3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 22:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe
Size

89KB
MD5

7e80ff7d706aa201f1f2e20de871a0ba
SHA1

96006ba4640dfafb5a043dd7d41c4dbe7ee7e588
SHA256

3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1
SHA512

217e7e83b069ccfcabf59106ed34102c335e778e91268d95c758c1cef2cd1321829e6d42d82dac6fd4d3040675797bb0171a935246e56f3478e54be0fa6b867f
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf9xLKZtNO+:Hq6+ouCpk2mpcWJ0r+QNTBf9ZKZB

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685805268911013"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{B8EAC0D8-1AAC-48A9-9642-88BAA9DE0E34}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
3960	msedge.exe
3960	msedge.exe
468	chrome.exe
468	chrome.exe
5124	chrome.exe
5124	chrome.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
6080	msedge.exe
5124	chrome.exe
5124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeDebugPrivilege	4168	firefox.exe
Token: SeDebugPrivilege	4168	firefox.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe
Token: SeShutdownPrivilege	468	chrome.exe
Token: SeCreatePagefilePrivilege	468	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
3960	msedge.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
4168	firefox.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe
468	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4168	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 1432	3296	3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe	85
PID 3296 wrote to memory of 1432	3296	3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe	85
PID 1432 wrote to memory of 468	1432	cmd.exe	88
PID 1432 wrote to memory of 468	1432	cmd.exe	88
PID 1432 wrote to memory of 3960	1432	cmd.exe	89
PID 1432 wrote to memory of 3960	1432	cmd.exe	89
PID 1432 wrote to memory of 4416	1432	cmd.exe	90
PID 1432 wrote to memory of 4416	1432	cmd.exe	90
PID 468 wrote to memory of 3484	468	chrome.exe	91
PID 468 wrote to memory of 3484	468	chrome.exe	91
PID 3960 wrote to memory of 2052	3960	msedge.exe	92
PID 3960 wrote to memory of 2052	3960	msedge.exe	92
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4416 wrote to memory of 4168	4416	firefox.exe	93
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94
PID 4168 wrote to memory of 4708	4168	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe
"C:\Users\Admin\AppData\Local\Temp\3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F750.tmp\F751.tmp\F752.bat C:\Users\Admin\AppData\Local\Temp\3f474398bcb41513fb0ad900ff7a537cd2662fa6ce89911ad2be9abc4b6cb3e1.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1432
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc0b0acc40,0x7ffc0b0acc4c,0x7ffc0b0acc58
      4⤵
      PID:3484
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1888 /prefetch:2
      4⤵
      PID:4572
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      PID:4252
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2240 /prefetch:8
      4⤵
      PID:4952
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
      4⤵
      PID:6136
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
      4⤵
      PID:4048
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
      4⤵
      PID:396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4756,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3964 /prefetch:8
      4⤵
      PID:5640
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
      4⤵
      Modifies registry class
      PID:5652
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5276,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5404 /prefetch:8
      4⤵
      PID:2928
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5228,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4348 /prefetch:8
      4⤵
      PID:6312
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5044,i,15002172051182728383,9267180861781333100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4884 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc0af646f8,0x7ffc0af64708,0x7ffc0af64718
      4⤵
      PID:2052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3717715311117294810,7918708342805165912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:2540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,3717715311117294810,7918708342805165912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,3717715311117294810,7918708342805165912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
      4⤵
      PID:2504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3717715311117294810,7918708342805165912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:1700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,3717715311117294810,7918708342805165912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:2584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,3717715311117294810,7918708342805165912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4416
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4168
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbf0cb1f-1367-4b3c-aba9-e20eeb2babd7} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" gpu
        5⤵
        
        PID:4708
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6845f8d-82db-424e-82c9-7cb7daaaff03} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" socket
        5⤵
        
        PID:3620
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3184 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {607f55da-1f9f-494d-b86e-beba489d0e05} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" tab
        5⤵
        
        PID:2964
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1448 -childID 2 -isForBrowser -prefsHandle 3820 -prefMapHandle 3324 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55ec781f-4c1b-4047-ae5e-7ad02284f13d} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" tab
        5⤵
        
        PID:336
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4556 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1236 -prefMapHandle 2612 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02efc7f5-85d2-4ef1-ab61-d37785668cdc} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" utility
        5⤵
        Checks processor information in registry
        
        PID:5756
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5176 -childID 3 -isForBrowser -prefsHandle 5232 -prefMapHandle 5280 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b2e1997-2ed1-4e0d-91d0-2ec0d4bbea07} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" tab
        5⤵
        
        PID:5456
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5176 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85e373ad-676f-475b-a003-3add9e675907} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" tab
        5⤵
        
        PID:5488
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 5 -isForBrowser -prefsHandle 5592 -prefMapHandle 5596 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a444a34d-eda6-45b2-a841-9a18e08e6c67} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" tab
        5⤵
        
        PID:5496
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 6 -isForBrowser -prefsHandle 3824 -prefMapHandle 3368 -prefsLen 27337 -prefMapSize 244628 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddda68e7-26e4-42ea-9e92-17128204066f} 4168 "\\.\pipe\gecko-crash-server-pipe.4168" tab
        5⤵
        
        PID:6324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9ec95f3bf3350cd83e24c3c6d1f5a2d5

SHA1
6ae3614ad1cec98a3acab57b19c75aae669c9b53

SHA256
d6516ea841e93447d756b0958a66ea45f26109dab63e083b50e122786d4a38e2

SHA512
f7f8affe735968c409613c8235451fe500d7ef860f9157eac7422bf431c4bd35e199d2fd8546c65eab612f2bc97060ebf6876c211aac488fbba0f31c2567d17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
3b91145a520c03fc5c8275c1c5936a78

SHA1
ab7d83a1d879efa39cf2e33f2493bc9aa76c3c46

SHA256
95b829b766258f8a60a2fb31cc8022da441c235c7de21a7c75842ebceb222937

SHA512
d4381312cccb989d7c4d1d68cb2523077385e8c487d159502a2d5f1ca40d6bac406a75a7300f318615647969bab814e93d651dc1297699acd6e44c0e63eb7d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2c8d17730bcb0cf4c17aaa4e19b99da8

SHA1
4927eec8d1e4f76c35b6e43c2cc773e6953d1d05

SHA256
79d178bcf7ce0c0b4f6bf561b9915fa23fdc7d4e30d4631d16d0934f325b3856

SHA512
921db39a1c7dce8b5ca805723c55b661540ef303bf2496a6b27ed0533600a89c661411a261a84101dea00721c2236b468d5336471c1b74bcb941d90f13be9ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
23d329487f23f3d85230cb0190c2a1ff

SHA1
c6835b624da0f67a4e9cc72b3cf8068e7011a2a3

SHA256
fa45d8c25c0f7a53c5d87b1f9751a5fa630490b62cfcd5fcf68ff32c34935df6

SHA512
f5b2453474d18920d605e3330247896855a1cfa46cf04165aa189793409fd9da84a21ab3b1e37bb452e38ea8112e87506edba6f9ab6ea0afd4e43efecec09b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
511bbd2a88443e7f8dd80cdda4e46c6c

SHA1
b805732212b21a749abdbbbca996debcbec904d5

SHA256
e072c3e300e61698340b0f6b1f0ba6d31dff37a4ce1024f520f4f31b8d03f372

SHA512
51dbae065d5889350bb710a65e48133612f895968bde0defdb468083d3590cb16455ac716200b764d99b440ff23e84c59e9f16a573cf3efbd51c8e8579154490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7beb77c0791f6f78b8b91cdc75e59111

SHA1
3820645384e68673b05d0568b4f2206dcab98b23

SHA256
d45937f3fddfa263ccbf61add963049a0dd95fb94ffd30974f84ab34f86e9696

SHA512
f7a545f57f9a08a01b57c323e608a04027b0f825f9e75b139837255ba63e0f144e838b44dd190f02b3f735626d3a0e95029b544dd096ee37155e9489851ddb0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4959b0a734532932260b3659449f22d5

SHA1
2b41004e6657702f8d6ce3cb6ca121ee29437db9

SHA256
7d8987ae5d5c6b31f6999249f1a5280fb66a923e520f20c306caa8fe6b4702b8

SHA512
e8c50538f968971bb25d08be5cc06af4f08b6daae4280d428b79330c5f05155f5236c8729de89a96a765ae3deb6bd442ad599bf8dc44d28ba715f67f1247e7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92059f3525693c742ec094be6e273304

SHA1
eeac3ec66f54e3ca9699fd65366b12197bedb72d

SHA256
d44b72dac938ffd083af9790581db91f9ab7a8b23daf7b9f206501ec0ec123c3

SHA512
5f27bb8238b2d9a24171ac05195299c52c0f78411a45de77e18c0275c83640da3ce1dabc129097b379063bc88f989dd6506aa59b746aa535a41cc0ac126e1bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32df9b34ceffa56df3910d833b311d0c

SHA1
aa2a898860474c4ac7bfcda73c3643eaad944ba2

SHA256
eafd959b0a319c7f692d333fda0d2479f028d0512513256ab80cb6c72b7cfcc7

SHA512
890ad1b057e5a2cb1db8cc9b14c1ce8dcd794983331e498fae7dde25bb13735f8af55bea18ac0e71ce186708f6f1789f9f1f668ebb224c8d786a81ed4a229d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e2a8f8deec1de4a028d50b370b0d8f7

SHA1
118518a42df47f3d31cb1fc84cfb41b5c07414ca

SHA256
824a0f30859ea3ef5bd0c273f0bd131dc1c3908d222ba4c8b91c6249de6c3d8b

SHA512
bcff69e430d92dc36b3409487d980550dea5426a0aeb9c148d5225ab5ca6b4ea5137449202d65d4e888dff80777044346fdb8e8a1dedee4d0d1d5e31cfed26d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f9ef6811bcc2a84c2340138659c9385

SHA1
281190a2277cf556e914129edfde531541b6deaa

SHA256
15683c93fa434bd63d487fbcd832656a2de84138a6d3dd9d6b372cd85a5d4441

SHA512
27e954706344e2d0197d843ae1ab39717f836c21940f2b8b3d21573d398f69e9126d3a88671473cf3ea36521a5e04594ba0be027fcbb208d0e80076e7516d7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c457e91fd70c153080c5e6586ac1164

SHA1
20779d0b38d88e1309a3463b85317bada660f817

SHA256
a706b487593e4da3868bac03a6d9c68921298f6c77c3a18b51138dddf304dd41

SHA512
65eb1c7fdc9cb189d3daaab7103cf8370d7c61466930b82463f0353b289b22d0372587010a9034fe4de3f61ca4a4bcc08503e4e188d81742e07df07d78ba307c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b1d8710174154258ca8c3e3510da2c7

SHA1
47babe114445de0090643471c370fecc5c139c6f

SHA256
3977ee5e367d6c9d4e7935da3538649a17e91544d6d7f136632b7257eef6c164

SHA512
fd09fb69fc8a38695cdece653acb9bd2d1ac1fdcfcbe781406c50180f1016e46d2ecc5519771bdbecb809a00c2c4b18efe843b2b153b81514204b0c266609477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96d83e5a6b927c9b6d1ab5386e043a36

SHA1
1c23dcb709953696500244984bc37262d92f602f

SHA256
a3a41884399bafc9529f657cacf3d1b20d0328ac1e2d9533f531c1d475c188c2

SHA512
3a2de9e065c6fd0c7cff37be794901dc3952a194bcc99ab57bcc0ae25b811adda645186792b6c53fe21bb0705ea8add13d19d3e4a6ac71df695fdeea50fc2689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94470b0a111990be1007de47027314fd

SHA1
717ce52fbec0fff3988ecf5c7150e51df8a22495

SHA256
4d4a2c5a5d0ccc9127cbc2d62562e35ba085a9f26dd29e4c73a608d779f0783d

SHA512
e6a619f87532cb062f66e08a24a8d03f18acd47daec0f6dd6a1486ba1eca61368511bdcbb8176b0d9a04f20d18d24ac12c4f1706d4b19a3604919f78dced709b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e95e1777b9ac023446a9274ae15095c

SHA1
95d8038bd2752477268b42363ad10013d305db6e

SHA256
40d6f23066b944fae4136199da11f7864d9b5f556f028ec1f91165e8609649a0

SHA512
7329427cd870fcdc000f073660da817db0b17686def5c99702f8ff4b45017ffd0571d17ddde28f26f1deb1ebf4c93c27fe1df4947ef2556c3ba288b3e7b2beff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2beb2c4abed96973ff0834cb35c563f4

SHA1
e8aedf5d292cf6505aae1a256232f94f8027e3af

SHA256
041c39112cd9ab203f10f166a681be92cb439f66c86a03f4ddaacec6822d267a

SHA512
3323fe0aeb122c0865c85d6a8ef8c43501056c6b30716121102419e5444a43fd5274f47dffd4cd59f8335e9516f9fe7f42ba6c897f4698374c336122fea69449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
98d5516329dd588ed839c91d42dfcaee

SHA1
bbf052b112069732651259a40cc3c8245d302932

SHA256
6cb388faf5c2130fa2a0ec5a9e87c3c8a67670ec4542dbad80351b2526e75718

SHA512
1b8f4d26e4046a59bd7a5d3ab4d10101034d70d4d3f2e16dd211120b3622c19593055a491695fdb4bd664365371df509b4568415066383453f3cc3e19f150292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
8e6905ed74b00604e8ad251293535cee

SHA1
10305c98ca61782464aaeb15c7e6bbe343e0f834

SHA256
4ec8045d50e7eeef90044af82766f18726565791163bd56b5835f8a7b2743a1d

SHA512
0432162a2d9c478641b2295b224984c756a3e4b3eb84a410ec63ba5747113e0c6aaa313fc0d72504658c6748864e47cdd6c40953c19ac5a500c8631a5e5a6b70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d217297f745ca2a94d9d344303d6b8d1

SHA1
e7285b978eb583ab9e7faffdb78235da991c4148

SHA256
e40642ec538c2f924ce7d874a6b27dc51d4ac844fc0c29846866a9a930a277e6

SHA512
ee55347c27ddaab51dd43fbc4227a79b8d288017de0df176649a9994a7d66876c087b3fe93cf359556255c81e880607a2e59a22d368843a2620f71968297a16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ff9ec3eb85a8f6090a1e03b6376b2953

SHA1
2b0634e099cdc3a701fbe8fd5f473a84bb830fc4

SHA256
6558093215c1e3fb07804b8ff753df2905b23933c02844b49c439bf1a6c43d9a

SHA512
7b722fae82b21a3a31cba5b261c739b193a19eefd9f1804a6d17dd7c5c4ed7bdf88c4b63927c044006eab7ec52cce1841954e9d9f66a7b4af3e73d33c9eefc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3dd2b9e7bfd3219324f1a6bd045a25fb

SHA1
3629f7abd0f8d000bf40393b8e27fd91c740f6a2

SHA256
a6bb82fc3908c6f905b0c36680f827f90b41f08b50be2a172ad58017b29a146c

SHA512
ef849ec136a0b1e1dae923db230a646694e24e4cbf9cef1382ebaf500a394478fac83ab08f1f75151edd89da7f6ea176093e94f4633fed6d818bf5ac1c6a359c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
81f41672538d3f656454ce9b97a8415b

SHA1
956a95c1584a6da95b6f4262681b883bd1d53d89

SHA256
9504c9c638a8c92b7f142640c97301f46326a4a7699237912ba41805fa6e43f8

SHA512
676babbd1d5ab2eb55ca340798e501646c4c9803fa28e76135c924e47df76efe72112959cfca83596f90367dd971f7868ad64a90bb110684d5786bcacbf03461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92c83513b183dce948d4b817e0b4bdfc

SHA1
a51b2f0c7d35d16dc8b5c4eb2b078cef59722cde

SHA256
378be4efbc4c65b554537d82dd26c024aded21fc836edda78c3fcaba31c5fa4b

SHA512
04590c3effb098ec1cfccf1e195cef460a115cb80e95bb790b08cd2676ab3d7fb8ab1cb133583ac982ad189374dd325c7a6c39b234e5bb577162891cd0821831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b17c5334f981fbca3a6ae2c36e1043e1

SHA1
98368355acd72a72fdca786c4aed4dd7bfc0803d

SHA256
677ff721c6ffe4b1fe34a1da7b3550ac106759f2733840d8707f71a1529e2f46

SHA512
9967a1945108e7abac37c4a15374498cf17928aad4bfe61d26f4987eb01abe71e0150373943090a5f5cad5252b449a77fde100ec8ad4730ddc84456864ade367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
7bab2347a84a9e410180e7c13bb62ef8

SHA1
8b1d27764282284259b373f14b1cf9dce7a6e76d

SHA256
99cdf7677be03b9efc60cab8db8d9274c7adbe62386516700d39e6abcc142e1f

SHA512
aa1f39a26a2053c95e161a4cae755cdb215359a8a8f44a077936dcb428fb2d7e4f17af427ea8c4b71d99d10ecec7b38ef3221014a40b1f008e4a48e011ff3b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592e69.TMP

Filesize
203B

MD5
f363292dfb82850cc52ff2dbd08684bb

SHA1
0f09462fb7b4b42469183c61a301368c1badd5a6

SHA256
0c86b94f4e2d5b0428d954835e79b7fd47898ef0e13ed8756324e7af366fcc2e

SHA512
c6f3d2b934f3b1091dac15b2a41f8463fe9346f3451e1f014fb9135c5cf1b65210b739406d779fcb19635c837c6541f7d9ced51cca3bf2559546395e83ee94d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
15614e452d4d96cacf2cd26d2aa2e044

SHA1
df0132b464feb626b92707f1ea3417b50f78bf4d

SHA256
46bdb9b97f8881d49bab9c626055c8de49caed9a270ff8b2ffd1f5d62b2106ef

SHA512
94fc46fdce976c8000a577d4c3bec056689869825be7c5ac5b4b42b72c0fbf940e770f0efdce71854f70926f231a55d5e4f84f53f13211b0d7ced1c12ad78ab6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
72f4f291e0c94530d3aa6815bc0b320a

SHA1
0cc15d35ce814bcfc7cd47a45b7e3ebe60e90d84

SHA256
a0c7ad7846d2340728b4bc006239bf045863f757cfde1dcc81d9bb1275e3e381

SHA512
39503e6fe34a1534d7c4150638f3ad10ff794ab673de1961dfad1cfb4a60967f851ca3dc42a788f55fd44c9dd37cdddd0e40075ec874e32c6165bbbbda785c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\F750.tmp\F751.tmp\F752.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
9e1b4da7f38fd6a3aa133c452e08543d

SHA1
fdba8094822b48e73a8f8c625a7b0bd4c58f684e

SHA256
419ce1692d6c081efb5bf431ce278b5dc045c7058ce10a0a203e07fe0bd05321

SHA512
6d9d01dda8ea3d6f515e362e2f42f799305d39cc970be02296de7d70708977a662ff4ebf9a9304830e6ef7009d0319e1acf13f8e57d28c92581068426926ae0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
16KB

MD5
3d9d5d6568266f65fb4d7d8ee3abe360

SHA1
c8b2fe12da1038496006f3007e8c69d6ee4ff1e4

SHA256
b2132c36b799b207bd073bfa914cbec02d40b976997ac07c9a1f04919584064c

SHA512
ed070fb36bafebc471ca3b789f8d7a7659aa30d2fb69cfe867e0d0338bba8d0cc1db2ba41c22bacb5e5c521e4d01f3415c8a500e20ae2c73cb6602251dba195d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
664048414f94f11238d2b02ad3676006

SHA1
2cac6373dbceaed5ab0347f650e20744563bbd32

SHA256
606c885d1d7c76ad067cb82e8a5cdd93551b9f803a910ed245f809ab1cdc7d68

SHA512
aa5329c99c4d169f465d8d06237a82da2f201921689a360be95b47e8b9ae25ce07d578a95c80facda71d14077aa497879ec6f44ad9e406a34a0aefc7d5aaaefd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
d51c0f934c43ebecc34938c19f9c7ab7

SHA1
a4c0ed509d5881621c190ce00f77c58d9a79ae35

SHA256
b17483d12f6270bca89c2affcd133b2d7c074a6c763b7138fa1dbebc8dbc6460

SHA512
cbf28ae6d38d077e5affd88c537003d029cf6d6c80e731dab5fd744f19e8a7d0a1726ac13174bd6712e8c72f4e645bb45e85dd857edd784398bf9e7612e2d56c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\2b4b0000-82f7-47c8-87e4-ca90ef0c5e9b

Filesize
28KB

MD5
03489efbcb4cd5bd1badb6c0ca64c8b7

SHA1
3eb629e3cd6c691311bd70c151dbba208dfbcade

SHA256
f7bee0d3af8bbdd8e2b94e1f7ba9cd5e1c87894442e9a43765ee063d20d51b28

SHA512
6b4ef1fac8b07f66c4cd9b8073204a4096c9f6714336665169c6fd032c4e1590e3593058d6b654b976e894a5d64ca9861d8aad92ce9a5974fd1640c57fee8ace

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\83e45ebe-3044-4bb6-b5b2-23724806b68d

Filesize
982B

MD5
e2824283d97cb617b5f011483764126f

SHA1
f254d4ba4bcba98848a637161b997443a8df8384

SHA256
d437c8d64835b365cec2f28ecaf63e4bbdc79558f638499adc2bd61eaef8a093

SHA512
3c5bac4ff7b22817a22b97c991c89d8560af61e04e34368f811726792ca3a3bf2cab0c30df0e926c19736ccf63a61b0574ce426426d34ef3d781c22f348af20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\8fe93b50-35e1-4b35-9616-2cd9bc4ab15a

Filesize
671B

MD5
5d5977c904991b25b5d5c753d6fff9d5

SHA1
63732a9868117a237c16fb32268700e5007f9757

SHA256
6097576516e5f7cd02e09b475399335ebedac8a13b1a8c52c8cc22066e5b31be

SHA512
2e12c6e0095bcb390bc385b794f98c0df89d67de1b465ff3cd32336b8506602aff89a468e5263203aaf437c624d300f58cf0aad2fa6e1e01871dd57083a83605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
490717c71c4153ffdda0a99113429262

SHA1
d430facee72cf2625e36ecf989c5b8159e093f9b

SHA256
cf8428eaada8bd4be24a004a85cb0dc4d10c363bf551640562dbc20c774073bb

SHA512
4fb77acabe01538b4bed3f4a22043e66d4fbcbea48b6dfa237148abd6abea4e928cd6e24c305c42d1b7a04a5ab6c42212141d0a312c1528272d99c3f3de9e572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
14KB

MD5
01c166cf5db65c16e8a5f9a638f38d4c

SHA1
b6ca70ee5dcc9a9116cca5b5302441feac7ac47f

SHA256
fff0529d10ff0a2aa9ef4e85d220af24032de5a5db072b40368bab06ddd0838a

SHA512
09d301cd6134d3668405a38f369fe337925663bfab778f816aaf875efc2505d08fc678a3a11585781f1a43fcfe53579dbcd967284650188b07d8cf67d9a5c188

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
275ac1d72a1ead3379e0fb8d54368c1d

SHA1
e412de654e07bfa3d0825c8fe441f3db050dd62a

SHA256
2842574cf27787e8cb339bf08c6b0a6ea0a82e8b77bc421611d3093ea4d5e3a1

SHA512
59a3af4c13a3e36c0797641e971ecdbeaaa155a029b847c6ef29a4463596003cd516302ec57851e35e01420d90e55c63b513e4c3034562b7a489d443a9013d18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
e0901605a5641dc173ca37751a0af0bc

SHA1
5b3e7e478f55939e3793417e0e1643813920f1f1

SHA256
660a843afe82ce5c9784275d84148bf858a15a05fafb5db945011201cb542543

SHA512
0b70f9b8db1ae18b194ee304a0da34a33e6177eb5004aa66d3861041472fc76b2403a879f5db0d842585525b06c17f7a980d8d9e9302122169436272990c9ad9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
ba19c41482d7ec19acfc026f33d45f12

SHA1
dd5b368ee2043a4a7a50f70c2104acf7c4d12879

SHA256
923886a9ae89145b4546839e418659d0da9b00353ade21ab994e575ba8c627c6

SHA512
6e8f17487f65882ce5f5ea8283b454f1d4e57af0f676bfd584c6bee05aed0c99228bf3f5e9619ce22753fdfde4b29214eac0de71e04b330a598d59fce7076cc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
a4133e94ae457706d961f9eb6e23171a

SHA1
559487318a841cff0569486b39bfa4572b8c65cf

SHA256
e6a3c86ff39a35415168c47104365dd5096a444b0bbc06b4f5c0d6f853bac82d

SHA512
2214d914481973ada84fe5a8fad5f0ce9856332369fe763dde5e24bb1911e64d2133811ea9a5e550bc3d5c88e8f39244e5805bd92f12f3d979cc20ac840c3165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
2dcb4258e405227efe1e5b1132c33295

SHA1
b3d7d8c6d144975abd336972cc30a2912f91a7d0

SHA256
b080c228dfd02afb44e6ce332750072cfba60ed4374039d0d8137a9e2a544a48

SHA512
cc25a0108fb68d1c3c9db6defb34e61a4f6ab837e844231dbc7659a9370d73707c91cdbf018474fe54fe3ab19eab636974448b8420fd6487bcdc4f15566bd44a

Download Submit