63c57545121ec7

SHA512
6c2ef56263c2b468dddaffe0f1f08a6f0d8b1ae5854cc1000c4b29667f529372dc8b9c678b27b884dae01cebabe5af2388345fffd2ea47dae392e9b9d326e760

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
967a99fc2e0fb35cad3b411626d9dda3

SHA1
cdd4be0aef6db602f409ba61a8661968f4f45155

SHA256
c7749903a2fbda4ffa8744b2162aeae0b303dfe8746ee28d855703e6d0a80955

SHA512
728d597dcf98bc24275d547b7fb846b417d5260da65eeab456e85c1fecce06387f11732ad3b90b38109ee2cf9960fac4a5e55c1e72cc7f81a60cca928b6cadfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
93620e1fa897a807bc54b4325f8fc240

SHA1
ed556fdf198a65a27d472d3ec9ce1223e3ba3e07

SHA256
567cc91cc6de6f67a1722c403a177cea150c17036db09d39caf87402899b9d21

SHA512
a8b70e632bb225d6d6212930b16284a3a5aaef4a24508207aacd673ccd7f6d5435bc8f17a0cb8a0ed09e2b3b8030fab7a5978704eb075bdcdf6d9f73204081c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bab5facaeb18e98537e708b2bfe4e49e

SHA1
de408509ff1437981554b68b56792fbe0ef65200

SHA256
d4b8927d30618c7e492d601d436ab6c6b8a83f2b661fbf4bd8ba5b1732fbd01b

SHA512
76f5d6e39c73e3a38083b033946c15921e84972cc4bd30a0d897f0281d9f18aede69c1236a60953c96973048c7e53672956a0c3b6a363aaf48b598f27ffcdb54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f09b3ba43e94c83a88d1de63d9e3c143

SHA1
e13fe931cb5ba8f60a7dabc757f5f0c18bbb7acc

SHA256
374df69472bf27035d96bb5995eaa173443a061ec0f83b058fd238d0391dd996

SHA512
f417d0221612611bccbae3ef6df2dbdacddf39507871a4f3deeac006211ca2c45198c5fae4aaa5d9d488e416d05640552bb9a17fd33317539aa78a15d804f969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa7d4e82a85c9684c0214551e99e5e23

SHA1
15712a389c9f5746fcee68cfc8c49435b402eb96

SHA256
98685bf61c30b9f954f64b08f42837c4b454279e6688d1136ec2ea5c56beea6c

SHA512
ae394207a5849941a7cc0caa00a3c6f3578d918f2219763f1a1dc1ac9362610e202e8aad2c90e0b1bd2c31adeef132cbd175ad546f4f61d0943bb338b6221d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6b08ac8d73cba647faa47c5afff81bc

SHA1
4b0b30d9380834a95503f9a2b5f3ced7e6540ca0

SHA256
962778c6fa680bf5f05d9e13cadb5bc3e80c6bd47c67d92a6dd2ce9e3e50a2a4

SHA512
bc97f63193155770bcbefcf2d5ae89be030b6a5b04c7a05a579e415faf7c4c7ef3dd11888150678db5f9f2063d7cf9872fdddab44261d327f15fcb6c3f5a78c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df99494f07e5dd2765dd977d635a48fb

SHA1
f48198d3057d763aaed1dab34f13a4ffcf32dd44

SHA256
621f43691a0dd1f35a16e8a810387abf0f93838d1df00748db0d958bb347c3ab

SHA512
44fc25d16e76109376e545f688e40a5c51d1162c23eafd5e22382e45d66ba4fd36c8716f8493e67ab8be6b4f6042c16d39e8928e03bab9def2715e7a35687b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac2324e693e3bfb51fc0dc5ed9595b33

SHA1
c8fa5835e408d4381e15d402b9c4bd20cce00bb4

SHA256
8ee8b3297133c5b44c79f0b3e2b786f9d9d7b6a2031e5311dd823ffd82e65acf

SHA512
e07d3abc9dcc17d51daf42304f3c439d705f9501e9dc65f7feece0415178af81e85b4596519f98d56788d4813cead5d850fae8ab0a58ad8ca74ed699f735e608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4b0bc6e07e8f209c470ef062727b01a

SHA1
d8418f48dc033ab7f599372bbc71a631c54186d2

SHA256
569a524d10f1bbaa3d90b20693c5b37fe5684470dcd22f5f1a94431462292886

SHA512
75dba60322fc19d7c54b7c1c9cebd8117e2462fa33d584b3b17379ad2416b69a1416acb7976208ea1d47cd7987e24a46f067dce45fd39093ca4b54763d32ab4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b251b187dd4c6e8577a73b848f6ef97f

SHA1
7d8139463b71465e7dfae6eb470b7cd763b6068d

SHA256
2bc7485dd1b8191424344b838289473a3d5c050da1eea5032a9f1717ab744469

SHA512
3f92d51afd10f25406567946bc0d1fb882625d34f43c9f0360bebffb268ff73904537c284a872d195746f9375cf7f8ca9c37207147b672401369ae05e6c0ffd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c73662e955f369f98392649433b80969

SHA1
d9f08259dd4757fdf070306fdb30497923ff8c4b

SHA256
466b8dd2dc59e215504d9991bb75b6347ec7e4eb26e176149d57fc65bf241ed7

SHA512
d547449eb3299f2043f8c1b763787307c14a9e6aa15ffb881791dc319c0f0910f7fc5c78191543191e53b4fe99cf13a749a5bc300d3412a5d4cbdd29c729b40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d55a62ac2e8d7f6da636903bc4010ab

SHA1
424f3c72628ee0daf27efc79cbe806dc98499332

SHA256
ecc0175f6c296b76451f67f55ba9d8a59c48639f995140e6a4fcc039425f2463

SHA512
5c0a6d75bd37a7bc56a7f0f9580f8c1cfefb168b13335f748a0178f14166bf72266df950c909ead0902cd86a65e07fc4edf9ecc86e690c5f29c142f04fd01e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c08e9349e4838b91dedff58ad54ed71a

SHA1
14fd69b244ffe737702e34d8d9ff27c8abf34efe

SHA256
7c62808c65049f13aabeb4e8e0b19e769c0285a44b6e0ef816e0395a09ef78d0

SHA512
371db47bd0415dd287cdcc11a5c01af59086f0059ee396d2dcc49b26c14985dae9e65b34974840bdf66ed6fea75f77c00bd1ce55cd13387aa837012b2b749eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fffd68c1f1fa2a33e988fc3078f61641

SHA1
cbdf8c3710563a9ad36be11831ebfb91dec67ef9

SHA256
0f665c31737c67eafaaefe45aa6b85d875b191c825bf54877ddfd5047e93c323

SHA512
edbce8663e228541f824dc21325f56e4dcb0dd854c664e1df9d35891298e531ced7887b083c6afd13c6390f2e460069b013e1e413f9fe5c3566854f333307536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
727f7af3d70e4db394f8ca81921a871c

SHA1
29139ff11e43541f3b87c50f9f127f5c9fcbbcd1

SHA256
f7e6ba43b7accf3acaa8427cb2b8c92c6ad557eb8addc83277fce17d368760d1

SHA512
ea43f1e66ec4eae715dd79f475af34f575c658d7153c1db150db1ee05d9155d1a337aa645d498c6d029a30d28a671971efa54fd4a8e1fca827356b1cb6c9b4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
13bcb155cbae5f108addb25f73c8b132

SHA1
a43d250aad83ebb39df1b7b51c5f58b0ac769474

SHA256
ab172c609708449178b17338563197678d592edcaaf7cf311292dd6b69fafe2f

SHA512
46caa6f6d8d063b023c4bb90121c2f73e5933e65f92aba9fc511095add87e78821d4049c7bd7ad90a5a0af8d0abfa03b244162761d6709c840f7571a87fceaf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e4ea27c551df37ae9b7ad7d34aaf8d96

SHA1
a49130715ce40be5d142a3049bc1cabdd3aac521

SHA256
f046e51e7cd6517ec9297e09cba4b712b58f3d11b97e03c6363828bb04f4dc15

SHA512
3b9576c83e08bc6259aed27b6f3ef4b8a66181859f90db5ef1954da8fd3759ba517dfdd1015c6887e8ceecb9e3e8716764fe26eca1e9f8021a42723da3c12a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
238KB

MD5
14f887c4103c4671c885423612416cdd

SHA1
40779516b1cedfcdcc4c546510081818ab5d118a

SHA256
56d5aeaa67d085d595271442030c042d96b7b891777db7ca0019c426bb1e597f

SHA512
fec454f0965151fc211dee3273d8e5544422d6958c7b2eebf27899fd94aefc8b5584c8495e5acc3be1b6abf94cc5a4bbdeb3d9f485e124e557e28d602de24e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
ec0f6ab4b3ef77ddf91f49974682be98

SHA1
7c30e03f4de61964f8a3a35a550912112adcf116

SHA256
3347b08fd63fa891195c74d6544b0a792e7afc685c466f1ed4a18bf335edd0a7

SHA512
9f10a21f359d6bb802fa5bdbf2784b31484c78d809bdb49cbf5f9822b5129c52906e4226e42d80f4870477f89dc80321ea72b792a219741531cd9b3c51732ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
0ddc0ee8c5e7eb8dde3043363f21e2bd

SHA1
ff9afa365d82201dc5a6e3dee4d8c77bab4dc9f0

SHA256
3d64f5fdf79b87483bf1115ee8d78af17fd255ea036098e87b7e1dc2363b13cb

SHA512
90b0c8a31e4c768fa05798cfe4281bb86f5e2083fcf1324e41fb8268d7a5df9c25af353a53ab88990bd0e8a900f07713e46e4edc2041ff1eeb16e37de5de21b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
bfe927757affa74de1509f201ff5a206

SHA1
6692690110c7b2e2738bab9336010f8b093f1615

SHA256
3fdb87e3860bbf6139d06e9a22c783c25d33048540ee791d96b259ddc48e954a

SHA512
9817629ca2b605f3639691e7b5d342fc6ee85817f605d916423223bf21efb591be8a9a3353493a523ed8968baa5f2c59ab17d94d9633cb7e0c119c2611f0c5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
89ae55d424aac15cde0224944a6d1038

SHA1
b2064d6c4b393f9b54ea9919c01b78c9a5048b7b

SHA256
8bc41deca0d04b4046e2dbf8c0669c4df126aa415f0406326b25c09f16b1b8f8

SHA512
c5dd8a55e45ba33155fd9dc69d104e1e6e4829d0e6a5c8c5059a9633633bc6396b7743336f108d10c800b2df31a621a988cb4f4ce663d56fdfddfd92b3a8c0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3af4665c7a8b451a46d1d6f0b22ed616

SHA1
e2768ad93ce130fe1da110b774d1561dd6152928

SHA256
1841b802ac9a55c35088fee5ea06d2cbbc2f058b2600958fc28065c73cc62427

SHA512
207833a0411a7ea01dc6a8652815e47a201257e27745de78efa52a21ea60cff30cc9b0475775a348f83814135ed55a0a965c945ecfb2d06e721c70c7a1d588da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e09f6e0f2ed09bccb9faabc3b94e4c7c

SHA1
5c87e7cf1d4243ebd7deaa0f00ba491603958faf

SHA256
1f37aef6b76c17fcc82864ba625146b813c96ac775990bc02cea65c9b6b64f03

SHA512
b44dd1f8933e587a4d99b26bff51014881e6504ca38bf68d0d614ce259e244618e536d20e9ec7f62f541062d5dcc3efadb97c13c71eea1328ab1161bd741d064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e814c6b5c240350ea80601a1ab84b0c0

SHA1
a67900c03fc7b9e21971b5a2fdb143869f093771

SHA256
f4dd379371868beda01f9e7638f9580f1f9a230715725e57c02fdce555c81dd0

SHA512
072a2abd6178f6a4bda5fcbc2347f558040ebb602194222a1b43c6460df62ac673b3fd84a4ae799375c7cbea965ae9720eb58d9cc23bd3dea18f52d572612990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a5d82426ce4e1cef1d28d5643ee13c7

SHA1
9e47b7f798bff46e493ef35fa98318a86f6d42f2

SHA256
b6799a311f5bbaefaddd6323c94e7cb4cd2a25a0eab941f064994576d6df006a

SHA512
e08515f3f7c5f28bfbe47a2bfdc62dbd4ec859b462dd3069630403f2b5cc73de766636099dad06383bbe201ff6cc94bc84035f4673de36c84f3ca1ac5a9348a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\activity-stream.discovery_stream.json

Filesize
34KB

MD5
1f18ed948289ce7e39269d555a96f6e5

SHA1
8d26c87bf73c5a58c8461c927a1530bd5c3851f8

SHA256
623b2a977c794b9c1ee6595434fa8c0da7fddfc6a6378d87f352482a5bfb1821

SHA512
004219edc162ca229a294754bb32d4ca161d3394bb6f74f699875b08608cb40abf1c0ce544a678127742268466b98c06d817babc1c8d8959f37d053589859e83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pzaexue0.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
eb9f51aa9a2e79e906639f29c6c65622

SHA1
0a257356cac2f39ae9c405b341c92c7dec1daf62

SHA256
41498123c0ec70a9d17d86619b59985771ae7b46b5cc7251a233d68d8742a1cf

SHA512
9fdcd8861bf80e3a96b1c80bbff3abd6f0321ed77407d5aef67311603eef3b41245eee34341e5a82e633d017ca3c3a686fe9571780b6d7fdf9cc42788e6b45ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\952B.tmp\952C.tmp\952D.bat

Filesize
2KB

MD5
4ac6a9d9e192f54598f8b67cf299ea5e

SHA1
c3c63fc731603f581ab71bab7651a4d5112b04e6

SHA256
f1179bc15a8c644c353af64d6c6c3f13fd2d48eed2fb0b709a167185d2ed806e

SHA512
3ff1226c147403aa5afdc515f260849196dec92166273206256ce8437a98dc1dd3b2cf913861e7537ccf36d6bc53537bd49b600e9adb1671f4bdb3d6e3da23a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
7KB

MD5
f896f22b3e1ebaed6fdb3a57dd7e8eea

SHA1
c67ba216417e9c8f43a9aa8a51dcd54fb01f1d2b

SHA256
bfcc404a5f79fb26629fe314d77403efb3ebdaf30619307a92d1bde10114ee85

SHA512
8af10f8ab5016280148c9b5c7cfef0e8ab7881c6c4efc0b7b914981aa0983404b3cf42d2f6c4f48a86fa4fffcbf28b020ba2fb8bdecfbbb20dd845ddfe408f3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
16KB

MD5
894b1171ee49b6cb14fba8ad19f2b351

SHA1
36ede7c0e22c2ebe84fdb7cd48030ef11504a421

SHA256
038d8ba58f8c9d57be2c57066710dd765c28c5b2205c4ed92a00b8700c60b570

SHA512
3d515f5199704499e2cd8df8007a875f37496d0981ab02c8437e8d89f139372949c00e50fc7da70c4c9a60bbb2ce2b29ed15b49b57d9e6196f6a9da45d1d1855

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\AlternateServices.bin

Filesize
8KB

MD5
4841f32787d9e9e53d76fce212225fae

SHA1
5c94af829c16fae7b6c1cc5269a7bd94a0667f58

SHA256
2e6ee0a2221b0e3cc95217fa6e5660058add19a580c20b3e45a84ee1e201f362

SHA512
f8438fb757f809ca782a2c0c46f2e1289219e3350f1db7aae612f90f33fc929b2f6decb181f8d9de5a96e5a1528958f47612fb2096d39acc1506678231ec7578

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3993cfa9864d33d14fcd3f82da5f6d47

SHA1
39e132902f1bdec33adb3453ef89c5264c19a551

SHA256
de04f22a43d3099ab4afb2b228a5a2f9653845cd6def79766a75585fd203c256

SHA512
52933e067ca021e7a47c56d7d4a84d181fe929774d19adc2f33cd0c62fb30026b1ab567529751c5c73db7a5833b62b7d44555eb5e1e3f5a31088e5ee655197d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
19686586a9a1ca5786463713dd4b16ef

SHA1
f71a10c51fdc9833396454da9f93fdb698117797

SHA256
08f6298bd8bf2fbb27ee1af45bfd1f09403aa4106a3c2c1a1829a2d99f0e2a9b

SHA512
e3187af24c8d331fcc2734c6d46fbfd0a6bd10ab8adab4f917fb892a45ac8c8ce1a863004b422c60028f7a915bb0ef568a1f99bd7010b531ed9df0e51b3a6998

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9b82a74920fabbd0a5c5c915e97f9bc8

SHA1
644cf79d8b84ab75a3951f142e6708646f3fa2f0

SHA256
5f81ed0b4bcabb6d21444246d8d0061cdcba64f060d385fb72c539ddd3947715

SHA512
710e0127805828cd79ed616aac9efb797d8d169af622e96248ce925767780a2dc0ee2689ac61055c351dc24dc11952e8431f77be4f2f842b57126c650c6a4624

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
572e547bfd5f0e8b06c4ccde3085756f

SHA1
24e633413c9162f265bb7b99bff07a54e4efba96

SHA256
67e60a8c36b45a4d102353178f5e4d1092e2b68b846c8463f2d5522270cf436c

SHA512
1c4e95fc8c2c2cb1ba989fefc3a54a98178ad79748568b55fcb44fbb5d1b58b24c6602a362fb799136496faa8301ebabe538ad2371795dede355c628ecd581e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\305ba83b-aab0-4620-bd1e-4e5e5bdc4969

Filesize
671B

MD5
356321e06cd6c5e3d8506121cabc7e75

SHA1
38ab522582455324d81c125373df53a5379b305f

SHA256
23ae257ad7c8295035b647d32412ef1a2a09f4636a5d5890e77462a6377914df

SHA512
42458fa2c851a670d3885ab5e037c66d626e9d3e06f79850c387e709ec05fbc036078d2c7c8659f6ba6408cf8ff9d9b509eddd5f0f46ec2ab9241df7fab7b1e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\3a84be30-af2a-47c8-9cb1-86d3312f9ba2

Filesize
28KB

MD5
20d1f5071bdb73f341bef94fd93623e6

SHA1
3fb32bb0d1a167368340f07671ec4bb30914d298

SHA256
25d4b0011c84fa31969fc6ed2f52032656666a1d19c6fc6e7a2bfba8f8813c67

SHA512
cf0c500d9880724b56b4c1a160cccd70128d8d82240812f42cfb1be0bd8651f2fa418fe34cd8d39ae1e9db2563572e750de0ea62e37212ad6efb435a7224675e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\datareporting\glean\pending_pings\8058ef87-def6-4d45-93ab-7b57a3a7c56f

Filesize
982B

MD5
d12bf8b9079fd461864bf4e379fd8989

SHA1
eaf065977087aeede4350149f72b8b20c4193092

SHA256
961670c2698d8cc3e398c7bb5052b6759c00fa1db3d7a05b4acb02eed467a7f9

SHA512
bae4df6c492044dc93a4d2693a670695bb93f61a7bd00ed9bea0bc18eac1adc9509d2f365e5b00395e0e7f69ed70b0193eb3ecf717d0bddf522a541fb7bdc999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
13KB

MD5
a06ad29eab44e6e5cb40da5fff01ae1c

SHA1
2cfb34603267a2d4c1e82ffd6e37bf7c73aa952a

SHA256
70d92cb0107aeaf56baedd1aa5e3a7a67bd43775d5c7daeef4f0fcf0e2d1c919

SHA512
f84ea3345b2a0d223d94993ab3f48242fdac3f203715db2172967aa14f9aca326a9ec27b63036dfcfb2d11e1d78737c2bf0e4938332d51364ab2e7099cbc2e47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\prefs-1.js

Filesize
16KB

MD5
cbbbc5a957361f3355ff1892daa1acb2

SHA1
4668faa1117509c8e5d6a7ec02c6f06aa86752a9

SHA256
ec2280cf10c973d465555f4784bcd683caf69a197e947e6557360fca62a0694f

SHA512
5951c2a50d50a92f8dc38e19a3b07afa903e4cf1fdfdfe1516f8a047d5a9db85c2e1e57f74ba695c351e9eb4f0b24e374f6c544b00cdb99a6e087cc617b05bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pzaexue0.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
80512af196574983708dbf50f07f2a04

SHA1
be603f3ec41a2597febd51dfd4eb9422bd5cf3d8

SHA256
fb68a56866d9f74961d4c6510f1c9cf7caa92d9a620a318396107307b58b8d26

SHA512
ed36c34898766697039b87be572f86587aa1252ebae272bcd5dc16fa9cae6f5a69a90ee36ee0bcd77d98e39ff7f7dfadbe7aa031adb13557181e9d624a53ef27

Download Submit