92b2d2a44e57ae9d47806eba7e62ef0d0e3b152e822803845e9bfe74adb6efc3

Analysis

max time kernel
148s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/08/2024, 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rbxfpsunlocker.exe
Size

605KB
MD5

09d083f0e2c1e8a3561209902333ad8f
SHA1

d9692d3aba34a39aeb9e53cb3d25562b94e2e597
SHA256

83dfcb08ea4aa1b857d952a8a177db775d1a7e9cfc30b528848a4a29c8dbf0b9
SHA512

c71371263cacc4872a4bf621614940f08c9436062683be5de921ae6e509079e25ea380623e8945d40858819a664bd76590defb2a89949e8e5666190f1024ca6b
SSDEEP

12288:IKOjJsDc2+WC+D+4H/xeGofENaTSuGCC709:IKyacgDD+4fwG1NaTSw

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685548701147156"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
1644	chrome.exe
1644	chrome.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe
696	rbxfpsunlocker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeShutdownPrivilege	1644	chrome.exe
Token: SeCreatePagefilePrivilege	1644	chrome.exe
Token: SeDebugPrivilege	3832	firefox.exe
Token: SeDebugPrivilege	3832	firefox.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
696	rbxfpsunlocker.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
696	rbxfpsunlocker.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe
1644	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe
3832	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 4832	1644	chrome.exe	86
PID 1644 wrote to memory of 4832	1644	chrome.exe	86
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 4792	1644	chrome.exe	87
PID 1644 wrote to memory of 1156	1644	chrome.exe	88
PID 1644 wrote to memory of 1156	1644	chrome.exe	88
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89
PID 1644 wrote to memory of 956	1644	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe
"C:\Users\Admin\AppData\Local\Temp\rbxfpsunlocker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0d07cc40,0x7fff0d07cc4c,0x7fff0d07cc58
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1716,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1684 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:2928
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7246a4698,0x7ff7246a46a4,0x7ff7246a46b0
    3⤵
    - Drops file in Windows directory
    PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3732,i,11490150119394113620,3324395406212940511,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:256

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0872c07a-d8ae-4c19-a291-333101894f51} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" gpu
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 23636 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1622a250-e147-4207-9ac4-abff4132cf65} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" socket
    3⤵
    - Checks processor information in registry
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2904 -prefsLen 23777 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33cf1b21-368e-4230-91e1-14e614f548f2} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2700 -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 3600 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {187b2ec6-238e-4e99-83bb-647226fb7c5b} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:2796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4608 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4712 -prefMapHandle 4688 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e20134f-0dcc-4dde-ac55-ec57c842dcc3} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" utility
    3⤵
    - Checks processor information in registry
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3648 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5260 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13a55592-4130-40e1-b3fb-a2bbf512626b} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36b60972-c2e6-45b7-b73e-b1e2651d25a6} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d281f0f-6ddc-45f8-8db3-7ea153f43643} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 6140 -prefMapHandle 6136 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fee1b064-444d-4308-ab57-2dd63cea757b} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:4808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2664 -childID 7 -isForBrowser -prefsHandle 5220 -prefMapHandle 5368 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1440eb15-10f4-4cf8-a31b-73e2e4a0a145} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:5156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5188 -parentBuildID 20240401114208 -prefsHandle 6504 -prefMapHandle 5864 -prefsLen 30854 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {034c6c24-0f80-48cd-a5d5-c9c3cbd48315} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" rdd
    3⤵
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5176 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6840 -prefMapHandle 6676 -prefsLen 30854 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25e94afd-2f65-4699-8d6b-c9d5463f13c0} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" utility
    3⤵
    - Checks processor information in registry
    PID:5588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6976 -childID 8 -isForBrowser -prefsHandle 7004 -prefMapHandle 7000 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f749fd4-f1be-4ee9-a077-e37ecc65a4c6} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:6012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7140 -childID 9 -isForBrowser -prefsHandle 7148 -prefMapHandle 7152 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01080dd-a0fd-4341-9bfe-95bbf8fa0061} 3832 "\\.\pipe\gecko-crash-server-pipe.3832" tab
    3⤵
    PID:3716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
babd86ce044e435741aed2f371c9b2d6

SHA1
763f1065053bfac06f9f1248bcc8bfafbcfed2d4

SHA256
397a2b9dd74e5551ae92f8879655e0a64290f9b319c190adff21fbf0dae66eec

SHA512
8d6df3f14735e8baecd797d95f3cbd0e2bcd0a232c1de9e32bfb4cb84278ee426a755d18f41188bbac3fd7054eb3c82e67da45597ac20f52c5363d63b6dd430e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
10ef1c2f0dca83a3993280a8cc2b5326

SHA1
3786ba5dab0b53b55dac24db3991787a75f60e33

SHA256
66fd7d64bdbc6756d272fdb3051d738522cd54d6575a50bbb4c310336e42f670

SHA512
e2f2707b08591a9157fa3b79c3fbb9f0c458f5d0b5411aeb3c8b081a13d4170d044b36e0fe06cc4c0b4b06b9bbec253b5598c8bacc8014cd09e1c1cf74236939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
682e0cfe16f5210ad86e9fbf9f9f132d

SHA1
9216de509ff799b31ce32abaafe4963270ff1a94

SHA256
f46a9014a7c77be9bb1308b4fca5617e537c5627c292aa53ce8dc3bf6c637cf5

SHA512
6af422f2b940d40370bd6c7a0723075e29500790b6b79bc159aee53f5b4d81cc948835bc345e99bf07e010c517ee15e98cac0d045e0526b0a39bbaf2d6550e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1432506fa68db5c00f25fa9df4966db7

SHA1
8c0bc3ff71d2b22b7b92e5f8b5f1b35d924e9237

SHA256
e2531021318e58b4723b0ec2f20ac7e1f695f5a4dda6d1a25ffe5e992d207220

SHA512
b82caedd0d1da42075623e192faa536c5dbe0a652cb8a49e5be1cd840e774c7ce26ca283b6fe3b527ade67d4fa23209343afc64ecdba80696e548d03813c8e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
701a848ea0b3bf32a4d679adee2d59b2

SHA1
a6bc624ec7f822568cde48512f9c2ced37363b00

SHA256
bf1c6a0a7d0e88727f089f42b3b92fb5789878309e09553a90bd4b61f485a204

SHA512
44e3384d75b5ca39bade05ddb515c15d894e74b8c309e035a684dc437c74dfda647a809167b85a9ac8623d8904fdd200624956e903df4ad64c637f00e94fa08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
097e2e4ff311b2348d2718c83f3ca312

SHA1
1945faa2dec51191090f4524473911735e5bb740

SHA256
aaddb0fc91e34aae618601f9dec5aadc6caee3e15c31392e0f568126e679da69

SHA512
e930c8adf96adb8df0b137c4e675dec9c07082f97d730aea264dad8a3dfad4a23d5b1ac4f8a322580b0bdab8dff061f28c610b151260f47d302e48184b4aadca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d98153e885a0089de9781297dfb5768

SHA1
27a30a11b2295784a610eb638e259f629488ff10

SHA256
ba404619fb1fe6e16c4fedb11a991126ef558a6154d90a88fd1fb3ed64322e5e

SHA512
b5e91933f75f00449c8a6e8e49785541f6d4c84e09b068034353c4bda5c514a1abc2c38928da0045acb4db873bf5813565e0641b895ab7039ad05a30c718ef0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
180411b7cd5bc53d1a38cb01df6e55ca

SHA1
513283430935ca30e51d8fdf41e104d3a795c782

SHA256
b92cf1404b73e91afd4a2cfda28d176acb750ae8628c79a66d3c8e663b75bf87

SHA512
389b281b07b1a0352b658d9009a19df0bc0576aa14c1f7d71ceb65e5275344f2ea9b2b4816d0d88d809da4ecde40d45bd6a224e633821dca23122c3682023921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ffa830ff1661054adaf7e80e454320c9

SHA1
8aaba860da88a5e5866f3fe523260d31d7a3f6ea

SHA256
ac909d171899ceb1d97f96a720a5af0901d68a680ed6a30595eed79ad8d4db64

SHA512
4b5fefa48d8ea0b031deb04bf3e86708ccfb8ba49e03ece993d31b6fc79d2b7e22d195075ade4a7cda3dcc16660bab1e08d4e5190fc0828e478029ba137520f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c70cc2530c5b640643790d51db6cb333

SHA1
00079718741af45e3f811e5b99f2e74b413d148a

SHA256
00087ed3ee63c84a4c1a5ee4bb1b00f9a9f7a4fda0bc0af3319335da8c801424

SHA512
b713c010009184f191ac3b098fab1a61aae79496a9b8f65a775990288155c5fbcd35c268bae9bea5d72062163ac142a69a189f88a9985c37ae6cc0202d1fd327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
c0e9437c4f62e52be20a0af0fbc70afa

SHA1
0ac77a6d00707ef8fd90646defffb6ed2db22fbf

SHA256
fd64bc234ee1007c77c74a45e8c5accac2a51de062f8efa28e14f8b98eed177d

SHA512
8ad34c9c990efaa4c1bffb5464cee3c8da78f1bcf43cca34a91b9e221075708b8a7a2fad0e16c46f045189b12632f81343be6f6a97475c8f4b691f1a731491ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\adahrqhl.default-release\activity-stream.discovery_stream.json

Filesize
38KB

MD5
f1ea107171902083e80d919a1fc30282

SHA1
c6e14ce07a728165f5898bb7646f482c1bc00b22

SHA256
27d358d5730f177a2f10347fe7752164bf8b402844af1bf648bda8fbba57db69

SHA512
ca55b48630d65947764d381cb87eb5de41a62af9d6d199364a1ebef6d2482c31e1a672aed433fb6018fd052b27f202dc2a4a234d6f5e63f40189ffebc87bd4ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\adahrqhl.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
144d17db2d2961223cc322f123b4d1cf

SHA1
c4fcd6d10fdc9023955ce47cf71cb698316abc53

SHA256
0c289d6e40f7c8a26da0d8c2ff02e459ac2144e0d913354994b5da10c4408f08

SHA512
32e3467464bedd26de4c9c07ff5808edf872cd81bc4838bdab9976fc687d6b16b661f38f9809873477af12f4259072cbc9abfe86c291b8120ceac04850181c57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\adahrqhl.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\AlternateServices.bin

Filesize
8KB

MD5
17e9b6baeb5f5d878730122451a11f77

SHA1
3f65a7add842881d78c44cfb381c54cdf2354382

SHA256
e97f0cee3a196ebfa1a99d24b1a3b81acdd6d5db885526a57446221333cddcfc

SHA512
10bf318b3a027ad2dddac71d8ab045fe184a5e1a0cd2a746df9e12af65a38f4794256a8d954ba545937c0ccb99fb26ed949bfa9e92bbf3a5a476e64e8b2b2167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\AlternateServices.bin

Filesize
12KB

MD5
2fb372993f4dde3f10f9ad80801e4249

SHA1
f7af7c964838520b5f76fa53ed85734fba2e1dd9

SHA256
7db0c6cfb3f4ce15a11be9955cae4fd68383b24adc3f6c45b8076dcb366d74f0

SHA512
e4506aecbfb830f07ef711cf87ccb5a69dda96b112b43b9fdef89e21c8cd8f6e0958803011bfb66cdd82a27e1fd46423a402b07ad51400f83fdae4a98948b88d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
482c2c7ea6fcb32e48f9b95c03b1631e

SHA1
093c723ea5cb6f84b8f3fc69518d1e7af23a10a2

SHA256
a119b54fe87872b66ac73ffc8f0b66fea7c7e3ed1314350e41a6c7b856bb1c36

SHA512
78a4f3cf7b1fb303b946acfb8ede14a26409d4eef0269a5463e36bd4e74736fcb17717ee1bce3547866c9ec5f66abc227be156a0a28edb0ddd3a04145548dfc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c6ce8e904a178665c2b76f4b49fe194b

SHA1
16dbb08099cc208fa40aff78c972c0a3ddbb32e9

SHA256
2fea816ab50b67af5ca91e130e1dd67f1d08fde8dfedd842d63bd9e7609836bc

SHA512
89ac0e2004c6624bbfaede5899789ce03089f75c52ecb88120eb8be9cd839a69299ddd05487ff1ca3078da597592065f1407f676470d8ea5e68782dc4f2a2f7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
53bf8b9bdba1d3ca0807fb9e47685575

SHA1
6de267164710217e2c6ec66479af93557c49d356

SHA256
37403b146148a689594bca20670fb0002108617d179e961a07b0ec510b705538

SHA512
a720ed32f53a61a4e7c58faa3f7772f1e0c9d34fe401c25abed2cba8d4e4e1fab25d477c9ac14cc6735071864c06a3c6cd86a4f5dc51e549cb735b77851d856e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
c98a129a2208292e105d493252394f1a

SHA1
60f8f603c8595ddca868b05e8f6948ce5edf9889

SHA256
b6757abb382ae90b1a919cb19b9aed31ca21b1e4c3a943ab8f15a6c6154cb7b8

SHA512
3d4814377a0d3f18e621e3b27042865358f6bd3a8431a7ce462b5b662bcc9369edb40a6880b03511e5645d6d40989dabd0e7fff6acff184037f117ce80e20220

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
72KB

MD5
9624df98d7b61b678de100731fa8073f

SHA1
4a2f3704c7b221ee372c86e1c91991e66e07185e

SHA256
12f0d6621e69bdbfaf6af946b99ade8993305042efa86e39b8a122c953e63966

SHA512
8497e423ca467d9ce29a16f906dabbb4202b97a27f5e3c332fc8cae231887b0d9df2b817e5c5e0594af5ee11695e59aa7f66e16a74d994beda93f6ac14b3c401

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8f5e83f0ca6457c0f3c2c3335c3af641

SHA1
38138efd0fe7c969d2397d1f080168ec05c2f94c

SHA256
73ec48510183dc520958d63aaa9024c1f58f432ab182b422c95823678f439104

SHA512
63230a0c4914b31e60605b3650206bae6bb256cedfe2adcf1bdf897974c4022f550549ea1540a116ba5e373fed5aa846596a9d28f91f8088bfe82c7d6fdaacef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\pending_pings\088c2741-26ee-4d18-b8ca-65cd2ea54cdb

Filesize
982B

MD5
df64912acfe8d2b0c6f498ae41c8c19d

SHA1
eaae4eeb4443179ae9cb92e2b3445a725d905b04

SHA256
6586d6f66db241ec4b64da6c4cd974a0a20d8de4c672734da7b9fae110149776

SHA512
2a9ef566d52385b572c747f88d9a7552f1fe512365116cae66ea92793e39435299cdd726a06e655613a66d704e917aeeb1030650774335006687fd8dfa0588b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\pending_pings\36da608d-35af-4cd9-831c-689348ae1bda

Filesize
671B

MD5
33ba9e8674224596ef4dc7dd876dbc5e

SHA1
1d0cefd3c389b6ce14f68c9a1d86f80068d6597d

SHA256
5014eb6ed12470b1204ee91ae2874c15a2a18bbd12c033e6d4ce9324ce4f5606

SHA512
9c8423f99941d3b1561e437a066b2b7d159bc0e35f15a8c5b248fd9e118083b391916f5afaf97b995b285159bcb0e51d3f3ef5cfb20a1cf65f96776a7f33212e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\pending_pings\472da8b2-34a3-4b38-a96f-d1c68b7099bb

Filesize
25KB

MD5
d6838e996e67e013b3ee6a67b0b436ad

SHA1
f3ca960c91373631e1dc21019bfff8197c1ae128

SHA256
858851bf0bb063ec07cc2878651ec42fe6467bd04384bd5a9293473eb48cef2c

SHA512
7a8baa96599a90a0ef8db12b7934b1a78176dea6157a932de5e6188bec879f2176de5593fd79f570f724dac0dbef5139aa855c383046b277913d1b8df953cef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\prefs-1.js

Filesize
11KB

MD5
a631231799f64efebc8aa013d6387696

SHA1
27fdb81c6d1642c53a640884995c1d0a6ebb8525

SHA256
8b451eab4190673f40a28a02d30c32240c8d868acb380944be68c8b03b7a25ce

SHA512
ec4028e77657b1ec3a6c4566c46da52c0b6f49563a7dbd0bd9323b51700f8989e66835eaf6a6091338ecbdabb0a25d3f546797645c38c91e13fc531bd73f1909

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\prefs.js

Filesize
10KB

MD5
5304cff1f2b980d7f5b40803b62fa50c

SHA1
b34af343c18360ba9dd27ec9f6458391e58ab7c9

SHA256
93f6fae54b8663a9afd9c77ff2bd92e0ec8c0ed71c02bbd99b6f0eae95bc826c

SHA512
6138928823b0ca65d71cca171a2c8c4cdb5e1cf543d72ea26eda91b1eef950f50eaed046034d3bcd870ddd8a173de1bee1e43dad4f34eb1e40f8bd29d445695e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\prefs.js

Filesize
11KB

MD5
80fb25d7d4ac29aa1b885197152a3928

SHA1
208c113e8a40dba0d7e8dea3360c1480b1d051ad

SHA256
a0e308f75b6065d2b5728a4a8316cdff8cfda9615e10e72b8608e7e368b90140

SHA512
fc2d729be9d59ce28b9303f326d42fd9b20fceeedfb6fa4f280867d155ad8ae065eb3c4f55bee28f148d5baddd5ff62159a0f0b054adb6b61ff05f3e8d8bdeb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
451968d6200d1340c1b164c77d135653

SHA1
45cc600fbf8581fdfa65930ba161006d36f466dc

SHA256
8bc9335f42bbd8b31578c0f398b093d4071bf83892ac9388208f872faebccf80

SHA512
d2bc1fb9aaa9bcf5022639bb5ad12a883617aa61eb9de2d8845a32db56d508ef70ff7aee3ed4894070f842ef21fb9454da0420f683cd0887791685190cf99a26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
365347be9fc9f91b8ec2c15262cb8d72

SHA1
388952db23a7f16ceef4bfb0a2c600a06ec502e1

SHA256
14e6cebab4119f8a57844cf6853b8dd377d01dcdf008ea133f2d4b5155abd1c2

SHA512
62f87bc3ed95c77060e1187eef0fa2c7aadb1f726e9b9cb484a5bec0bdd69284f9934e878d0e61bd7432b1e9a4af06b252ec25ad24afa9abf32aae65f8ed542f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\storage\default\https+++www.youtube.com\cache\morgue\176\{41d24dc0-d360-4e8b-be1b-d8d3a3a473b0}.final

Filesize
192B

MD5
2a252393b98be6348c4ba18003cc3471

SHA1
40f75302fcbe4a8ac2e33a8d9daf801abc2a9598

SHA256
04cae3c7b208fc55b25763913d0bbdc99232942086efdf705f2a27764be6f5ee

SHA512
07af4a7b0d10f1b5e1fe0877b21abc98483d78797608a1763cfb71e25559fdce10d20f03c16f4284d7ae7ab90266f45240425e3a264de9525ec1657345b85198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\storage\permanent\indexeddb+++fx-devtools\idb\478967115deegvatroootlss--cans.sqlite

Filesize
48KB

MD5
3c1232d3fb05e1d7a74cc0f43a2ece81

SHA1
70d6774e9254229f9fd282397fb91b821dddadd0

SHA256
a27b2369df5ccc3b0765605dbc0dc66d199ab6616cdedf73bcc7893214511d0c

SHA512
a117f6567dc64a64351be4d6cf9a4d3ea78175684d11f0c79ebd5538ef8b0d68378c1d865b0cc051f6c1e9ae47f8be54c5ec335594b8cf9065e1d55e7e8beafc

Download Submit