3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/09/2024, 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe
Size

89KB
MD5

bab4adc74b8ea467992d4d4180380274
SHA1

e652fc3a339748d629cc5738a4fb3b42ca4d4a0a
SHA256

3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5
SHA512

d073662f28234e523fe6c6c7a31a9492424b0c4041af3e561e7fae3e91498ee29186bc50207d7ba3c8b3f3d63d7f63ef5297871df77f18ee0ec0aeb6962f0c54
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf6xC+O+:Hq6+ouCpk2mpcWJ0r+QNTBf6d

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700521160094532"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{CC62B6F6-5888-4EB8-8522-8824E7813CA7}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
1200	msedge.exe
1200	msedge.exe
4856	chrome.exe
4856	chrome.exe
6772	chrome.exe
6772	chrome.exe
7048	msedge.exe
7048	msedge.exe
7048	msedge.exe
7048	msedge.exe
6772	chrome.exe
6772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeDebugPrivilege	4484	firefox.exe
Token: SeDebugPrivilege	4484	firefox.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4484	firefox.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4484	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4392	4608	3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe	85
PID 4608 wrote to memory of 4392	4608	3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe	85
PID 4392 wrote to memory of 4856	4392	cmd.exe	88
PID 4392 wrote to memory of 4856	4392	cmd.exe	88
PID 4392 wrote to memory of 1200	4392	cmd.exe	89
PID 4392 wrote to memory of 1200	4392	cmd.exe	89
PID 4392 wrote to memory of 5052	4392	cmd.exe	90
PID 4392 wrote to memory of 5052	4392	cmd.exe	90
PID 4856 wrote to memory of 2904	4856	chrome.exe	91
PID 4856 wrote to memory of 2904	4856	chrome.exe	91
PID 1200 wrote to memory of 2056	1200	msedge.exe	92
PID 1200 wrote to memory of 2056	1200	msedge.exe	92
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 5052 wrote to memory of 4484	5052	firefox.exe	93
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94
PID 4484 wrote to memory of 4084	4484	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe
"C:\Users\Admin\AppData\Local\Temp\3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\79E3.tmp\79E4.tmp\79E5.bat C:\Users\Admin\AppData\Local\Temp\3f784db78b4b47a89a821dbb47e2622641af6d7059634515d33b1c76d3a4cae5.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4856
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa1514cc40,0x7ffa1514cc4c,0x7ffa1514cc58
      4⤵
      PID:2904
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
      4⤵
      PID:3788
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2336 /prefetch:3
      4⤵
      PID:1600
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2348 /prefetch:8
      4⤵
      PID:3632
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:6124
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4380,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3616 /prefetch:1
      4⤵
      PID:6116
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4748,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
      4⤵
      PID:1312
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
      4⤵
      Modifies registry class
      PID:2140
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5132,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:6108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3444,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:8
      4⤵
      PID:1140
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5432,i,4744224538189080580,9749499692447142732,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5360 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:6772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa155746f8,0x7ffa15574708,0x7ffa15574718
      4⤵
      PID:2056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6860609483103930804,3335070583727981781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6860609483103930804,3335070583727981781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6860609483103930804,3335070583727981781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
      4⤵
      PID:2984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6860609483103930804,3335070583727981781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
      4⤵
      PID:1972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6860609483103930804,3335070583727981781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
      4⤵
      PID:1144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6860609483103930804,3335070583727981781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4392 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4484
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35411a4c-9e0b-4b18-81bd-4b93198ca428} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" gpu
        5⤵
        
        PID:4084
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2416 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7f98ec0-d272-457d-b248-927ef669d24e} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" socket
        5⤵
        
        PID:2368
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2848 -childID 1 -isForBrowser -prefsHandle 1728 -prefMapHandle 3116 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a37b0b-1738-47f4-acaa-364bf676dc71} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
        5⤵
        
        PID:3880
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3436 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17fcb363-84b9-4788-9589-f99e7fa47a73} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
        5⤵
        
        PID:5316
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4368 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4360 -prefMapHandle 4356 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28bce854-1859-4b0d-aed3-505aeaca2793} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" utility
        5⤵
        Checks processor information in registry
        
        PID:740
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5300 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {484a298f-98ff-4091-b579-7832574a5f2a} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
        5⤵
        
        PID:5576
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 4 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17e056a0-9354-4bab-9f1d-bf0b879398a7} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
        5⤵
        
        PID:5104
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdd225d1-5898-4954-b5a1-7e254a93173e} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
        5⤵
        
        PID:5496
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 6 -isForBrowser -prefsHandle 5104 -prefMapHandle 5008 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a815835d-4fcf-4c7f-b0f1-71ea6d0e3db0} 4484 "\\.\pipe\gecko-crash-server-pipe.4484" tab
        5⤵
        
        PID:6272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ff542e44307a38dfcb1ae37dd5d405d7

SHA1
cf6eb564e8b6934ef52d924f3265c639a2ef6f7c

SHA256
cacb9847cf3e12a5f370171e6f0e3395a866590ff4c9d7f0fcfa5aa27eb13ab3

SHA512
7ffdcb635d1d73819040a936cc1c39313335b461aa30043ace9c9f6fece2fd8f120f29dcf4c5a1e82fd76a5923a751872f66f539854e7a6f6e2af5fec35a2357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
9fabd382d50aff095834cd243ea1cf37

SHA1
cd443a48af2d6a268b6ccba38d0a00a855981c8a

SHA256
443a9f3bb5b171f6b50f96354e75df4539b8762212fed57809b3f6c2873f21f2

SHA512
61581a650c0211df7c103c04e602d1bf40acde7468d85811b5298bc94d2f61de4d11812d816304f8cdb08ce2e9addf5c9db221463141dba658ec3bfa62a83d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0b7ebc23b0262e554414cfac1bb569d7

SHA1
55047123042f36cf7d1c0517500cfd2991d933af

SHA256
e36950d17a2ef690aab5c1b83335aaace889da6bffa008ccbd6a94c668a251f9

SHA512
1da3d11fc772d9c01c40e1a4483efbbbdd5eb398ce22d7665b2775359857cb6d3224a8c13f0b64b9c38bb642f596373c6f490fc47052e7a20982fa70fb51f4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
af6f48aea0c01c1a6eb13efe548a1d01

SHA1
a8cc25df3625c6248fd6fcc32e124750ac8d722c

SHA256
7abd1bc5d20624aaa93b2e36ef86d47b4fe5811290f5e5b071a3dfb10e9f1d6b

SHA512
a291d42ef57bd01a89f2f6979f7d914260abdc42de30b925a7815f303000d1118bfa4cee4f223db687a4d2acd198860e228d13e0fe260b8b322990c839f9fdeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0de24ea6969461d9944ec29ec62cfe85

SHA1
c04f7520e7da62e1c3f004ad7dc8161d397012b9

SHA256
4bf44ba16418919901e4ed960890e37c4214545153d34e1ab56079462357b6da

SHA512
ef90cd7e56e1e94348c809509f765ac6dbb216080271a0b765982d4c2f41c0e7e9451f02a2954143e21d1b4c66d8ce4e08f795a1cab5e7104f8e368ffb0adad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
eb67c3d720e8d34cdf87231412956c64

SHA1
b8ea85e71920a07ea7a6cfa48e6830cbc251c3ee

SHA256
f8fdccacab147d913907a95a01956e4e04f92d86adb42e092a722fdff3c574a6

SHA512
f05eea71d5aa617056702763e7fc006ccbf9bf0b26bd454ff993743cb82f97c8c142dd72469070a6e93b2d61660aaa2e9a790deea2f22d01741989eb802ed09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c545508703f3517f02f96126d8063de

SHA1
797bb05da00ee395ce32e492b7c8f5ff73681e25

SHA256
813716ac9cc11f77edb2380f3429105fe350806b8bb5ecbaa84ac0e2cdc3b6d6

SHA512
fb26cd9e8693705f38db61923bd699751a30e1d4990076b2fe2a31b8e8cf0a97e2ce69f2e305469391c3854f380325fd267d2cb8cfa804488c34c07f1bd22fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44a67af97638be0261349c1ece653d2b

SHA1
d30462ab365b53ae59ebe3c9c07c438768bb1124

SHA256
80c6db5ad0d230caad6cc615148e1e2b7edfeeb891d63ff910e107bc45683ed2

SHA512
aef4a904f5348d2554cf8ff93646770d3fd2da6793be17ab4aa326b8d2f233656b43e4bf6a9905da4ec9be2b8eb0e7e870471f875b9a8483645a2ae509798d18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bad2c49a5372727caaef75207f7f0ffe

SHA1
766e34e8ab9a3dd337fb8a6ecbd77b4aba5f5393

SHA256
c4e2f8509e7cc7a6222adee025c6adba1773117c1bc730c88db4c812ec4eb74e

SHA512
e810c3913d7a5ecfc4627f2fb67891a5f20558e00cb0a10eccb6ca4d12aa31ecb0515df5c2402888199afb23086d3832dc11d54c0bc90283b08127f052b0c4ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7a31c61a2f7b68fdee3a70a3487cb6c

SHA1
b4b49702f48c651169a7057a634048602aca12c0

SHA256
a169b8967593b08a798ce67c62cb27833813e4f44cdc9e596f64803b962b6b53

SHA512
ef072abbe8b4b5fb26f82b28105bfa24a52c4e2c5afcf4d508a50b99e58132c24608697e9b250ef4cea745d3649e90cdbeb9586387f16b85a6d92eabcbfc363e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f59d85e6c01126a45ca911767d24026d

SHA1
3b5dd76dd58ee934cbc38cfd80dec26502062b34

SHA256
646684905428dc733fd0274f4c835ba9259e3531ce40404a4a97622039ba230b

SHA512
92390d6c62679daa276cfdc36344718cb9a322e749a86dba483c7f9ce1d6ce2c31fbbd1d1672ee5e5ebeeadfc6e2f78900ec5c7d016daaa714f248c9646ce332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d8eecd28f95d952977686371dee9c72b

SHA1
108ec0cda047676e23c7ae07f04813608bd4365a

SHA256
93d96d3e097fc07ff522563faacd06cc1bd3b2b9a3d4f27fd71192b8b25aa790

SHA512
f9f3016934727f5b0570b35e29dca2be4c0d4599a5ece2bef2fee10888e93bdf6c50918db84a5bf7c79b16f72df06f0186e10febbf51b14a4f67c9d3996e89b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef788bc47f235960db19fbfdcb9aeee5

SHA1
aa77528797d71355d271bff711fa4009a4460913

SHA256
d79d5fb8bf2a442071e8076b7a55dd14595136741caee58c000094722826e911

SHA512
a7492ecb395f4b00b602b287dff86ffb9642d92fff0f48080c69be4f8b162a86114eb19241dd0c9058ebf3b60523801e79958b70e21024546f8242f324e64bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc2f7cce6d958c2180314fb48b54dfc7

SHA1
1ecf4390aa5cb0a241aa832b460b0d381cdb210d

SHA256
4afe196039de72c15d5b54798138da77f54cf13dc8ab98567818499e3d77b029

SHA512
53ee938b906fb89b41a8204c3ae2f3ff88af3d856e448ff08a4c9f418a0d3975066ea8d4445f58b7ee7848bd1f468d43125b0a586a6ea30138502e716d23e439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3beb264cc1263b405712c97b94fa75d7

SHA1
b621226c96ddf754109ecb1a9d684d0b31b38d9d

SHA256
ac5f4f1dab5bbd7b3b1a09dffc9fcfdc87875e9ba286acdbdabcd8ded32fec6d

SHA512
924140a5bd9daac5e618b26a6bf124c3458b3de09d71c8aba5582b895d45c79c9c6a1d7ca1dacbcda82fee89b2b72e74d502ca66b1fad8da22d993ebc0e47d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6f3c8f64854cd8e62e31e4bfd0379b7

SHA1
be713824286a41bff81bbac1aa55b8dc47a05428

SHA256
ac7ab3f3cf07ed0227a379abec1efa5ff160c3486efaeb6a011b59564cc988ca

SHA512
59a97831f8e84ff2ebb49203c9251b983dbd92c6832132a469a277549c27d225259b50b7f12ba6550a7bbbb149be9597982edefb105867f611bd5f216d771e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
694450d2bc7b43a964bc0d3f32e25a41

SHA1
2181777e7220e66514b4e2b242fd7756b48198ee

SHA256
9582fc2704f73c9809e9b3d5ed2b5c0ef43742b7e6b60059ce61d0e3a84ab631

SHA512
5c0e5018a7d1c414ece56b70ffa6cd5a33a3b5637225ddefd2baff56a11a95139db439de99dce4b31a0a00bc19538ce36e489d163c7bca62f1d4965d407f6d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
f26b2205dc16e5f77dab37834043a928

SHA1
aebc0e0d95768124a531acc364ef1b001dd08c3f

SHA256
4772384717a069c9cd829f5ad72a02e736f019e4a39985edebd70a5d3361c9f1

SHA512
86a23278cfe82925a4920b8b055e51a7038c71616a264abfb81b65d355fac077b4c4bb0d46a42d7d0d19feed3445ef93d86e985b113a890a7f8dc45bb0bde2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
d6f9c88d580bb0bb519c842d1fb6a964

SHA1
688fd1f773917b96673e526274311b8809e5bf59

SHA256
644d0a9e8135986192e60b8708779fda3c2b9853a7510dbf6bf35a1a0f0ca247

SHA512
6dab0c40ee33f4ef80baf2c0858419d1509f5d73f7e3257bc0d4d890dac7d857a7ea88355b9b9f66714ef12d0c99534f234cc27057ac3e24cf26654f34ce3b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e8bf86fec2d3d91b386b13c88a972d46

SHA1
2cadcb67df72dcff24c8236d4fe9adacad2df064

SHA256
82fb574224e81a61287cc6c87be9b718d8c4549c1525b16909a1d1cd207f543b

SHA512
4bf4e94106c825558db517f205d26032512612d0c90394960209da31996dc519653e66a7b4e0bb6f07434d0c33de2254a9e2f3a16c02e38e005d2d89c1d6db34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b618c7c8af6ef15935802d7c57400cc1

SHA1
4e72670389d737f70cb7c6f4966021c8f42c8cce

SHA256
d0af5801cda4b8b2784045dab181ed25f47c5cdb2ee12b9ad00cf8a6f7bd7741

SHA512
7f8ce635f039f6df4e97b0188742aabcd4108d477fa42718492755bc0865692193cb1eb71eefec1f6934d9025b356123b34943c4dbae5cbec3c9090ae44b7a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
93125c2c9c6c8da0abf40d41028bf9ca

SHA1
636c58883d770b0f379de8dea6ba197c3157d202

SHA256
67e43230159e5741d282a738ff48d0ef9d5c3bee71012c03f707845786808bc2

SHA512
516c253c7823163e31b5a03734a28d78852faafbdae95c1ba67317054d46d42125d49b0a08653c047cfe92a5527546e38439504399bb74a8ae84b7cc21be3d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
791565ef3d1297f41b138a0aeb2571c3

SHA1
e9757fa740f5cf1100b4b5f6687825750006d267

SHA256
db8bb8fda8bd4b198c3a9263ff20ddcfa3f235850c30936320d311f615570586

SHA512
9fa62b9d1857f66a30ac9991973b46d4aeccfd4d4663b7fd9ecf82bae6e4f2ed1359f4428d78211e834c2bf6aadd8759ca263373e6f3432bb0a6876dada3783c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
84714a7218093b09159921bccc6377d4

SHA1
853019e0c9169b207b00b63232935bdc8a407207

SHA256
12480544cefbe5442926dae8ebe18551ce13d65520f668d7852cb3fbe6797466

SHA512
f13e731ef936a7c9717112c73c28bc45afe246fc2e064ea2cfc618899f0558b785dba1a16b41bee93335cccd68582c2ba6357f5005b3859578b9d74a42d5eadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8da73d731162540a04fd3e9ea4b0547e

SHA1
40bf3e6bde91ab699c2de5e2ba19f2bae430c393

SHA256
f5afb5ad6edd8d8a5622318e48ab88c6e3e0aaa21829ff738995d7237ace88c3

SHA512
47e9a01a3a5e8629359dcc114b0447585b0aa27f1b1551b83b3789bef1766cd5b5eaf454dd613dfe5b20dd371247384ee01c0101fb9d509ad9a405d51574d284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58af46.TMP

Filesize
203B

MD5
64044c860d517383c78dd58213564ace

SHA1
c30e48a3a641f66777f22ed9e8b8a2d20fb64b5a

SHA256
5f0217e66a6c4db2633ecb23afbcfc781c74b84044b707cb0be30e7b8272728c

SHA512
f79c11cebfcfa5ef7204d76c3c7ffa4d9a49216433c44f76f6e67c4480a0f0e53873bd4d2909570eb9d622e80eeeda707fb233884b442c7a29a7d6ba378b6cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6910454953e67da7016b635c83a8c2d7

SHA1
6e6114d70abc01ae88596e59acf42acc879ec930

SHA256
76005b8b3c9a23822597e938e77a74d49bab13bac19778060c0a0fb8406948cd

SHA512
dafde97bec39cef8d2180c91e9bb46ad8d3750bbbfcdff4ca0b055384a3659b09dcf0985d5c36a4dea51deba35ba2e18ce772272f82c2d7c2efcacd1824523a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
f25a42c2fe3d646d5382a7473ef9591e

SHA1
db9e8b5d1f777fd7bffeb9837512047815bcc446

SHA256
f07a292c4a0fc708b33c1c3de83703d701568eae5d65612092bcf6638660f77a

SHA512
f4780f1bca832236fe71237583ee7c0f0065dddac89dfad9b3fc4f5e8722b0cb983df1c8c2ad43016c4631701586751295cacff735226c954a61b6909296795e

Download Submit
C:\Users\Admin\AppData\Local\Temp\79E3.tmp\79E4.tmp\79E5.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
6KB

MD5
119ff56b6861567c27550e869269f8c3

SHA1
c2c6715a5d4ec9025841969d101e8fcec5217694

SHA256
171014816cb8ecdd3e560e6d06b6ac9bb56579826319040b134697c68bafcb13

SHA512
ecb58e52fe35af232bbdc4d52ff7da82783d52fa664fc5a52073ff5a95330405627ca2a6a8e986d976e12553f57d17bfceae5206d1e43fe8598bf3256e895945

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
7KB

MD5
393df00ca92d08b2e1f05621237a04dc

SHA1
3a790873cc6304a165fbac591dfce5062f8c775b

SHA256
31dbfcc6371dc5b709037337e94406fa1d6b4690ba3a3105bbab2c62470f1d98

SHA512
e696e99b6bb8f4851f9a90bdd055046e0418a68bb1d3144cfbffeb439eca879bb0b649d7bcea2d877655a1c2d1d2375fd0dd630dc690fa51200a93d76a8293e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
da782f2443f9c3304293b2e62de3292f

SHA1
2ad015c51154fe54fa35b733f79d987286a6415b

SHA256
812137ea35eaa8dfe3060783d99bd9d122ca287541a0fbe4a508b3e2d0999383

SHA512
a1a21cac5a33c3d1eff53165f5dc46be8a701df5f82b8fc11b4bdbc0d24b36b6c7719aa7bfbf4adf5269b4bd0388c0c27aebfdb3377c1f819e0250ec8f5d2ab5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
16KB

MD5
9b3f8095f2b4d0456547889ce2e3a7b0

SHA1
43ccdc6ba7b65ab7b3a01aa1fea04b0cc57a658f

SHA256
310b21b586eb99577f9229ec535ba443f2f42234aa7c155bc10dfc1a15eef8ba

SHA512
cac0f6f09bcb390dd45e2e87a8046625b194465291470d79ee68eef85646f1f1bb32fd8993c0de34aabd64aaa0c3058577ee17ed785505644649a81aeb580090

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
252a825c20291b7587fae12dff75a74c

SHA1
e9b009b56320cbc903c13c19858570aedc4d73ca

SHA256
35335fa67bb151ea9b43dc2927a8670c0d4a6868d7f5868ee733f8fcbc8023bf

SHA512
904486e5c194652e98b8d1952b94af4e43af374c224082adc5bc916b3cb600718cb4ab17bdf1f6ed3ebc99970cfecb633177efd8af7ba2083ba254528ac6cb03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
7cc7e74fe913f5304d645dc64bb32a01

SHA1
6543a209033e9ee8e40db6ae8c4a34d61981a3ee

SHA256
ce270089286af3786ee3dbfb6619a3d921257bde6b915087b40eb304fe12d7be

SHA512
f2782ce99cc98924ee32197c7ff3d4427a57d5a9830f5992364099d0cf389941fd04d3826e2e65acd754e3347343b59c1ce5c7076c105f7c5f10353c4b0acddd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0b75318ce129d03f6a40bab1f3144761

SHA1
cc269e3c65550c28deb9792fb6f15ea1ca802177

SHA256
d92bcc1c75d02173cf72624b8c22449231d292f56aff5b66540c5651784c1828

SHA512
bedf8a6cdc547a03be834dcaf06044d21d7367900d6f474bdbf49ae4eb40346d4a0b6850685710b3fbf10949d1841733ea48f0d51445057ffeca13c9b6a0817f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
8d5866fc64d086ca96cb20e875cd300f

SHA1
1f1ff94ccda6843f4f78400ffccc370d96c86884

SHA256
30610e1fbbae913c81ccbef0791e93b207cdf71906425cee881caa1ce0249860

SHA512
b2084ea93c510f577236a690037fc18dd25bf2f878ab29c1273d8089922337bab71488190cf68a5ef017a51a0223cb02539a71d14b588093210ef3e7dd2ea37d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\d262aaf2-c427-4231-b8d7-5f5f7bb8ef5c

Filesize
671B

MD5
f8966dad042fcdb88f6aa493cfc91ca9

SHA1
69954d2c13e134ae7df53863cdba627efc7d17f9

SHA256
0982bc34d7b31439a670f16dfdfb807a6e10b72ef93c60242e210364ccad4bba

SHA512
fe6e546d95da426e7ebe15991b51a2c435fa19ee25f66b0d7de314e4765a8802fa8e596264e639ef3f1c058c5ad928b4b68dfc80c5cf13cec89f303c435bd399

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\e057a869-05b7-4a1d-8f20-b18af7711aa9

Filesize
982B

MD5
4e64432b68d049fa65ca57fb9cf49a9b

SHA1
82b1f03e0b86c28b0a2da588fbe38fd2fad16101

SHA256
2b6ad0ab23ad069a02ce429f057893c021806f6cf07c311cee9936aa0322221d

SHA512
ef4dbe45c5ec619e88441d152c6a36e331acd207cb13301021d096bcde3d9c25706a42796ca50828f6a3b0c2d87edcf95feb916bd1f9420a4410c6cbd240058f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\e53cb854-0a6b-4795-97f9-ebe30a9d6056

Filesize
26KB

MD5
b0112bdd773574f591da55853f1d1741

SHA1
30fb2837c7374bd129d6d5f8ab6077ca0a88c7e3

SHA256
c0eca4d3fce54ccc5829d72b208200887aff650f0b380820ed4402583e7963db

SHA512
b892a6f65a6c24f29a7e41aea6cb5cf6b76bfe81a22e6a76fb68117cdbb15319a272b2c862800ecc1036f4059e5d34389817e57f35b1a608ca6baff2aa89d5f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
12KB

MD5
4a2539dacab135073c6ee598edfed283

SHA1
bae8b2989a0f49732cd9f54a2c96a538fe5c693a

SHA256
a13a0d1ecd2f58fcb3449fc8260afb65b40faaf70fae2ac7c73e239f2680e5fa

SHA512
f5ffae660130e9b00c12de85cdc1b2d7348733da679fc12ef8a2012b5d599c11e91e9d52d0ddbdb86f793d47c3425e2614a1c35f17a5ebebf191f7e5af6276d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
16KB

MD5
0ee1c88575dc707bd8397fd483ad7c3e

SHA1
c6bf69eb0657742de1996471db8dc9e6bf7f55af

SHA256
aee8bf69e518ca8a65f0c6888db33ec9fdf16fb9b8bfdcae338c4c8fa4682981

SHA512
9e7bce52164f33a46c09d69165eac3a5fcf522ee2c8d708240ccb1234a4b9c708ef8afdd9b752693283876b2fc4f8609ca2d80685e61009df20361b6d251bc4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
d8dc1f5069717f645b4ce4dad8a9404e

SHA1
5d6810fd65111fcd4cad23a3a7325e32f200a86d

SHA256
addb8ad24535ebde9a4ad494bc1bcdf7cf17e9f1604d01ebeb01cf24f2a5d2c9

SHA512
a9f87bfe03b819399f962284b94edd417a0272e56690e39a46fc9662e1f57e2b6a4bd42ef876f338b7a3264781f18266efbab27d24520f2fff98fffd85f7a607

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
a2eae467ed9759db84eee4f45f887753

SHA1
50971ee1fc19979ebee1af6bb360355f33255f39

SHA256
dc1a297a2c56fd0a28a52abff555f99c13dd104e53fcc452b401b62e358c0df5

SHA512
d1789c4f03a87640e8222bcaa6dcfab61bcb34a7a4ee70f510110d735460a0a2c0faf63db1f06ea2631d657a6447a0c0275d3a58e4814897cf7fbe6b291b7a88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
3f352327256741f9abd4e554e112e40b

SHA1
a8b7597fc81f3720dbbb803f615f88d0e87aa8e0

SHA256
9a8ca33da9603b7b4fa3e4a9b2251b3a5df3eb707ce77e8cebe8d4b57cf0e532

SHA512
dff108bb5893f56a4d81459c55f28fd069cede667d8bb00ce1b4d178fd0041169c0d1eed1852026bcdd4db9dbbb3e17c823c3e4e5b4fb47ea2e3443134912911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.0MB

MD5
42be21c3cffc3475880dea582692d024

SHA1
cec723b3f6bbeac5fdc639f0072972526d9f41f0

SHA256
a3fc7f89c86cc15dc43d03a644276c5855f15b704b5d631eda73550d3c492317

SHA512
6d46d0d361d0550463dea1334a6232006263e6630e9e565cdd6bd5cb3874bd9fc0feef5bc79e350d02ba042819464ef43d5a9be6e73bb7595517a9bbaa2b7e6c

Download Submit