94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/08/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe
Size

89KB
MD5

331dcbbc8d2d6011d2696f546d480403
SHA1

4e4901e1183cc65020b57eb1781ca1cd0aae7e43
SHA256

94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2
SHA512

9c26f6b990e89985d00fc43cc1e563ce8c47868ebcf86b71cde6fa476682995525012c76afc036797a1b8a43877ead4144e11f56ecaf9e2f2d2cd4b2134600e9
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfxxL+RO+:Hq6+ouCpk2mpcWJ0r+QNTBfxC

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685079632620885"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{06B83BA9-D37F-4BFD-80F5-4F030FF0B93F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
972	msedge.exe
972	msedge.exe
2032	msedge.exe
2032	msedge.exe
1452	chrome.exe
1452	chrome.exe
5236	msedge.exe
5236	msedge.exe
6380	identity_helper.exe
6380	identity_helper.exe
5976	chrome.exe
5976	chrome.exe
5676	msedge.exe
5676	msedge.exe
5676	msedge.exe
5676	msedge.exe
5976	chrome.exe
5976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeDebugPrivilege	3596	firefox.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe
Token: SeShutdownPrivilege	1452	chrome.exe
Token: SeCreatePagefilePrivilege	1452	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
3596	firefox.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe
1452	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3596	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 964	3056	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe	81
PID 3056 wrote to memory of 964	3056	94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe	81
PID 964 wrote to memory of 1452	964	cmd.exe	86
PID 964 wrote to memory of 1452	964	cmd.exe	86
PID 964 wrote to memory of 2032	964	cmd.exe	87
PID 964 wrote to memory of 2032	964	cmd.exe	87
PID 964 wrote to memory of 3084	964	cmd.exe	88
PID 964 wrote to memory of 3084	964	cmd.exe	88
PID 1452 wrote to memory of 1504	1452	chrome.exe	89
PID 1452 wrote to memory of 1504	1452	chrome.exe	89
PID 2032 wrote to memory of 484	2032	msedge.exe	90
PID 2032 wrote to memory of 484	2032	msedge.exe	90
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3084 wrote to memory of 3596	3084	firefox.exe	91
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92
PID 3596 wrote to memory of 4900	3596	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe
"C:\Users\Admin\AppData\Local\Temp\94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7D88.tmp\7D89.tmp\7D8A.bat C:\Users\Admin\AppData\Local\Temp\94d3cde33f3048c96b848e5150a538171cd021b4422bbc00faf1b0423b8b4ef2.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffc368cc40,0x7fffc368cc4c,0x7fffc368cc58
      4⤵
      PID:1504
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1824 /prefetch:2
      4⤵
      PID:5068
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2100 /prefetch:3
      4⤵
      PID:8
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2152 /prefetch:8
      4⤵
      PID:248
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3148 /prefetch:1
      4⤵
      PID:1412
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1
      4⤵
      PID:3764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4444 /prefetch:1
      4⤵
      PID:5392
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4572,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4600 /prefetch:8
      4⤵
      PID:5900
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4248 /prefetch:8
      4⤵
      Modifies registry class
      PID:5988
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:8
      4⤵
      PID:6460
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4864 /prefetch:8
      4⤵
      PID:6564
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5052,i,9170840602361652801,3699650589799998159,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5068 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fffc3543cb8,0x7fffc3543cc8,0x7fffc3543cd8
      4⤵
      PID:484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      PID:2676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
      4⤵
      PID:1376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
      4⤵
      PID:568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
      4⤵
      PID:2992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
      4⤵
      PID:6880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
      4⤵
      PID:6888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
      4⤵
      PID:7052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
      4⤵
      PID:7060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3052264786607844278,10166014992395629947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5160 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3084
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3596
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f835b204-12ff-4172-b53b-5b113432e88e} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" gpu
        5⤵
        
        PID:4900
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47ba180e-4d12-4183-9499-9532d6fcdd93} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" socket
        5⤵
        
        PID:848
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3000 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 3036 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce7cf0a7-1989-4ff3-b080-dae4995b10f8} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
        5⤵
        
        PID:2516
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3260 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f19a84e-04db-4cdd-adeb-0555814bf9bf} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
        5⤵
        
        PID:3440
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4216 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4236 -prefMapHandle 4232 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd327fed-b16e-41c1-9b91-d5ceb9e311e9} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" utility
        5⤵
        Checks processor information in registry
        
        PID:3056
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5340 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {149f1830-0421-4f9f-ab69-5d58fdfebf4e} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
        5⤵
        
        PID:5412
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5248 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {984a91d5-4c34-49e1-9559-a56904208cbd} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
        5⤵
        
        PID:5424
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5748 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b555edb-f2a4-47c8-8d67-52cb64ea3f1d} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
        5⤵
        
        PID:5436
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6164 -childID 6 -isForBrowser -prefsHandle 6156 -prefMapHandle 6152 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02534f6e-72af-4397-a99b-33d0469a1f6e} 3596 "\\.\pipe\gecko-crash-server-pipe.3596" tab
        5⤵
        
        PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5188

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
82a53f57cd35e16451205973e59ffcaf

SHA1
a9db8621bd525f489fe1f40bc319d6478fd8f240

SHA256
de595f4ce60b8cfd674f6d1d6e9a1f9bc60ee515b83b9c83762a57cea2f4a69b

SHA512
ae10c439b5953aa5f37b78eadce6e237ef9073fe55db213f6398b576a4d395f767b69386ab0bfc8a2f359dac0bb33b5496fcd568b12e4eda26c6a83a96337eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
12bc9f9684c3f0c3d8adeccc81662243

SHA1
19d5a9bcf71cfa279cf337e847565aafa25ab397

SHA256
d676db29dd51b7312fb6b8d85c509bb2828cee2d5d65b12d235bf6ca707ac30e

SHA512
a40a7d643d4caea3789a59327387c795454fa17f01eeaef26cea4a3dcc024a6d9d23ddae43fc28609c4127d679b31caf680ed0ef647d87f5d548d49a63af6156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8e34bf39830d8e4dbb91d522f852762f

SHA1
d77f1b82002cc1614fe2d02c70189cfc2fb93140

SHA256
49d2243d2a83e0378178c1956fe7105c1075d4fe8d70fe5f564c67abcb2e32c4

SHA512
7e319523de7efe6a744bda8c42ac20dbe5d0794abc6f60b48d73b44c8cd796e19e729bf013bb22c8b329a630c5c02f30ed44a84ddca1da05a790d48a2e027c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
595042c9413214f72f6ea4ed44f69327

SHA1
1d0cbf7e3092a4abb823476f1e330b90a2862472

SHA256
c4903393f81b1a4da244455ba3bf14c0d936b1bc82c40a18de21c27c2f293026

SHA512
a3b9d49a890424502c895860648bbc69008e2cb1fba2306bc1f7098f26346954d4304c460cf280df52bbfb8f9ad4ce7014c0c481a507102f6f883d3a1c7f986f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
84bc46b9311304d46b3f6e0949757b04

SHA1
861e45cf92bafa6420adb95182498a9b86e99fef

SHA256
d5502f111f4cfd8b74139f7649a790bb8182dff163e3d5acbaff9228bda94813

SHA512
c294bfd2e0c534bda45f7419ba497c37b392e7d1b6688ad1f6114f71605e2a1fceaa93c509dc6f8458d51dedc8503243892ee5f8452a5b3a3988d94928f8094d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
065fa5a37b6c77cb222e45415f122f8a

SHA1
179d462039eac68fa164a12b3ef74a081650c958

SHA256
1ef7465386e4d454affa5f19c8191138c50ab073e09543fa85eb20ec2e4e5256

SHA512
e07c15c1c5f6cfc83e9a91b80f5cf59c14bd35ed028553d3b1030c50fccf3c562c8b8389c11f4a1995dffa5721885f3ef46df7ae1267a259c21d2a387819941a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ab111bde3923cd68bb52d471ce3a27a3

SHA1
687b465afad39a1e3632b28b87befa0a2198dcf5

SHA256
32dd9e7bedc2e78e2e6ac876583f96daade0c6de06d897d45595f01cf603e367

SHA512
0bf2e1f039841a4efad14e00dfacb816d32fddf7ae880c47055b13b0bc57525ee87b02ef2aa31f82af56640b439b1524f822c79c89334ba0e3a340d6ef20408d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24d992de07a65c5412ebaef1ca13d436

SHA1
f3a3857bb1018c67bc82bdda9fdeeb247027d7ea

SHA256
a7d57153f4d3b19bccbb786c4e57cbb6978311ba28c75b9fe40fe82ce00ce4f8

SHA512
6686a5252ab8c15124b7c3a333dde37aa46379975d73ea83b6f11b5da28916f309a5114b9113f5174e66693cb2dce8a24aba9cf6b3343eaed09fd17fce03a938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec54c157b1fb2c18b9c1eca8db84dfc4

SHA1
a58324502e4962b5c5327b23413d30f581f9f14d

SHA256
623b9ea91fc22b62f395de300b309b65eb4ceb221d1806f738f9fe56baa2c616

SHA512
89ba270757827457c710b78d3b3089b32fab83ec799274a6331d5df1826bd2e6907d9076baba146efb8a222e0586d45a2ce31f31433fa5d6ed629c766dc76a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6265d03d78be8d998e80d839a09315b3

SHA1
1effa5ac46160e21aa69157212dfd8331fa7ab1e

SHA256
eca7b6d1ce68e813ce5b9f3705360fb45967882ae2e7579acc2b2cd4eabf7a7f

SHA512
15c81368373c6a8c298c9b8b5e88a8cf4811cbdfcb7afe9b61563a0af2c61a99f0bbe18fa9f58a25c4a2eb499a678a0bde5e58b3baacac0dc9cce20e5f9c6d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14157a539aada2fe121943ef5b144a5d

SHA1
96b751aef70071745a304c3c4cdf8c1436c5f834

SHA256
dbcf4821f7a3a1378a6eec9a1dcdd67176990868c1b93503fcb1e22cea7b01f3

SHA512
4d73f9aa1d240d9b8032ef30cec48e9d0202ffaab0a547c96d84163c8b51623d8c8633e3aa4b02d58f813d0f056c666d17332c1d8e5b9aa55438023423ff872a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0735cd9c9fe066f021b3ccc52e0f8bae

SHA1
ebb18b64d15041ffbfbe753bd6f9d4693b12e312

SHA256
789d90e06481db0d66d259473967805349e16102ac0cd480c445329490667e36

SHA512
a319f368ff65eaaef893d2797620af6cc0c0b074705d679642881aa252c1630449517d5c94a80e0e64c6decb6dd76bfabbcf23ef8b398c29dd7a4dbb16a07f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d187111486f07f580e69e968ae4eba34

SHA1
891f0f466ac2f639316ec893e8beee7f63dfab92

SHA256
94873f64887e447eb73de073071b501c174ee462950be8c96f5b5eea0ced1654

SHA512
070a47dda7ed36a0de477b9ad0d428313a829f902a99451732d3556fdb34cda87c486f68c2751b55ed6495464482af676b272ad63ed7904b8c3580b59d9b0e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4576a12304d77384a654b0c3929df5bf

SHA1
c6c43d646d2813d317a33a283055006c4492538a

SHA256
883a5c554baada98ab4944f75fc61d0433533a6877331a0c9f2b8aff0b5699de

SHA512
86836222d07122ccab1123d84ba53a56ec2d103952e4b36281cfb82988d9fb88bb821a1d2051f38c34f9a3865097d8cfab7f8fd7be54c2a243e12f2e81d6eee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf237b018a3320aeff530b9ca14870a8

SHA1
d885a1836c3f50a0cba3691497a2ebb11d0bb7ea

SHA256
0ea04591f373f481db4afe38bb8c19a53b59357a04d676cbac8795aac529c553

SHA512
315682a00b4b80cabba8c02553e55b5352bfaa24abaf5b06b975065bfd0a43a47bcaa09f409846afc718e1fb5cb532bac3ae20f024500433208a2adcb407b56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
11fa94f154cc8b2e8bf442d22f91386a

SHA1
88eab911336b85c345664fd5a72aaa0a2884876a

SHA256
a25eacf500e8f623b279fa567d59e5ccc7b3f1dc2d66c9c20b126d0f200def41

SHA512
fc003ae7e89790a1ab78c2068fd786c0810e013180fe4851d9f9bf9fa43ea8b62a33e76677f160d661cc12b2002a95d6a152d345d4eda85c5b24ade5191403c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73dcb6c02582c08a17ba32e49abad80c

SHA1
53dddd43c175ea71d5e785b4d6a5e05e5f5f2c01

SHA256
b8838db3a1fcc1ccb81f359fac9b19ff5cae2ac1acf8e5215df05e8b1c0ca917

SHA512
a87e64729a49677162fa9dba8872817c918898e17bc99def6377fb4a3d269e3eaf4b04473a715c9cabdebf573c39fc28119870e4a0812eae0ad42c04d81cf29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
45385f126783a50e7b371bb8e554c290

SHA1
9ef8cc848205428d3758ea97640456f6146c8619

SHA256
82732b061e37279d6ef2296338ea65ccb94e26f5cd5944300e700592f7fea8c7

SHA512
e09930d1f55ec32dbabb4adad618cde3e5b2b0c33c05f7c2e3eb815cb7aee97deec609246f9837faca1dd0abdb3a6c5748ae26bcd2191f64b4e140e2d0bfdb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
e6263363340d1222819e32565efcde8d

SHA1
fc522153415db0ad8264ebfde40e2bd50193c5a9

SHA256
ad8e30b86c0d13d624221ae0814489d354d3292c6902227c4593907d994dd2d2

SHA512
622d1d599e084bb3b2b56aa094f56472ecaf913ec7badd13763851c195368b473ac1a05be793449839b74c4ebb1255c7a1e86dd6bd50d8499965b1d5c8989444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
5f2b1c47183ccae9ffee5892c74ad387

SHA1
5024f14bbf977eaabe4880c33b9871f0695ec55b

SHA256
dca93426504f1ada12c56bf349bfed77ef929315b8292577c47925a1dd60e424

SHA512
22ce71c3575b4ae64ab4e08ab72ecb47583e623686b191c591d8f3ee31f923680d36cb5ff19a8dfff82fe09eb1e6af296b6cae1fe91e103680782e5576cc345b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
fac33d3c0065434bcffa0190326b2389

SHA1
acf66c1437d525f7f1eced02b4d24b8f157ea94a

SHA256
94c471794a8be433e116629be6394b9eb4b42d76863445b574ce44d8dabc7f57

SHA512
48552a945c7e6813505429a13ed33e8b512046d179bb1ffb4cdce65d1227a3daa9b7838119089ae418df86f5b4a6d152ab208dd34f52775ee2744f1a153daf41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3dc597c4ae6db2309c40d179228d8c3d

SHA1
87afd71c9924fa2332094d125a35a02c4695e389

SHA256
4ce3fb3c64add480ff49405cbd1f962621136e5d9ae4b6f39cbe7b6c61dfa611

SHA512
f1d28d298dcae860126a1fd2f7f646c01be68b83dcd0faeadcb07090c30c90fa1627a119720cf58ae9cb1b8f32e1e065a17c3486ea68dc502e0291616cfb4cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
23db1f641ac2cdba152c1618e519872c

SHA1
210f9845635aa7e5ba3c59a15d6f4b6d80fa8ded

SHA256
8af01ae6bdfb916f6b6a77b9264af94451b8ca9a3e6c618f6dfc9c21f093655f

SHA512
e65aa3d70c2578c45834a920c3fb543e5ee7a3729ec8dfb8576bed360a940b894b3d3fbf4eda980a8919fb5376554e7fc674a511a816832eaaba416eee9b750b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aaf3691efc21cb4d18597834197d3ccd

SHA1
dba65bdc91be1f4468dfa897eb806a1d96291141

SHA256
2ddd856e8f29ea937fe5bd836ad3b0674dcec00aa61c140908a4693633e8ed6c

SHA512
a2c02324a45efb85a6415a17bdbecb03e0a713f6f0152ef13c04e775236ba177a2c5125b27234009c56cbd75470b70af474f50075bb48d7756e6047aba7f0c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
223ed9bdc7686db4f9f454bad2562b97

SHA1
a55c167f5eaabf500097aeaee5c5dd0fe72adab5

SHA256
d9cda92cb872dbeea45e27054ccb3916738cf1801b909961269cb47c1264e4b5

SHA512
585156bf7b2ef7dba1557de0add593d703cf6760d535901024ef0372179d8805fdcecd091bab5b5aac2be6605fe0d4f119988e38b0078f94ef587ca03d340865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03da26675e35f9c6b60cf3b472917351

SHA1
54d83bf9ec41ad9817b21e152ba961c58f951409

SHA256
0334fae707defbdef3b39d4d3c286b49fe1c2b57064ba77df9cb93dd9774f407

SHA512
fbf29513465e6b72bafb0b52ae7d41e60602f2e865dba6620a5d20f3e937f0077a6580fd43406307d3dd51aa35a9664d64551bb748e8dd174909493e92cebd6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
de10f9f52b4b91af37e38abe582c1b00

SHA1
b919b413a1c126c92d5117158dc807f4be91f1a5

SHA256
f4bc6c6c71368592e71c9b59f7e475580a7d8b946dd56bde44123bdd4ef97502

SHA512
a72eff20d149d26209203a6bd18343d5e4e5390d76628be3188fc3be9556de42fb5cef8b8ceb89f6bfcc4c7715c3ebd709a8ae1123d2c254fdef3be13a2f2a12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x698r3gu.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
a5f3b9215685585ce9d4b01eb0f89805

SHA1
ff09fa52c2232cff0d28508b6c046d9c7849c19b

SHA256
d6a533c1d468408ed66807a399b44084cd45f7ffb044d9b8520530534a071925

SHA512
20eb949f26136859de2bd24f68d2bc5a0dbfe73b5a9eccc31bac32cea1c621a7b680e6da0a85685e1f85758bc763db56d805921c87d3902690e571af4fb0e176

Download Submit
C:\Users\Admin\AppData\Local\Temp\7D88.tmp\7D89.tmp\7D8A.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
7KB

MD5
83044bd412f4deeccd614eb16ac7bfb6

SHA1
3068d02b3b8eb3178a1f9648403e1689e7dc47d4

SHA256
428a6ffdaf4b77d8d108375c4661b9d8230a10d8dd500163cf34f7a62d6c222c

SHA512
5d98a552ec2f0a435758a071e4e203dce9fc473d583056ff298726ade89c5235fe3153e835d1d766106dcb25803a3a29658c2e70a45071d1fad1d00ba7740d3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
10KB

MD5
b89534e72844c2e1667385bee48f87c5

SHA1
0830d2a00f8f29305077a6b21b85c76b09bec920

SHA256
ede5af5ec172ae9390d2a63b9a3eedce790512152f3461914fb0c097dddb3313

SHA512
d7094b8395694eb8fd5db8b6063cb8c41b547d638f78c176588d8adb0d4c2e1398c8b3b1dda81d4e40cff7e2271638154145456db8d10912beba9dc9c8e2ff80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\AlternateServices.bin

Filesize
13KB

MD5
1cb5fdc4c0079bc8e261885855ae4eb3

SHA1
6646861b43ad4de77b64464da729d9f5f2397a15

SHA256
7ac0e7f8408570582f339b9bd78723368c6ba73c9ee2320b45489e7cee6a2806

SHA512
c8664e5eaba8b818b0d3da17da30173959339e00034083568a7466d94de6871f809ffdece93052e7bb4f2e65a904187948587c51532b11a8dde3e4b43149c5a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
174225e15ac8c4041721d21e0e24fec8

SHA1
17441c4fe0206594315d4a4e1a83b5a5645de791

SHA256
d800d372ff6caf7366f365ff0fdd7a46cfb9c339861a8f5d22b91f36c15e0aee

SHA512
044b42f77355485d5cce6ddc29a67c682db3890fe4f7a14c41ac073442fb892d2e6ea8d32f0d1aa1571d5a86a8efd43d5004cc3bbbce68e931d4ce33170110d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
9947a300d401510ce086e0355a5085b6

SHA1
f8551edf0e85c138fc22d15968e2aaff188bc582

SHA256
2c3e28ac1f6b94de865dfeafc42575836bb54645df47e768ee1b85db1b4faf92

SHA512
c5e7ff7b543f070e78220a325dc5a8b3d0ffdfa44e53bfdf74ff285a807ff0899314ebf0591c1bbfeeabfcc025f76aa6b4eae343892a07d2053a868cee4a4d50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
b0a0f6bdf091ffeb2700f9145c9a2546

SHA1
55e42904c71de9b6fbe6a8eb5abf29e56a5938e2

SHA256
9cd78d77c419637c43d4394c956e40eaaedce6fa2c03ed1e6141d7d49a25ead8

SHA512
888c96dd1a7579fc0ab7c414e1cab79391180a98dbd83c7a19a19b3c380bf7909005a1ff12ea4f401b2118bd613b96d6d53517acb928aefd1d7135e7c5cea481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
9c9acfbc3995fd737a29e500eebd05ad

SHA1
43bcc7f8b10c72eba82805f65610a25bb55f2572

SHA256
a58dba55644db3ec72d08537e6c69ae7fccf4a0bc81c890ec49a6e563da75975

SHA512
fd6108c8cdde62f924ca6576545be0972bbd11544c2e1c1dbed622f8269aeb917897da254221d08a86d7f3d7d2f23f74f72e166a032c715b5e3405771de0ef09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\01569277-1a52-4d7a-ab5f-f0ce208b5d0b

Filesize
659B

MD5
f6a4454009132185b953e6815dbc009c

SHA1
6a1e47eadb4457123354f781feb16ae9c3dd74f6

SHA256
241701e2633690360ba5d0b9c4265d1b3a6e8d7594df5ee59192b509f7068c97

SHA512
5aacadccd610f3126a546ff3b421e63d66dfef1c90958205663b3b9d25be87846ae65cef200b4ad8ed9855a36d73c43628d20eb2645a155b948e7ea3fe87b545

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\datareporting\glean\pending_pings\6cec1359-2e33-4732-9ee2-38fe32d974d0

Filesize
982B

MD5
370e04ca36ef44cda96cfbb132e38304

SHA1
dc65cc53815a0c03fc443ccf9bbfaedc3467ac39

SHA256
81b45224238db83efefa80ce0a2bbedaa1f4bd30305c4814368ce286b2c7356e

SHA512
648b32eb018dd91f54e8c75bb6a9bdcca0361aae0a793b65c785d90d554d3bc7f139d8a00f61c4b29d8ee4bbbbf536bdc02c24115674f0d0c6d8b27ecc67e2ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
12KB

MD5
0d30e1d9570b04a8384f14c01b3b2c40

SHA1
e5a84a04aa10681511ac883e32f5332ea4ce1192

SHA256
ebab0993f55981777adfb1e477a31089fcfd5c0058dc1a9ae228b01ed866cad2

SHA512
d78bcdc2b90bdb9ab78ef78b81d6841171c46532e64e119e6fe179c8023f89e6c45ea678546932e773cc369f901fc809893d5ba250a1bbe09b38030c5e236916

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
16KB

MD5
5a875e03bf45d5b6d690e357d5924c3c

SHA1
0f571e9a5fd47af7cdcede1b1a3021251ddb02eb

SHA256
821c26c95b8ea6be4a30047b7bb6679f4d9f94f3823ca7849913e15672b4c828

SHA512
6a731c0320865edcc56c0a8a962dc4ff3b15bd6adc1970887d7d1138ad448ef9ebeb726329e278204593c6cd7ab10b21e98bd0a12a0edf9edda15445b1ddc29e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs-1.js

Filesize
10KB

MD5
a7f0bee21e83a3aa749e93fec6aa222e

SHA1
523a73b9e148966f3b98cbec364fa3628336447c

SHA256
139335e22bda6becdfb66e89a6432c5c4a866fdd46ac9c7b993581a5e4925367

SHA512
948bbe04ca54a376531aaaba9f46c5ecd49ef0ef4dbca3c467ad4b207adcc72a43d9b493125a9288c155681bb62f07492e6fa8aa435f10732946d15f0186df9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\prefs.js

Filesize
10KB

MD5
5751cd12c692a88f082b20f40290cde4

SHA1
12ab2dd981dec0e590363932e758ae58640d649a

SHA256
46f1ec7872b8453628a597c91d5484ed8c95ef1abfb24fd784c1467db0cedff3

SHA512
b52c5530086559d4c20c7cbc838c0b70f7c350ce1c91b9a730c4251325875bace16370a7e7d8c504e2e6f9fc33cfbf7b2b8fe1de8a154f5177453cbbbf582d06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
da6bebc8a77d64d47b03103fd30d127c

SHA1
50919816db8ab0ae3e1a25bc4d9bb33658c6347d

SHA256
16eb8a087fffd62921d0b7a93db1330970a884badf77cd922beb236192e35331

SHA512
97e4902fc89c3b89982d0e032f52c979c6bec86920feb45e2bf8cf0b3fd20085287ece11849069e9ae71260a1949ab719d0aebacb49096a3bb709828d3370db4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x698r3gu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.2MB

MD5
2e950b5b49da0ab87122f15697b9ff93

SHA1
c947ceea4055707d435b8e90d55c9b270ec4c214

SHA256
bab9e2e1b41057871fb5b4e1ed903dc6a1e9c2d4ad14ebfc21285f193ad8cd94

SHA512
f3e2bca1b0b4a8b89ef4cde566efa8e1172d78f474b4294a16760f70235755fee07c6abe835019101744b0a2fad7a4bccdc656815762859538415afe6a8839ad

Download Submit