72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
23/08/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe
Size

89KB
MD5

08ba35f38182ce9533b8a49ac8e79c0d
SHA1

84a72c41a3b3277fab7c8fd5e1ab94ae2bc57921
SHA256

72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9
SHA512

f8e0f94c5d1fe0674521fd71827a21aac156f34a5546be82ba9fabf2352ef7118e47bcc19ed960a390324a6ddb895c9b0d4300a519f534fd1bcf86d6e63144d7
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf0xZzEO+:Hq6+ouCpk2mpcWJ0r+QNTBf0H6

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133688632661561895"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{2694FA13-B874-4F87-8E7E-04DECF277827}	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
3740	msedge.exe
3740	msedge.exe
4772	chrome.exe
4772	chrome.exe
5324	msedge.exe
5324	msedge.exe
6908	identity_helper.exe
6908	identity_helper.exe
3652	chrome.exe
3652	chrome.exe
6452	msedge.exe
6452	msedge.exe
6452	msedge.exe
6452	msedge.exe
3652	chrome.exe
3652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4060	firefox.exe
Token: SeDebugPrivilege	4060	firefox.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe
Token: SeShutdownPrivilege	4772	chrome.exe
Token: SeCreatePagefilePrivilege	4772	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4060	firefox.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe
4772	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4060	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 1260	3240	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe	81
PID 3240 wrote to memory of 1260	3240	72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe	81
PID 1260 wrote to memory of 4772	1260	cmd.exe	85
PID 1260 wrote to memory of 4772	1260	cmd.exe	85
PID 1260 wrote to memory of 3740	1260	cmd.exe	86
PID 1260 wrote to memory of 3740	1260	cmd.exe	86
PID 1260 wrote to memory of 1504	1260	cmd.exe	87
PID 1260 wrote to memory of 1504	1260	cmd.exe	87
PID 4772 wrote to memory of 3188	4772	chrome.exe	88
PID 4772 wrote to memory of 3188	4772	chrome.exe	88
PID 3740 wrote to memory of 3544	3740	msedge.exe	89
PID 3740 wrote to memory of 3544	3740	msedge.exe	89
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 1504 wrote to memory of 4060	1504	firefox.exe	90
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91
PID 4060 wrote to memory of 3244	4060	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe
"C:\Users\Admin\AppData\Local\Temp\72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D4F3.tmp\D4F4.tmp\D4F5.bat C:\Users\Admin\AppData\Local\Temp\72c1a1787bf3fe7a794664135e1ee8af03f162d1a970444ab02ddd8b717f15f9.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4772
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc4760cc40,0x7ffc4760cc4c,0x7ffc4760cc58
      4⤵
      PID:3188
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
      4⤵
      PID:4364
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:3
      4⤵
      PID:3976
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:8
      4⤵
      PID:4808
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3124 /prefetch:1
      4⤵
      PID:5360
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:5372
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
      4⤵
      PID:5356
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4544,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4224 /prefetch:8
      4⤵
      PID:2468
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:8
      4⤵
      Modifies registry class
      PID:5940
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4976 /prefetch:8
      4⤵
      PID:6300
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:6356
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4976,i,5249404158056860074,6032501354740494818,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffc474c3cb8,0x7ffc474c3cc8,0x7ffc474c3cd8
      4⤵
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2
      4⤵
      PID:4232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
      4⤵
      PID:2420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:4352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      PID:3204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
      4⤵
      PID:6560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
      4⤵
      PID:6556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
      4⤵
      PID:2224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:1416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,3371126213319534397,2989718820809872871,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5680 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1504
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4060
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b9c12b-5527-4730-a65b-535263b01fd4} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" gpu
        5⤵
        
        PID:3244
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c13ecd38-0a7f-4f59-bc67-55b49f269fcd} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" socket
        5⤵
        
        PID:3352
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3080 -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2776 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b526f5e7-5f1a-4aae-9150-fe9659660618} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" tab
        5⤵
        
        PID:4296
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3332 -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 3024 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d03cc68a-0c16-47e2-b90c-d5d15f8e9f49} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" tab
        5⤵
        
        PID:5100
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4196 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4292 -prefMapHandle 4284 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {452a9107-ba2f-4d4e-9bc8-a8204a866aea} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" utility
        5⤵
        Checks processor information in registry
        
        PID:5196
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 3 -isForBrowser -prefsHandle 4288 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c0e8cc2-7cb6-4b39-8b79-f907d946a050} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" tab
        5⤵
        
        PID:6088
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5612 -prefMapHandle 5616 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {485b3706-0759-4698-bbac-b1dcc68f29d7} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" tab
        5⤵
        
        PID:6116
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5808 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49e8ef6-630d-4988-8afc-509b346ea697} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" tab
        5⤵
        
        PID:6100
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 6 -isForBrowser -prefsHandle 6084 -prefMapHandle 5452 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a50b2b-acbe-4c16-9647-41eb4d7f8f49} 4060 "\\.\pipe\gecko-crash-server-pipe.4060" tab
        5⤵
        
        PID:6248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6440

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:5324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1b007d527514d75b671c8137aa46f65e

SHA1
a5b06fbb3404e6a40c4ed7d0de127b27deaaae00

SHA256
37691b83a121fcc14c3a6d24a11dc150168a397b354e9e01b41d4b92deaf14da

SHA512
af440e9da61c38fec546167e117f8dd92e6759c4e1049aabbc408c8b69f4a060c74d6b5b4e68dc7a958899ce6e09bd6b9086c218ca75c7b03ec31433439a88e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
77c467c1676e438278b0d827b7c45904

SHA1
9c6a5b45a92ee038590c1cf02745daeebb93dbba

SHA256
dc072d7ea2849f9f6fa6be938dbd23d64eb1213af314c7f3acb8c3c0cbd1afde

SHA512
e53b67f02ec381d29e8f1b1913eaa39c1aefe80f622c76852218ff5a66e10d6b7ef6d576597bee203cda2684222e07d558d00c13f5e1fdd834aa7ca18344b114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
be1a13eacdaf1e921aceb4e9777531e5

SHA1
28b2f22fac098ba522b949c35b776760518b487e

SHA256
0a5aff811c461ea146b41bf587097c4b91f0854221fb37b2528009808819429d

SHA512
93e0c092d8db1bca1a29094756ab5b0193acbe8006d228877ea9db9e46e9629bdabccf59ea7a237b7bb006b60b4e6f4bef681b401b35caabf65ea647cc8e58bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a9747ffe1c1f48e3fafd7b3800e4685e

SHA1
b30f7519d9f52b5b63ebaa193260534dc818359c

SHA256
32f90259f967799b60d795023584b40a3c11a58dfdf575ddb5f7f879f53a9c9c

SHA512
1da0a4c3f264a8f693c39c767f6bfe6ae354c20465c2140bda43bdc75eeea4a28c9f2d224204644ee19143eec00406f1302d255ebe4447bce93d1fc6876191ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
805aff45040293a65816ca8d3b7fa809

SHA1
50a40bddd0275efd3218f9ba5651399066edf80a

SHA256
a686f873ad50add9ae9b1c8a213996741558f2732470668b5c47cd94f956cd88

SHA512
23b2631ffd66fbcbca79e8742d5b1d4c4a9fcfc42b6ed4b00d1e2007d899b9ec9ac95f9128580736bba1f85844b9fd74a770e5a58f65368ffc026d30590d2203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1cd33b4a07634b038fce42e0d5794d63

SHA1
6f87a2e4d1d5aaf8cefd49adcbf4a21109dc9c3d

SHA256
e054b76bdfa5a58c9ca08427e6a4048100dd33731181af7d7bbdec461cec55a6

SHA512
6a02df7ad6cdd21c402547fb203af7cb150c01541e1684ba4a399ee8f0a0eb493152be7a1b5918d9ae2fbe6a2a81f5924e5f05695cf4ee048ac7f0a36489634c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
651bbbdcc5f92c64bd574e7cc4d5c513

SHA1
d3206819f82fe2071d77e7169cf89b5b528c4b18

SHA256
2231cc01af34ce3d253d1953baf8fc096d605a2f9e4bd528f952f4410f60a2d1

SHA512
deff1240a100405740a875541e59521092e1b9a0658b13518c7094133bc90409620f223a92619e99426b7678573c4699393d8f25ac5b51d516e42dfcf84ed358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a32966c3934330146847cc8bf1c4670

SHA1
851537b37b2005de5172ef9f7f0315e3d2276089

SHA256
0778c0971125f32b6799aeb9a99eb4bf3a949179f2ee5d060c5ee429801b635f

SHA512
757093bb7a57cb7d09b4014997691efde8044d4f531fdb81bc3b1c5619420a8e48e478ddef5fa7775eb4b261d4b83415a1a2e72e5cce94aa345f7431e59e9059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e7ffb2bbfccf6d836307087d7fdcde9

SHA1
76bca6a43e0118b918666f1b19387798607698e8

SHA256
cc5a8093121884d32bc5d9b9ab4067c58b483e585fe21b793a83b2b5516ced24

SHA512
b0ca54f40c8986fb1e6aa0d52fd5262ddf48778943d3cf53de7c12ba96398f5caaf899475f635a31fa883670482436d2d08718b884e9af9b950314e2fb83ac89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f71fbefa03d40e4caf318589c0e3b6c

SHA1
11b93825468ba037cab05f4b655c4383ccfbeddb

SHA256
d0e77acac98b36a55325a6691e5c1b728c0fe75093fa9b2a00b839edfcdb41dd

SHA512
cb57d4bc4094f160b7b18202e8405dd4578e5682cc23b0741c70f138332142c315050aed4cd7247a93acdb15192d83cf9dded5267d2d28552dd167fee9778503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e036c0b64d640a315c9d1f381f6e8977

SHA1
0f5b6a76c54ed7e0f4f9e37179b939cd1c8d9535

SHA256
93c799b3b31e7cfb0b5466aca948dcb774f2440dfda99f44d731748afb3c3d43

SHA512
8250dcf21e517ba928ab752871101898c99a248b2007c7442e5e45e615c264fb72e74ac12d104dff8040e796b5b05a333772036add2088efa2ffb1df384946c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30b2847ec0f85d3a9bd1fbb420991cbc

SHA1
448af6d6ac81ee1c4deb1bccd693d35843c0d9e7

SHA256
b65a2c1eeb75a105d7365fcdbf99ea7c58a9fd3d3ca74d8c6286c1ed183faed3

SHA512
53e2e99b340d1aa4b7ec6b8fee314c229f58d459fa31dc01acac63ea4c8c248b86009fe514a9b0bed4f1736fbf341b528d1a36e4ab4fc6607e54af6194c0056e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32305e0efcc49ff8b79f2a4eb1ca8667

SHA1
99f7b9737bfc0c72e754f5efc4147e6f8a8de890

SHA256
f602dd936fbc492521f06910e0157aed85059f2c4d35e5ad4c1c57019f1c32e8

SHA512
21958c72a2fd9e4adc5f7635db19b231a9db45dc1f9ac6c6048d7c865d86d4917619c64e77a9f745f295c7a1fb5822ecfaf2728abb7642b87864d5716c10947a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a7bb0369cfc0005f2c21fa1b237dfd7

SHA1
1ba35053c578698fd30a4bb3b19d86754f593c1c

SHA256
5cf1c6c10800c908354e317eb06f13ca704bbfff5dac9eeb4e485d76605ef19d

SHA512
43ca8e3f168fed37f4889028ef86cad954a7b0381f0a3b9bf8c2f7fe2b41fee6c48d793012ebc23b157429032588f9cb06d497e10b01eb14344cb0fd4b734956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7bc328e1c402b34aa373dcce2cdfbd4

SHA1
7d01f2857acbb1fbc609e0281f3385b21a087a8b

SHA256
2ad49518e61f6857ade51261cae96ab5d7d9f854df11e67691b14a5747036bbc

SHA512
3f75bec811ff5e7e87515e0813ef2cbf67e8e4a69daef3d368ba29564fc2fafad57f5a4b1f54a70698410c2ef8a13385f33af9907b9189dd39018d6d52b874ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
012064b6c5bc9f85ae68cf6679fc8fc8

SHA1
7b86b1ceaab156227446ccc3ae3acdea0655dc2a

SHA256
86be2bbb9b139c0dc4cc05083a316c96aeb5c17134be659b1b110402261bbd5a

SHA512
a1fe66f1f1a77a7d66e3ae5c86cc6273faad4ecc96bb1011702714368ecab17e964116fc69bb825df82c5397b6e0e7c2f51492aab97c2b3b11f11d5680077cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fea096b26530e3d2d9714f849c6ca0e8

SHA1
f90676e759f251a7b51ad931390f5ac0db9c5b0b

SHA256
28e218b349ebf25bb3e8ee078ff6f5532b417e9c984b94c4eeaf7ff2b00a76a2

SHA512
c9e52b3c2de8fe8f4601b3d0e682628a10ee5eed6bae193c8bec826f5079eacbf93da73d153064f107967ad5905a20b69bf948883bdb0c9c7348ad0a5e52b3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
0b2d8325d0a15181611c7e96de17c71f

SHA1
4ef5eec2c00bf120da8cb2262de9033c005e20c9

SHA256
b6b55effc3b599410d1bd6e3d8f1fd77c8a0edbdf069f1138596705a8ddf5b74

SHA512
ca57d2bb5a8e18fadd99fe29429f86c4b9c1d43411abee78ede1d1eec74189a375720b61cadf8148b9a559d13f6cf1899b87d5bace95730a75c6d82c6015d613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
438a378b63223139de37deaa9a94e69d

SHA1
a8f0297d322f32a6cc6a162d8216674899e50a1a

SHA256
c38b301449d817676b8d3e83d39f5b937bb47b0732ab49c58bb3431a6a4d56d4

SHA512
28e971ab657feb7f818e0bf82f4b5895b0081483a81f3841f1284ec263af3ec376d7e38d4b4e79491a029c2be5af97057346dcf65ea0c565c043ef3dcb843f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
da29795e5ff7eda96c81ada64ecdbbb7

SHA1
b56970fcc9a58cbef519fb575149568716c7db6c

SHA256
4dfc6fe4cdf9d87496b655f1686c2f4de9d11548e7ed9ad117b057b2977f244b

SHA512
67afe4c5888008c1b869a058291db4c84069f9ccd4629528b0dc94c118f3c8a26ec38084c0412560c853b065c2cc1778e94ece49262beeb63c296201cf3dc436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
62b1217af1f21ef43ac562046279ed95

SHA1
c288d313e2f3dd0f464a2d71fcfb19667ec34a69

SHA256
909442076300256827d378961b0a35b347ae817974ab11637b6d84a22ea19f47

SHA512
4541c8c9ea48e17eef3244bfb1109ab8e31265d6f01b99c02d3fc0e5101e842c2251ed524868770fde7ab9a6fdffa50cf4af701c7b41d023bc8db05e6a384167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fe982b30cb024755d22f4122ebf79700

SHA1
d4fb132276b5d815ddc8f6b89d52f61ea5057d6f

SHA256
3c3e6c76c15e6f75adb7a21ebfbe600add1d2653d68faf57d417acde8bd68a4b

SHA512
06871ebdab595b47756b4b12c86a4064b5165570aa0c0b874d7767212241aa797a38b4315e50227154d43c9d7da016af34636cd26f2505acd7503c3b58905815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1b5f9e03c67d4efdff696d182b40412e

SHA1
791970dce18d10f8592b12df602cf2fad07d8fff

SHA256
3e807e59cfa700f1d1062bc6122d49c66e5ca13c1075537b4f8ac1ad176797f6

SHA512
aa07c083c0f306272326a151d4416827d30a4675b7d0ccbb2c4bbe5cd889011ae1e0c04e388ccf564f905fa201500fcbd3dc586d5994fe25965875f8f2ab1ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa9d2e5577fbc994079531ed0d9e34b3

SHA1
8d6197ee3affdcfe56ef44238b10ac712511255e

SHA256
709e3e3c7fb148294492c4158d48eb6d6f9ec8a6d7a272e6ffa888f73cebd694

SHA512
fb2c5e9df45d48698dd830f358e97b94874850b578dbf847b8134d7e8d35773e6ce306cd746389a444104abf1646833470d6f9335b342241d011ab20e029f2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8accd5066c1c56d6d732b03258208957

SHA1
793089b9b073f8400213fca7a58f584da4cdfa9a

SHA256
2e6bb7d0f72089b35d940c059779cdfacbd867732787f5bf30a920724ccf354d

SHA512
a71dacb52a81cde1bcd6a5737980c15fa6882d47b8dd3dd209d73d04fa99870a30c92be2447eb873eab3a5d43d58ab8a514de726314f81244b1c4d8e6f656b49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
ea57f4e1afba24dcc5063f065774f4f1

SHA1
5ef0e266e7dad103e62e685b60315a0786edf479

SHA256
2e2127e8ea4de44e75b87fa5b991671f284133dbac7686ea3284cd5f2280eda0

SHA512
6cbec1375e199832a70029710a6eca42dc7e2cf589cfd70d8237313403a0412e942dd8d2ba0be980de0a9203d53a432da972057ddc69d71d1167cf033a31624a

Download Submit
C:\Users\Admin\AppData\Local\Temp\D4F3.tmp\D4F4.tmp\D4F5.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
7KB

MD5
7aae41bf43951b4d54e57b16cd81a9ed

SHA1
1764a7d6e637d635f25a6eb77c63896112e06313

SHA256
9de7abfdedeae3c740fcf65ae0f8073e394dde0bcb94e6ad68f082b40838da9d

SHA512
27baedfb73135b861affe2b18c07d63b04d55090390a10212e45e97006f8d3bb9d532012820f5417040cd9f64e4ae4d6830a939e13179b0d08699b97bd279992

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
10KB

MD5
7bdfc36d3705defb7cd87ca9372c39d6

SHA1
b9254b6917b718e305c64fc78c9878298f3bd7d0

SHA256
f07beb93bc092b84d0f95b6ec0367c6328eea528be1e4f3d49a2564e89534262

SHA512
79b4c43d8f600ccf04d3e342751807ed7fdea2322a39a5b5a7dd9e9e6d8313edffcdafc667401e39a7d128092a3d389c33264cf6cdafe5dabe07363acc1b1213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\AlternateServices.bin

Filesize
10KB

MD5
200b594a80fa8f684c825cd3c93594fa

SHA1
dd3349d7cbea14325e95309f748a66afc4b6a8aa

SHA256
d6edadf971fab070901ebfe77dd124b24cbb60e603d6f577a4ec2ef4a5abc9a8

SHA512
561b2752e79da0befe4d14e84847d664689f048237a69cd13c2ee103ad142e4f1e5fbef47e3b00055c268fbe10c84d9c1d628f8b293882166bce9c01498e2812

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
23a4b0bfa1b544c0642a91347886080a

SHA1
72eeda51830a1801d1a014711e8aa80b9dc69af1

SHA256
9663384ed1017d6c682af3d07320d834142f3043dc1d52b33d6816182dcf1ef0

SHA512
2465e8431d4230898b3d89ad650f3c22f64349b73fd9ebb8152c7c65acf1af9be7ace40df8dc8db0700cce19c533cbe2b25c83004c26547d43419dc2ea4d539e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
01e72707cc7582237f763d33aefbeb47

SHA1
55b9fca4c656b59345549fee01725d44dfad99e0

SHA256
2e0d99e9d5b94bb020845cea83d944eddc6f8691cce99e223bd64ef44b3fd232

SHA512
f4b95f4fad67643bfe5dcad379a995f9a066847b883517ce9016910760825302e948048338e3043af73fc8c025b2a9b5ed67589a4724aadc17145178da260b75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
af161d89102735b0800ca443eea9ad4a

SHA1
a1c056c36c0d5ae2fbea3b3d696db9d65a330c76

SHA256
29a42bf443abd2bde6ef70f7e5e7cbc5241a539e884f19d3c3b22752efa044cc

SHA512
ea603e6dcd094d7928153f5f650365d9c76a0162028f268b9a5ca866be9fa062ec884e84c0b825d361bc45c31aff815b111da13f1d20473b517fd1f81abc02e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
76c77df8cac931f8517425880951ffc0

SHA1
353b5ebd35845420d37c5561bde2d85cfe23c270

SHA256
1726e766bb16f86447f4f028bd612f74d6d4dbb0243e3279ba6d583e4628b573

SHA512
8af4f83713aa1fb6672b847c228a8ee12ed41bfe39e3a7d5f3036bbe3d88544a766af43446d921ae80ce93837b7488c271b460a63c5e2d04976de460fff0cefb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\287016f7-901f-484a-8f32-c3e713d920f4

Filesize
982B

MD5
9eadca3d1d3ce54a4b33ce52de06e541

SHA1
37883e4b8333503e5016e7677c4490ea40070ade

SHA256
64281b22305409c3f081919fdde552de02820c43646385df42cdb5bd9edc4804

SHA512
488adcdb2e5c662ac472b005dcb0238d1ed7cd57ebaf28114ae4e285da67fe04de3b410a604266448ee6710f3545c36659d00e9d8bff16a7e6e85aacc8eb783f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\28fdc13a-9e0b-4d8f-9364-7215d71a8d33

Filesize
26KB

MD5
467cf140826b341ca6358eb2b49f6bcf

SHA1
ec67b5b885e734ace42e8840432a3b1d4c3ef161

SHA256
24f12e438e8af22773d841f96fa3ec08940e16ccd26d973ce191a9734adeb382

SHA512
a33b9061fcc4575c345e8b414e110ed826be426976836753a33a5534de796fe3ffa8cb3ab72c9440392d09c1265fe69abefdb4c0830a1930db5769a23ac595ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\datareporting\glean\pending_pings\da2e1b9a-3173-421d-a1e4-f2fe6118020b

Filesize
671B

MD5
c097f6e28d3b1aee1f2430f51af4eec1

SHA1
ca70dc9cec4cdf221cb1a4d6060aeab122aa1b39

SHA256
a2c0a67eed06b45bda62172a2beb9becebde01817bbd06aa5e5a9795e7a43d65

SHA512
853891a34e5aabf08e4860b963853a7f8a6cc08ce0807f4081eaa4c02acb7658abd7563f853bfc8e939ea7ddaf5e15bbf4606085b06b85f0f245a430043914f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
10KB

MD5
d4e9e55a7b9dde21f2d81f12be51a4fe

SHA1
c64c4efd85fd4c98e70f00c040e4e7541ddb01e9

SHA256
528de926d8382deee4d5c77a1ade805a4ba9aa4b94e65acc5db3454360456340

SHA512
571991344d050bc4e360924f5d8a840823c57a10e2861376db5c7e9c9c3742c61fc1abe2e432a2b8e8a5de31589b5a0d5625377585e2f1a3c3c3bea0fd21ebf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
15KB

MD5
6a4ce49212bcfe03681693dbe687ad06

SHA1
bcb73627bc7a63306830df198dec23c772472286

SHA256
40df64de26846a22c4c21e572ac650780a206673e8f8bbefbe98b62d468d2e8d

SHA512
3720818ffc03ba571416e5d0601870afc9f28fb2dd25e8801328f095906414bbf852c206d33ae81a9e6c39715e3f9bca194872570422366d2028ab2ec9268991

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs-1.js

Filesize
12KB

MD5
a5ea58333588f21ffb76629e669bba68

SHA1
4ab1170c13a4c7edc47db8e46586a2bd7999e5b9

SHA256
d511d1ecf03ac25756735a734b3c64df0e35169cc1c847e549e13e69d5bcf1a8

SHA512
5641199c2f3a2e0fc68ad4b267efde7099af51340b9f8fdcaa8c958061548faba1bada88ad5191ec8dcab3624c77a9840fa57c2aa35312e841fb787a06f719c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\prefs.js

Filesize
11KB

MD5
f9711ba270e571c3e7b88d12d2cbac7d

SHA1
e72a7d8db8e674d7d5ae5e61b55075dedba7a9c0

SHA256
cabb2cab893db44aa94d3fb400eba2893699e3f58c0cf84b3f1aefbb30aa4e0e

SHA512
a58048085d88d2532c61b7a3f7eac60a8fd8a1b9149bc15697746db89d2868e7be94cc2d0374c7322979277ecb29f70c8f14c6579075e8bb6c1e9a3f658cac72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rl5fa9qd.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
d1bc107c17f9464118920be2e77079dd

SHA1
47360ff1bb0e2d5e9037907fe43cdac563708ecb

SHA256
bfbcabcf005f39d59e6e2ca009e0b0ef68bda3fdb67f0a63f66936f6b767b985

SHA512
58affb25d8a226a62fb0b999eab6b81ef8fd191e259f30deaaa512d1d21b1c8ec4f2f1c3def0cd528702dcebd2c546db775467e66cb2f59c12478dafff5e9074

Download Submit