hxxps://www[.]bluestacks[.]com/es/index[.]html

Resubmissions

03/09/2024, 22:41

240903-2mjg9szhkh 1

03/09/2024, 22:36

03/09/2024, 19:45

03/09/2024, 19:41

03/09/2024, 17:36

11/08/2024, 17:42

11/08/2024, 17:24

28/07/2024, 18:08

Analysis

max time kernel
509s
max time network
503s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bluestacks.com/es/index.html

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698585807010412"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1194130065-3471212556-1656947724-1000\{BEC444D6-741E-445C-99DF-988A3629D87C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
5732	msedge.exe
5732	msedge.exe
5316	msedge.exe
5316	msedge.exe
4036	identity_helper.exe
4036	identity_helper.exe
3452	msedge.exe
3452	msedge.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe
Token: SeShutdownPrivilege	3044	chrome.exe
Token: SeCreatePagefilePrivilege	3044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3044	chrome.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe
3540	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3540	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3616	3044	chrome.exe	83
PID 3044 wrote to memory of 3616	3044	chrome.exe	83
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 5032	3044	chrome.exe	84
PID 3044 wrote to memory of 1056	3044	chrome.exe	85
PID 3044 wrote to memory of 1056	3044	chrome.exe	85
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86
PID 3044 wrote to memory of 3512	3044	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bluestacks.com/es/index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9f57ccc40,0x7ff9f57ccc4c,0x7ff9f57ccc58
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4824,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4992,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5212,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3476,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5344,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5368,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5372,i,13744055829760302919,17491699007810852,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2268

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2972
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df7e7d1e-9f8c-4011-aba0-922fe84bbfb5} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" gpu
    3⤵
    PID:3040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2308 -prefMapHandle 2320 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9bba8f-effd-415d-aabc-5932bf2105a5} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" socket
    3⤵
    - Checks processor information in registry
    PID:3636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2988 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92ceed17-b752-462a-9170-8db4080a6d7f} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" tab
    3⤵
    PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -childID 2 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e773bca-84d8-404a-8194-457e5447a4d5} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" tab
    3⤵
    PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4268 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4220 -prefMapHandle 4228 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f04765bc-b4d9-4c75-8455-dfdbbaeae16c} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" utility
    3⤵
    - Checks processor information in registry
    PID:5544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2620 -childID 3 -isForBrowser -prefsHandle 3104 -prefMapHandle 5552 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d99f065-b2f3-4537-b096-e4d72656e5d6} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" tab
    3⤵
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 5768 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69d00e1a-a2a0-48f4-a89e-88db307b1464} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" tab
    3⤵
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 5 -isForBrowser -prefsHandle 5908 -prefMapHandle 5912 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5996bed5-06c8-44e8-b4ad-20eb5a516856} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" tab
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 6 -isForBrowser -prefsHandle 6248 -prefMapHandle 6212 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd2e4a35-66eb-4dac-846f-45aa7a64a54a} 3540 "\\.\pipe\gecko-crash-server-pipe.3540" tab
    3⤵
    PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9e3ff46f8,0x7ff9e3ff4708,0x7ff9e3ff4718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13773166426325232506,17206741295742676405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7fbd9670-4c58-4568-a4c0-4deba04ece34.tmp

Filesize
99KB

MD5
57d03dcdca6586495cad025448360edd

SHA1
d49a63533646eb474ab91b0f24372174ecad946e

SHA256
8199be6b6486f33e400ce3150f2b17528dda83eba9019b3013fffe958fd13949

SHA512
51858f3746fac6072ad142afcd856932ffc69507fe8055723283a6a6329a9ae1c03d351722645a314b148564520c940ce44c4cf2e5992d6f4aaeac5add569307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
eb942bdb6305f3315f94ae3c05f48dbb

SHA1
7674299d7f21d68d74ebbcb1de993f2c99ea6a1a

SHA256
e306a68470836c921619dbbd8ec7c697a25625402fc95add71250d41231787dc

SHA512
1509991d75b19506b3c4fbee4b75b5caee8e5f1ec7c810d4cbe21ef9ffc32b472851c25da616fcf8cdd9a4b4e57bc5625eafa3d1803f2e41c888d449a2972c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2cc3901334bd1de3bfc4876b22a09964

SHA1
a416c467295fb22fe48c82dea70e0ec3d5e13b0b

SHA256
cc4a56ea6fee1948836de6f57bc3e71df3e3f96a1260a356adf0904c1ad30bd4

SHA512
ff71016bad0aaba3d5a55c28f2d990fdad982dca20e4245798fdd1d575ee702826227f075eb7651b384ff334c317f7e0277a0c76af68f5b4d21bc4f33bf70459

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
561bb0f5cbd271aff59fe3bfbdb0f39d

SHA1
6f591371e9d4ad7669f2bb8ffa05affbd7a77c89

SHA256
c3b74920f9bd4e5476c3a9cc30383d4446e36b042469fd2f784365aab3286624

SHA512
3408bf8ce83d53468ba12ec96314889f641fd236c6e4d136a57e3eb8415bf71eea85d8c964a699b16add82af5b5553eacc3d8804f7c31ecff2ef6e1f8487f940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
513a23e8b319911f16ff201d1c8908ea

SHA1
e73502da69f588f62d0f7997f7678e9a5968a8bb

SHA256
a466cfc9bcd5f773a0002dce7b47b2ca299383e048d4e905785249b98f85f2f5

SHA512
8c45b2a32772a6efa58477a7f034b1ca2bb986dbf715c7ba332a044df32a3ee588429b78718fbb56d21e56aac7df341e45ee05d8d3d9e6272863b7aa56d5318e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
cd4cdc1aac650bb0655c4ea36792454c

SHA1
608aa0b06b3942c811560a3dc2e9b6085ac6eb74

SHA256
707ec4c77a95264ef2571be8ba00fb38f4d8dd94c77d1557108535cfe26be15d

SHA512
7ab3edadcd0d79580dbb6ae2d41ef7e2d0f1abc74fdd5c6dd6ef9ef4e3a91f05dbc88c9c7b36c3d37985c46271cdd06c28a231b571730b71fcbd012875783348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3489365cd117e85dc2dd9d17c29f160c

SHA1
47ba2802a6e06e50c29f2903a1effab58c21ebb9

SHA256
5b1c8583200e0b682ffb5c27cb8342b6ca9f07724cc7cba94cb81a9dfc086594

SHA512
198578870c799b0edfa3314567a88f81e6fc489230d018cb33ab7d63560171510e5ea75e26a78a9642207c756f81e884290c4ce3e30a2f080e70fb3f71f92e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
af5852b15a1c7bea94bfdae60a64d337

SHA1
9b31fe1759a8fd9707b7b8175d8b1840ef4e405c

SHA256
4ef9b864f06d3dae0902dedab845c5572a2cae7661fab589447e9451cbfc29cd

SHA512
dd51e90aa8539734a1acb7f0c695fed01fd72ce524237fb542adf893208beaa110f6efe58be9484135c0c4b62847dff9c7f40e34640fc0435d7d8e2a868b69fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
e04e171161b1bc41251d707e5758ee72

SHA1
8f33da5fa4b767d793762574e44fcca678110064

SHA256
6e55b87c0c4406b2cee7f9c394035f3f204934822a16483f9082baa0330b4e7f

SHA512
399ba8b619aa0fdd4b065d3a9ae2180d450d3bcbe7010116b4ecd87ebcae2cd2e29a764bec39f9dc64865266640666d10849306ebc506561255af75a27f67007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50b1ab5f4b162a17acb90c6f9c5606ff

SHA1
478bfcfd6582be4ad5f9d90812d6dbfd032d080c

SHA256
55ce92f8bd991d3231fefa687142143d13c94ca11383d051096a8a6f427dcee3

SHA512
eae3bc2a05d411b097e820dd77466aa0a773f43e4565eb59b23ea1457c487f7e187be22d08be2366380e5928964d0c4807930e678dd308c805a854601abf85f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3cf5f59aa97fe660a4867dc51746d5f

SHA1
597c24a483a637fe24838e72ed821ceee5c4b91b

SHA256
5016acde84da14f273c357cc83a313f36512f5a8be5c2b45b0146ad048bd49f2

SHA512
0047725138005e81bcec8fb24f71b9210080e70008a2e521875b9ef3109b77a11f703a6c129a4198ce10154ff332bff16478ac7af6d36a2d4b61258acda5738d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6cb6b3136f028ae6817efe345c740cab

SHA1
6b0a0467b9bdd4d66ff67d31b4f60f1219fea457

SHA256
7e68a1a1f8462df00bdf9b7b0d371f2b0946594fa78f708c84255fb879853679

SHA512
a08c0995f876730185f591f233eb7a256db413620a1b5ec95ebf9f43a743fe4f44587a255297122b8b69b895e82802a42f7656c779da5367a4b3269ea5b9aa86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7835011bd5fcb3dab6063bae483442c2

SHA1
a733cada31df47783e6bb5f7ab47a1328417816a

SHA256
7a2c0a8eb38ce6899ebf8c1b6b25cd87480606a38eeddb5a6d74a73cdc4d94f1

SHA512
aa345ebc40c3967b47df13114ec8bd76b542bbfe40d9f04e65eda24d7d88dc796ac6f43c5c60d19899016afe917fed52cf1838766be4639ecd102da67d0fd3db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88c2184f69e6771878eaefc06b551e3e

SHA1
a83f5794c2e28270d13e9b67e2f13263b1ee1d8d

SHA256
63a3825dd4e4e3d1bb6011f0ff393152a691ded8142e2140aab2deffc108a897

SHA512
dc987c5d3311308d74f1f2ad6d43e5e06c10859e37510ca4b92b51a8da98b44fadeda3c1389ada229a2048a44a3b9841e9e97a39be6a2b5c6d21a5fa8721643b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a934e5e66bf098a82db3ff51318b32f1

SHA1
3ccf9179124545f4c61c60e326d7dd0cff5bc886

SHA256
ed6521b64eca681ee0b6ece8865b8df21c5ce67541079e8461a2e9c6b672e1b9

SHA512
cf7dab2f00404b0aa1998f043aa6ed024daca43985320a456925af47668457239f3ca137651009374f70539c7e62e746e92a9dff37ef2db363b0f301dadb2f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
271a6f076d7ce859f71116aaee6ffbfa

SHA1
aed672168b71fad8e9a1536cc1934ec5f323dd90

SHA256
79cd38aa13d61731ab14ed4b2e1aefc76f8b66618edd60003856fcde25253e6d

SHA512
7264edeab517f89a06a55e9f5ee221799755d80b327e4155344d1cb8cedbcf9a2594efd3dfc92fd61f5b9ae7c28bb3c4da2208c2f47dbf9a61c084bb7149bc8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
258b70863f7399a00fccfcc69e728e1e

SHA1
7693ff73de3cdd079ab170bfe55df76b077703bd

SHA256
04800f776ab3e5e73bc5af116f4adb1e7f00474d9eb6354e1f21a38eba46e61b

SHA512
35cd6adeaa342e3a03f849e77157d23a26060563a1a0e8c0da8fc55c36cd64270911b7710f0622dd00d63b7ed8e5910509a1c5ec77370002215dd740b4452324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29e46244b5bf2bb491c1db7a28254900

SHA1
baf27a62c51c447293bc31b2fc06ad948a0a63b8

SHA256
d46e33aebef261c894abbfd0f60c606f38f635cd63cfe5c2eb20b57d058c9ac3

SHA512
1d1c46345c242e78d604b4dfd843e1e67db3fe0fb5f92c5f3c7026be979fff59c737116a1e9d03f499c588eb1a88a1cf1161b78c89b121b1699df764b8bb5b04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
66497a5170262ec7d344dabeda7ad1d3

SHA1
69f9590856dce4f7b5e8a27713b76fb11be90ad4

SHA256
9d0f10986a871d7ede2c9db4af3a0805084ee74b79dea84a86dcf4365322cd1e

SHA512
cfc3dd70fc794b65fbd94019152b52fded641344b914cf2486c6d04bfe0b6af2f30072deb72ffee03125fdfd9e6374b20e33a7b2ec6051b08ee8ca15759e4eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16ee45368b22dd52a832719be75c9bd3

SHA1
56c363ddacc2ad55a32ff7bf5b3e813943f516d9

SHA256
564cfb49ae25543fe190887d5aae2fc574206d8416b5c15b7694d2fa273c5684

SHA512
62c919ea32cf600b868486c7a72cc32e9e706a7313092729adc421880b21684c4ed77504c26a2aa34fc3bf1d895a0ff30340ebf601f6350a26226ff5d4dacd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0cbfcccf570e025b14e9354309b9cf99

SHA1
7bbb3cc66a8f7d1535dc3a8ad09989c7136dc2a0

SHA256
798c41946a07d8b3a2b7f0cc63d290ba5857fa36f3c13c1cc40d863255bc0c03

SHA512
d1f691d6a70ac77b23d1a30530db73a00a0a2662ba5c4a3d1796cfea04e252b349d127bc2a52cdf3288b7f6e2f3b2d49750dc09c93bdb718a2b4ff9734e2baf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
425c95160ba6229f47a541a477530332

SHA1
db362eec81450fc54274c4b4d6f09f87a64b8d25

SHA256
5d515bb8ef34d3f05db7eb57b851201fc45802fa09b9c2a03fbf9edcbbc78cd4

SHA512
990b70cdc9f255b5a115cd625303c58b0fc93a89f76f3c6543e782c1c9eebe493f5d2097b73df0664f5ef74608d41f3b64de4055dc5d3da2578c2eba6910894a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
526941c993b75f179c752f1e24d6a23e

SHA1
8e34aaf5df0471276ec381051d61b686feb3ed60

SHA256
56552fe7c57c170fae39aaa3d5a6ff1e9ffb9db82775bcae497b9ec74473cdb7

SHA512
8b14d0d6e25ec7a70f7607e6cf17cef998d3a0a23d7d3f77aa42a953c652759b82452795e3e2c601b8a9a31e71c81310bb021399046f0c42cb0ebe67e068747c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5cab07beb5c202b3ded4832eae395534

SHA1
1a3c47ff729c673e94b1683880e305a0a5be54ff

SHA256
9592e3ac790697dde78d26323f28f8250f47e23db81f0f3e64c9238d1afca281

SHA512
bc1f49f893995597c5957648210499776af463cfda250c16606fd4b8dde8583d508ebfd2e7724a94583a04288003c3880620943eb41040d4952459a380cea2f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cf8fbfd92a61ab4a78ad1ba062de269

SHA1
625835eb9b6b6f6d0c817bf15febaba67cbfe16e

SHA256
bef7e30fc8c900f4af35fb107bf3c1ff0459b527910d112001e81f7f4648d2f4

SHA512
860aac8fe0c5ba3e1f54b15ebb9cef68cd81f32c746404baafc621966128a2427b75333faf51d915353923d9cfa9911abd5f22610ee7f71b1a2ed187a7c3eb23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f586ef2616adbf5868b3d941bd73c1c9

SHA1
68dc2fa186524164a2a5b52a0921be2cf24d9f34

SHA256
8582248f6038bb93ae6b08e4cf04d7221aa33c51a1363264db46a676f1594562

SHA512
64dc2a0c96806660eb0c1b18464ede9c601cc0e5aee87d3069116dafbb444368842989915de89e952199e188647b96016b96ccb0fb4c023e816a4357d3a3495a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
65177e8498920cd358e92bdb4497d1ef

SHA1
dc23cec42b66a5e08edbef7b46fd105ccaea0b4c

SHA256
e37ee02c258a164d0f1c5cee713129c8919d2b6842f4983e395cc19daf98c7e7

SHA512
035f9e987b07178ff5b3e25ce0bb9ddd4ba0c54fe3e9eec917ede8da4e4575af430e175bcfb27dd568cf59ff8796713cb03e956451913cc161d0db9ef2cb6dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fd9ba6e89ab3c9005f50ac1ccee6d6e

SHA1
d7362ddbe18d3b6a2a913207c86fc61f202a22e9

SHA256
29b3d6f37bf0f1462e6a79351aa80de898c46da8666a5e9d92f5c2cabf0ee629

SHA512
825452aa81b0be81414de20d3646adf25f64ac638e57f613147ee46c31c590ad7ef99fa0fadba192c8d09ca5c845d773f0acf3710d6145692f1625f61c83fe15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e0cca0f29a5178f7275a7a2d74aeac0f

SHA1
c86474e48f701af5a5132b7c9d8a50eb616dbb85

SHA256
67175e6e9cf449ea5ecea1c314f6eefb4d8face87a2f5e3be1202f50deccabb8

SHA512
52ff0bb7b0d91b8844dd0e5f4896cff8e933ed8920fc6efdc0dcbce9650a4bcdcdd7221e14707d16b7e46c5f400a0c24e35c0208134facacb48ae7e39dce3798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
353136d99d408955eb0629b8085c976e

SHA1
3521e512a0f798d121501c97e088779e6af20bed

SHA256
008d48ea87658121b32327d8556d906b699902dd2e99c6a3b8a41340d246b3d2

SHA512
c41665b3e99c1443497882eb25a3c0ce2e05965e95d2ea7dab03bdc8407601805dfc9e0fe29ae46906091b159bd4fad5873366ea612789576a2a3dfbff42c5f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c1a3c380e0fc4aace6b093581d17ff34

SHA1
96139245e97480b183218a4354c6fd3371a77709

SHA256
5ae6136e712ee99a51dc4bda1f3684895943b681ff4155d12fbc064efd8ab05e

SHA512
74b3bde47c811a768aeccb30780dd5ec990c7b751352b21839e898350376ff9af68d7df9100793369efdbff3331294f1458e9608927183974c3dae60115f1a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a63a1f339154bdeb7d144d661dd3dd64

SHA1
aac3bc94b2dcda68b06d459a8d3c57c22aeb76c2

SHA256
59c74c9699687c3b384919ecb45322f762a93522415a8da4d412bc438c39894f

SHA512
018cc6804ae249be9b5e755b48efe87725b3fa04fc39edac1df57679103b8cc24cb6c4b04585745b0650fa418e69568a6066f151be15535120cf2f3f76d43c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f3a7768e-b792-47da-ac6c-35d65a707981.tmp

Filesize
10KB

MD5
77328cbc7755aa21892d94cfaef9d27e

SHA1
d7310fc625496394cdc523ff1d376de4e86a7b52

SHA256
35616228b0864023006b3fd6f9b4c5df1c0cb9321b7c2f0f881425762f559feb

SHA512
d1ef9c4ffc977c784ffc86b975ff3a7a084d7950e7eebbd415d9f59a40c4e69cc44c84fdf12dfb9d74ce105813fc2793b47678cd90b0fa20dac06a779743cfb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0e7f6f4f646c8f5a6cec04cdef9636cb

SHA1
35a688fa910425ddae88825eaca1fd9f4a74edd1

SHA256
12805313d07109522ec305852024ba1925437890f9825430809c852f7b61b693

SHA512
843252d6a62268ae056fd1e33e970bba266e600740dd9708a698ba53a98bf6d3909efdb3f3475a5e050a9638a474aaa059711b368857e1afebeed50cc5b3417a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
87d6b144ad16dcf0725f311f6df4c10a

SHA1
65926acf6f3c7cf7ee40605eca2914c5ed772aa3

SHA256
7f7992c23358ab678ed39d822609321763a9029fa29b73167983b79969977d33

SHA512
68257774df12c94412ced4db24061e3b291ac95867994b8c6df692a29ea000499962809c9da8a22b968e9509a4e84f26332ef07a537514dcfb417c51a850518a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\64b6a9af-6c9a-449a-8cdf-17f974ad823b.tmp

Filesize
10KB

MD5
f7ef96d48e4834f85e7117e739308b52

SHA1
e485fe24026a0a77a8bc9e94df06dc14539fa41b

SHA256
64668541c9db5cf992d8e996f5cf5e23226d2cc7ac72ab2eb18003c723ecdd21

SHA512
fae394659f5f9d6a202124d0dbc73a2221780038faffeac679d742d037765a58796e6e15632545a24f01c96ddbff8f76611414909088b26a405df2feb3ee61dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\786a1366-807c-4425-887a-272841ec531d.tmp

Filesize
6KB

MD5
47b10aaac1f5d3c9e81eed0a401c1fca

SHA1
a3c6a59940de190000d8d57bcb5ee90e5d61f7be

SHA256
5cca652c9b95a3527e67fac8292c412f1487dbde4aeb056ecdfb10bfd7624f0a

SHA512
6007d59385bf916de7b8cb35271ccd7332ab0e0444cd72bc0f8e4422942a9bf3be928985ffa000f298ef95d6fbb7049f713f903997fed13899ec428907e94e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b40c211aaf2bc17d2ef08f5ac8ccb85c

SHA1
91368630d98ac3603be2392d2fdb10903e99300a

SHA256
6696eaaf7dec60375bad26557315c5a5d247e4417d7ed045f81cf218f4fe1508

SHA512
a78ac9e4b45f8c45c6a07552acfb1f6cfb1821cb8e40295692b8e8fa70f111055a1f48c1078273c02424a304b913f3e39f5e5c62b1a27302e1aff1196ddf70cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
479B

MD5
4f6de0b991467077b936e7e2a5448f62

SHA1
67e8f154e34e93a83f8d918aa4ae5ecf504b24f4

SHA256
5ecce0083003feb8c85eb21ac1d091561a646dba0d63f6232c304d16a212f122

SHA512
50af3949971eb6f1b092ac7e99e59aa78f670b4d48e251ac3130d5f0e3ff95bfb0d74c6323bacf43be492bfed96839f5b1e292be3c3342cd71225da73458fc55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3f7797be3de557ae9b52a0ee398335b

SHA1
e33376716897dbaea7adfe17a999d1d824d2be09

SHA256
4b81ac902b536804dffd354b04fd0c3e7308a572045b4415be732b325ef1aeff

SHA512
938b05c0d0c9e67372da1f4e09f2ba3189f9d5621c67fb7f2ef8f61786394a858d2cce337a3a60e06b9e2e9d241f5859326b4818e70bb429856c785b8fdf2845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5dc878a84a81fa5e411c1b5e18da0aa3

SHA1
bf627b04eaca21e5007389eca6a7f8782639f3b6

SHA256
0e22f844598ea03b458bee67aab8082081d02ed212823b856363ff9c954ab12b

SHA512
df9539d82d96b4a96b7a11451e201186e7aa0a6f34a17eae9e39b4dda730774801dbf14dd4affd3137e6c2466f72d1cae45f411c9cddffeb568c0259bd75641f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e446d72cd63360ce9f094a01874a4717

SHA1
86f6af0952fa37924a7d58746bcc515a5ce1b166

SHA256
f2fbe4d14d38cd166ba96471832c9351b5bb99e8c4f48233349978fe595f2862

SHA512
94b2868ee558d2927d3f55580f9c23c149c1b16a7363f2e4dedabcc7b784212a880f08097f5b7f79d394e80fcb43bc1dc03a236ca9a82fd82202295df278d4e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
e7d3574fd6b44e454f0f90b93c7ef813

SHA1
b9b34ee91df8222cafb6bcfd5d3046e8a1cfd214

SHA256
5eb2c4199e0c5d90d9239bb646d22859ff372e57e3ee8317673032b82c7ea1c6

SHA512
c9f066c2b466a14e0b16435e3ffcef6fca32713fba69996127ed0308b9acc3643bb2ca2cdcd467aef89d8152ccdc1907f1b3c97414b4d1c36a106f5d69ac5cc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\C355D593D12E13371D28AAC0C8AA0485AD911894

Filesize
32KB

MD5
c3479a225921d01364a9891dc3b0811a

SHA1
87a4343e7fc14d69beca14d589a818111613febd

SHA256
74174235157e0878e3d39ef502ee02057c44195bc05bb0cadc5f90d7f867e65b

SHA512
cb204713510e6b8b23d7aae802c3633ba1a8241e271deee82c6928d8987c3af11485663b5566b78cec743634775df22c9b7073b9fc435217194127dbb29d6583

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
d07fa409ca0da5d6c57606402e4821bb

SHA1
ca1c6c1e0c62e47a3d581286fa2ebd6bf282587c

SHA256
9689b0c2b7098c8f20fbf68d5e94e915c2ff57e0a1e58077ab4833f7da6f75e0

SHA512
fe342bc5713e9d669ebbbf55bd9777edae81336bb2550277b56fe4b90fd8d2ffe0c838415aa70ba7a32391398c2afcc3cd97d403fdf5ca20868a41c161007bc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b5b3e48b5228fb596937fd45888f301d

SHA1
ad92d0b40e729db521c29d789a561229efcd68f6

SHA256
3e7cd9e2c6f2011f7d299e5260cbd9caaf7b64d036db84ce97317530522bf8f9

SHA512
72f7a83ca20373d704f452a84df8651c2a82f5ffc0ac632eda52e6d72e8c5b6acaa50d125b643358c4d54aa679c0aeb4c9cfa6e9198e54e22f9f40f52eaa28d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
330a272c5bbcb2835a5c0d1a7b5c2c9e

SHA1
d28d825ee40225ec490a26059a9e144e5b8783ad

SHA256
762ced5bd2e137dfd4d25716dc8765eba79381c16dadde2a968a6d0748f33850

SHA512
0b3fbc155a889345a2cfacd86526946bacc1a5d2df3f991af9002f1d0d06d0254f06f46811c06dd3ce4503da81f65eee9449795fdb2696601dc20e584bf154e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\37c81744-c4dd-4169-b5f9-45ad66ab663e

Filesize
982B

MD5
6c73781708ce01f534972bf268de7a53

SHA1
d3b76dbbf1487826e2ea935bdc800e6c81821784

SHA256
5208afbeb7f1bdae6817e20efaef0790e8716834e062fd8dbe4c3240e2ee27b3

SHA512
e07b8049d231bfc5e4d1ac92ecb944bba694ea120e4a2bddd30d9b788986a7cdef6891838f88e29d25be9785b085779e578afc541a409bf7044cffe578317a05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\b6c76d71-738a-4670-854d-fc71f6b37bf4

Filesize
26KB

MD5
9499755a45eb27bd524518c292c1d9ad

SHA1
e2e86c850ff16a194cda3d650f2fe6eae64fb7df

SHA256
9372d14a809af751b2f3073ac46e6b17b5a7830180622b98bab94fc1572e3b46

SHA512
865af722f7625ce18bb8714612aea1a5caa58b3cdf3106d732a3984d2e9ef33ebfad9abd553e158ced9b28fea1cd86c29de1262c596a61c2d7fa0c3a3aa6de77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\dd7ecef5-7dd2-44d7-85c2-cc2601feb302

Filesize
4KB

MD5
456b853034d4c108b4979f5448aabe63

SHA1
61c8c8300fe45dc419b20cce039b4cd24795aaff

SHA256
12b2f051277b72c2fea9d6c610ff0ee34bf348ad6ea27d6b07499c41f791c0e3

SHA512
457411972fdb1f8c141c58231223c0c616719813ca1a55c767b9df5f88dde52c2013f03124073e116a307bb1b12cda8ee97141ccfcc631a5f87432b469c6fe32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\ed1faab3-bc09-4c4b-a7ea-db1aceb86210

Filesize
671B

MD5
6488814a49a4946dc084f3a95812804e

SHA1
8464e6d9c411a783fa3a113fdbbb46627294d4b5

SHA256
4f90c13c946c427f1517a14e07cc911ac34ea6efa28b929d344ba69afff1d0ea

SHA512
92825ebd340159f39796cde30c415d9f389518efe362498c8964f79f0d6acbdf72b3d84c5d8f8b02a834b42ac6342cd1dcb7a3d02cf94dbe9df380b6ea054520

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
996d1a6a8c087097529ecedc17546b27

SHA1
faf28723e24d28c1b06531b3cf2259dc6235173f

SHA256
3bd29cb021b142b4f38269cad40ec2f2b0012ac2965e6a504ef92d3d0fe543b6

SHA512
6dec640f44d03822272e8695be10fb498ce595d9aefb71e305482d1ead5177efd53d1c188469ef7706dfaf11dc43e7ebb6228d2c32936a6be031c2d95799aad4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
775467371da321a13330a553b0778d62

SHA1
1359ba83e7f6f8656edb7a10a2231bbde84b0191

SHA256
5439c88123f075670a99407c07d141735f7b8847b60b629dacab58a51bdcf894

SHA512
afd0c4eea0c090db0af446a7240c983878e443a2b7bbee4e866a9ad48d17c7178566fa1aa3a382be596b826e4d79f264a9d87b4d43ee98ac154f624cb4ecda28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
67aab989bb0cecf0b990f9ec6cf5033a

SHA1
f9be351e2c570066e794f5ec12c2223dd46bb372

SHA256
b2464e15868af09dd54445d8981592a0f3ae100801b1993b3e68b8d3a171044f

SHA512
452f9e334c14ef26b1d9ef2cb7210629f954981b40e93d9550dd1a4e429354bae9ce3ef43f9224fed01b4d944657bbb01f516e587150835812abf550893b5fe2

Download Submit