hxxps://ascnasdfkjl[.]itch[.]io/project-monke

Analysis

max time kernel
389s
max time network
372s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ascnasdfkjl.itch.io/project-monke

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700128854694141"	chrome.exe

Modifies registry class 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\apk_auto_file\shell\Read\command	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\.apk	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\apk_auto_file\shell\Read	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c0031000000000025597563110050524f4752417e310000740009000400efbec5525961255975632e0000003f0000000000010000000000000000004a0000000000bd2d4d00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\apk_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\apk_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS(1).apk:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1368	msedge.exe
1368	msedge.exe
928	msedge.exe
928	msedge.exe
4592	identity_helper.exe
4592	identity_helper.exe
2848	msedge.exe
2848	msedge.exe
2712	chrome.exe
2712	chrome.exe
2408	msedge.exe
2408	msedge.exe
4004	msedge.exe
4004	msedge.exe
4736	msedge.exe
4736	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
6052	msedge.exe
6052	msedge.exe
5252	chrome.exe
5252	chrome.exe
5252	chrome.exe
5252	chrome.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4424	OpenWith.exe
6076	OpenWith.exe
3176	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3740	firefox.exe
Token: SeDebugPrivilege	3740	firefox.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
3740	firefox.exe
3740	firefox.exe
3740	firefox.exe
3740	firefox.exe
3740	firefox.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
928	msedge.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3740	firefox.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
4424	OpenWith.exe
5648	AcroRd32.exe
5648	AcroRd32.exe
5648	AcroRd32.exe
5648	AcroRd32.exe
3288	AcroRd32.exe
3288	AcroRd32.exe
3288	AcroRd32.exe
3288	AcroRd32.exe
3288	AcroRd32.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
6076	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe
3176	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2452	928	msedge.exe	81
PID 928 wrote to memory of 2452	928	msedge.exe	81
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 4040	928	msedge.exe	82
PID 928 wrote to memory of 1368	928	msedge.exe	83
PID 928 wrote to memory of 1368	928	msedge.exe	83
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84
PID 928 wrote to memory of 900	928	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ascnasdfkjl.itch.io/project-monke
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffba33cb8,0x7ffffba33cc8,0x7ffffba33cd8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,15221811438805496123,14320537757873637389,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:3988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3340

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3696
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1892 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3eb154-f2b6-4506-be16-9efcdab85c14} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" gpu
    3⤵
    PID:3484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23636 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6de43234-3fd6-4db9-9361-d49df029bb7c} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" socket
    3⤵
    - Checks processor information in registry
    PID:3852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3140 -childID 1 -isForBrowser -prefsHandle 3376 -prefMapHandle 3164 -prefsLen 23777 -prefMapSize 244628 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {844cee2a-3a2f-45b7-9eaa-236065c7531f} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1660 -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3588 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f39c269e-bc9c-42e5-baf9-8caae7d0fb88} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
    3⤵
    PID:796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4716 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4624 -prefMapHandle 4708 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36070d05-6326-449f-9b4d-fe9282b9dc5f} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" utility
    3⤵
    - Checks processor information in registry
    PID:3288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5324 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1426acb8-9da8-47d6-a16e-f049d4bc9ecc} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {912292b1-acd8-4625-8925-57c85ce9e7a6} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
    3⤵
    PID:1028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02d5b9c2-d6dc-40d9-970d-46120621b2ff} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3512 -childID 6 -isForBrowser -prefsHandle 3388 -prefMapHandle 2980 -prefsLen 27211 -prefMapSize 244628 -jsInitHandle 1296 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6352f8f6-cf06-4779-b3f8-1348b3548e7a} 3740 "\\.\pipe\gecko-crash-server-pipe.3740" tab
    3⤵
    PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80cd2cc40,0x7ff80cd2cc4c,0x7ff80cd2cc58
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1744,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3588,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4344,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4328 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5060,i,14430143127017521288,4773951393428626271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5252

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffba33cb8,0x7ffffba33cc8,0x7ffffba33cd8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4556167580859425425,13369620368997900028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4424
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:244
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1262DD34EF04C230864654822567B8C0 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5968
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=76C28C1D6BD57B8FCC102A46A73F8273 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=76C28C1D6BD57B8FCC102A46A73F8273 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:5980
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A01D0AA7988770DF6A7F0CAA26962ACD --mojo-platform-channel-handle=2360 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:6072
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6815DD550D7AE7A472805C05BF2EBC32 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2424
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=14C4C0026514A6BED6A582569ED0E34F --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6128

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3288
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5148
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=48047C9E49625406B018780353E886E2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9BA0068EFAB62DB33C77A68D1BBD9562 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9BA0068EFAB62DB33C77A68D1BBD9562 --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=67AF843DCFE3F284CFDDFF1F44C93613 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5284
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=29D44355A5CAD46760700DB77BE3B67D --mojo-platform-channel-handle=1832 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1520
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=99AF6CA0EA2488ED8A63186F273B2D57 --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3176

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk"
1⤵
PID:3760
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1812 -prefsLen 23678 -prefMapSize 244705 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d549cb78-4de6-4b48-b48b-60326c7a0676} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" gpu
    3⤵
    PID:2080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 24598 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecf657d7-da10-4b68-bcf2-a3ba25a88171} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" socket
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2984 -prefsLen 24739 -prefMapSize 244705 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {857c5865-5deb-4f93-951b-74d1b2f21e8b} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:5736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3412 -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3236 -prefsLen 29088 -prefMapSize 244705 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7820622-5973-4617-ad73-c708c190ad17} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4696 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 29142 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a773f428-a140-4c9e-8f10-bdba42b12c99} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" utility
    3⤵
    - Checks processor information in registry
    PID:6192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 3 -isForBrowser -prefsHandle 3656 -prefMapHandle 3676 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {819015d2-9e34-4913-9dec-e9197cd17008} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:6880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24a446e4-fa1a-429b-9c98-24bcc28cac50} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:6892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5716 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5728 -prefsLen 26998 -prefMapSize 244705 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {180cd56c-df5a-4a1c-b480-5b6b88f2ba3c} 4580 "\\.\pipe\gecko-crash-server-pipe.4580" tab
    3⤵
    PID:6904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk"
1⤵
PID:6076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS.apk"
  2⤵
  - Checks processor information in registry
  PID:1624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS(1).apk"
1⤵
PID:5744
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\BACK TO SCHOOL PROJECT MONKE WITH MODS(1).apk"
  2⤵
  - Checks processor information in registry
  PID:5944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
421f0174f5d6783769b4481f2fb54619

SHA1
9a3748f37d983b77152b98e46b2c69728edde915

SHA256
06a5f45119ff33c32443766dc1f5883524ca52fab9ce1e647de47cb5fcdcf2a5

SHA512
0b8e4f81f5d1367ae5cdc689e942a22596897e320f1f88ce416e43ab3b283092f662f28604183dd83378e5dc7e1473f39e139977f4dc34bb0134ba09e91a5890

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2ba985fb-2373-4607-ad89-6b3c6f6060be.tmp

Filesize
9KB

MD5
96d455927d895bd106f032482b2cec84

SHA1
f0e9558a63915edb28eaf332daa444c198f3ce6d

SHA256
183932a91f29487d0f5e9f84d09bd41bb7fe03ff9250ca9c6c917deaf357b8f4

SHA512
3375e6923fc5705bb072c5f38f15493a3911fa825abbb7b2ade9cf2c58969c5fb7fc906854ba31dcbaec8515c1ffda74007c086896feb37fcc8c870ef5701631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0460216bace4e7488ac04db04857e1c5

SHA1
3fc4803fa039a7f5f65c934966034432fc7a1593

SHA256
642b69821371e6df2a10515a29c174151c2ea099a267e62d06af10dc50e9508b

SHA512
c39cdb622224a0a8dc2f5f2094e46896d74b0a815be676aa7af45d8ffb9fe6efda683cc74473942b739d3245eb9786547109cb0a4ed6c8b343e90dcb2f771bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a1db22ca7efa40cd0b458e54de835baf

SHA1
c69c8a2d9ad7d7a704108f268ccc0af8affdb3e3

SHA256
2c92ba69e08be61b4103a3336bfdcc9350c39ac9a318e0bd4412193b29dc7c99

SHA512
d1117d0975f5316e068470869974c3682f92c8c43f425d830e1e25d9aa4276712a6df8dd970ffb4a8774ac417e609c948424d1b6fafd55e608d95a50cf9996cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c04278c9f18b5b7e1e671f615a61dba4

SHA1
8513bc88e76119276066faaf195a08e3e23ba3b9

SHA256
97ed2f309024b8fabc16e066cbd4a94749938dc092b5e7c5bff2d382e94cf479

SHA512
d105eb25cfed098f4306fdbc81ceb6102296a471edc8156bcf991a542ff1f63aee9d12bb60d8f6c2c463a91f33d4e957357f4b82af209ab1075ec0ab9b85e7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
277ce8d6d10d4a64bb3529285454df88

SHA1
5d31fc73424fd5a3befa59af30985d04ba5086f5

SHA256
0d00fd495ac00043a016c91488c6c03e51daa47bde28f8abeebf3f498954bf4e

SHA512
820d1d919444e44598cf1469b53465fd202cfec87ce7934fb35009a716491e2f26d4017cb6e5b7c574059adee851848bfd58913e854ace4998b6d450797bcb98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1496559ef2fa25dfe55f162878873234

SHA1
c3121b6d5eca7e7855fde4627b642773bd375dd7

SHA256
0e6ac3e0de5167c6d28e398a0ad1280e1221142b5a8a108c33e9791c20ef3a42

SHA512
a3cb6b401d356d8b0f2394bf910073b60e8a5bcae8ed7d7525170cc8d0cfce7e357b5d465b41031658b554cb0d782a11d6b5c64eb0336a94adfa8d05118044f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0e409ee96296c5f6f2e70cf033533e6

SHA1
569ce328dc5be2194b848fb69eb446dfe525bcfc

SHA256
1f0d67e184cf600ed5dd968d12e30604a7bac0c74459098b28474f498d4aeecf

SHA512
6284786a42ba40e17acd4f4a45419bfdb134b20bff8391aaa079f95f8ab8e6e131b6c0e0bdfcb98bf8be37dfcf94db0f85b0246189515724619c7512a636c036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
728f2f902216d393328885f0caa484bb

SHA1
e0c59f4c8c23f9d3ef8d7d13bb653272284c7272

SHA256
914173359bbba9f8c8407a0cdb10518a2c9860ba42791b1d937e0c1f05e94c41

SHA512
38ab0c26cc0eb44ad89851111948134629c8219c7e18abd66e3b021f1d2c70fecbd46923cf3aa642974c03895a94a69fbbde1788d4ed497a470f314f436eb762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25e00abb8c94c15f4ae1e4a45fce55f2

SHA1
d5d7fbeaec377855a50d081083616f071b6312b7

SHA256
1b53284849caf8dfaba66e6fcfd55e43e407dbe1f883a4a4cdcaeaeea319a7c6

SHA512
3acb51b2e1138a3c73fba214772753a560bf7368d4ecc3ffe2af7a0ab882493ea87ae374e7d0280c160a33d08a42e7cb88c1f0634f14c3ae9cad22ab28e186b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7965d9834a453d56600d5cb973d35d3c

SHA1
263a7f91c34364b4e32792a1cd5338cd9fa65493

SHA256
ff31993921488d87ef447093d56df1417c27312d2d4cb8d0e7577e4c053d253c

SHA512
ffe2be7ff6ac701696d86cc3058a1b874ef83fd649c1f545f2d7ee352527ce2a5d48725c2a8741e4448a6505217f31776fbee5ead9a40f65863b7bcc9e60629f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
484a45bbfcbac35cf6f79ee9452917c6

SHA1
36dfeb2a233e996c79ddc9a573565de1e9e97ca3

SHA256
d2d34647e32bc1fcb2ee008b516342d3bfe3fb3bb1f70b9a198d07bcc5443928

SHA512
84db7d810461cdc9c1df90dc668048e2ec65d29bbdb5fe60cd00036ef2d699e2c84b07946a6e17bf5b0c441f1821eaf7217090d914e1b93e0fc8aeb6833535eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc6e020a36e50db04f4160331d2651e5

SHA1
cb6c23960bc149cd1a1ca308f4c920324ee3c765

SHA256
e4a605d3deda246712fde04a1aa3483b737c0939d3be340e274fbaa70626326a

SHA512
954f2d4ba02607b70602e367036463707f12d0c93e37fd04106d6eb8de22a78a7e51b1575135ca88d6460bac8507e6b46208910e05da1937deeb86ee387acfaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e47ad9ae3c0e53755ec7bf73f0729bd3

SHA1
83146c6a00d44cfb7ede5f8939d97657452eba20

SHA256
9d3b792b82218051f4fed6ad1806d5d05158563fcaf8196734f349eb998e0c94

SHA512
91f34881fd56a7a524e5002e198f29a2b8299105fdf97a6201d9c27ada9d2942f980cbd9fe71cf1deec4732d7f7eb311445a15e8341caafdacf506d24ce0ffda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d95595402a8889a791f3e013d8e413ba

SHA1
c7824f0886922d11eb87166a096c243d0f861da3

SHA256
4b01e10c576ec4e14dd80d793acfe664fb27fdc2c323828f65e3a48405d69457

SHA512
a95b9ebfd92a8a89aa1aa10afdbc20364c2dc772a247aac9ebcae395e4fc5bcbd81202e705eca6d40937871d88082a23896d7bf339718e914107adb8a10e2a0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df01e63896bc67d5c01290449a49c093

SHA1
52012fdea532341fc1ed1bec533b42693a1ec261

SHA256
b45657566a0c8d9f7a6bbe942f1b13daee8752e6d136fa3b78933b94073a8202

SHA512
102349c5093400fd85b8ebb0419856c6b43e638b0fdbb5a8e4d9d9b3f4948a0398c6a70b3514a594a388d3e5107236369b21b49f56ec7f4c03a00a76ceb56414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f57310df464bedd17b20fec77fd28dbf

SHA1
e31985c10ee9e932c3f912e31e117b8814d415e9

SHA256
8bd055254c2c25464333d0b3d04b7e9e78cfbeef2477fbab2e09f9b5c8803373

SHA512
97b4f4fa4f65c1f05be1a4f03866fab9a23e15a5e8caee76febd98634fb2fee5e6ccbfb6df1a399f68841c6a9ebd53fcecfe87b123d2d8ad63854bcc9210f14c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08b8307c27c757d596ab891c2edbecf1

SHA1
706b6df12be5ec5a7b4e4036a996a977fb4c27a3

SHA256
687c75672e3a0f1113703bf418075a097f7ba5ee206f33b714b07dffbeaede7f

SHA512
012f78f221d024986dfd3675b8cc498a2279356b282cff63cbac5d58a00cea9ada4f9b94fe11127b4ae7807aff231e80ca979c8352896a412ed71f6a183ef3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bd61a94803e6101f3b7ec81700d9dd1

SHA1
5858ad9505dc9ba1c05c802c34f21d04b0577bb2

SHA256
00a1db3cfd0422dd883f97a02c9f78fa1779d86cc319a6e35a3e2c49de361886

SHA512
e774b034e66ebed3bf590faa1e42f1411f1fdad335b08425ad0382ce4832cbc461625f463f21d867e58b725e3b9559c8f113fb42438cabaa4978609ee6ed8d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f66d217e26d3083cb62df1620d1c812e

SHA1
bfd6aa5cba0dbe46949a3f145cb592498dbddda3

SHA256
da52fd0f623d34c4df4c8aad09e308c215d996a0b153d2a54fb5265a37832d0b

SHA512
157f510cdc6a3c29d70500767f7b0513588373789971d1d61b6e05e9647094523bb18587d764a6fbb9652ef2ca4a94f5d3236a85d40b7e8dfc0273d2a78666b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5676249d9fde8a20cf0ff415441bb76e

SHA1
3e7b8343bee9a70009c6c25432beb0921d23c081

SHA256
4a6a0bf468148b0b633743da16d272dab26082bba216d611f791df25a58b3138

SHA512
3897d0e5187a2b7be591bb485a2c5ca4e79a882863d6690375a3cd8d6045b0c7a16c57010452a2ebfb938b1b04b79e94ed85248db54ecfa4b2c22fb30519bff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4e61225b33c08656f46f995573944fc2

SHA1
f0ba9f84e57c822d131e4e1e120ac98c8ad53f49

SHA256
d0b84dc07898eaecdd29f5bdaf95d38ac0393e48971b194eb97ed011e2e0b20b

SHA512
51187b3a9ea89a044cb1d6bd55b01cb1de3dab041e5bff801305032b087c43729bdee83a9154083ebf5457a47332e3f0fe64ed5ebc1f1edddb3c3bdc1f66d5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83c42834b02f60c7c62bd438ee6c99eb

SHA1
3081e496b5958813b77fd196f4c6ce3442f953ed

SHA256
103885ba96db49fdf168d6fdedc9558bc8722f4fa75c3e8df3578e1493f74d68

SHA512
9aea00a728b57c75035184167bafc9e96cdabbcbf882feae574fc5b37142708de98d0533818d7114c2a461aafcb2b9037250509b71d9a6c6506dca387265f121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1115d31f8b5a9c6cdbc3f7fa039db4b2

SHA1
180f45d04d40e8ce32ae06da29a67854bb1a5cb4

SHA256
fa3e89135f03a4f67eb0059ef971004cb193bb509994c5bd77e899c1063f9089

SHA512
66636b825b22cb2bce73c00e57d20407b0c37dcf2d7b565618b0758626ca51813078fa3696d85c5de321bd76900c279a74d8c067c86dc205cf162000b6e9fef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe3e8851-06cc-46a0-915e-258d7f34cddc.tmp

Filesize
15KB

MD5
7ac58f850d8f5d38448b3801e34f16f0

SHA1
9ca9a8671d3a365d7f9fe102c6bff159cd8194fc

SHA256
9e4068703865dedb9e763a4569e4fab73627494d9e84a848e039a82800564abf

SHA512
b3ebd80808a2a11558bcd862172d4f18409bb2ba5a86996b4609d4d6dcd09f3e90668e8a7da38540c11dcd81b91422552730e7bfe22718991d5a55578892bc9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
8d61a1c3e1ff1af69368f2dc2a165912

SHA1
6f761e3e35104dd04caa1e160f4917c1efc71546

SHA256
fa79ddcf524b93c30a599de04b772860eaedd0cf28f54887a781fda8d3a64bb8

SHA512
0b13e399a5810ba63d27fa5f24415cfe4001a9bee27e217cc3bc10f79a860ed8fa4fc934824433685a910f78aadb2d3a1229ffe71c239708c8dc27a9cef232c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
a7da0f130980d84dec7e92bb56de9409

SHA1
3207bb969170717d70a44ab136de25c9b4f1588a

SHA256
2c81143eaa9a0014a58d0312f0b6ec9494b371626dd66c9f98b539d906583297

SHA512
928ba87b48eb1e3e01ae5e679051ef30d008dbd61daa4e36c66ba627c82074aa88226160daaeab2d601d74751b1378cb2b9ac7b0070a1a4f40bf5caa746da806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c31d9a2595e2d90cde2a4830e81fea22

SHA1
7ee896da24ad91a19512c0df79d4df4ef65d655c

SHA256
fe60cf1f6c9df0fac68bc2f46193223309e44078b387233a93da68b4d7d83e6c

SHA512
ed303d5eb2b912d2b34b46abc376409b923290aea8f7fb2daac31b99b11390b749d70b6161c2dd718b377dcf332beb95b1ed13016cbe1d33a2f03948fba9fa0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1bf779e1618fd774f17edb5f3917ac72

SHA1
92d9a86e393576702c3c837fee3afed1aed8f323

SHA256
4204210d80295c752a07e41b8567cd8d52fec2acf5ca470867d497ee294ff801

SHA512
b5e89b56c38875297f4ca5064240dfbcc46124b74854fe0f00e151c70c9760476a2fc0bb6a1ed740db3ed3d4abc67244a13923fa52f73b0f9bd0961fc753a738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2f19ef6e-a2ee-45ff-b405-9a8f4ac554b5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c07186a79b80131fcb19305029841272

SHA1
deb1aec6a13273e930dd48c538259ee5fdf45e0e

SHA256
c3e69d8545a6f64b030ddcaded44fc1ef4481430fa87e29d57c5b70418064d69

SHA512
b7ece579c8269bcfff912d9cdd0622ea584b8f9e30cc4252cf8d9d10ec730acca1299e095c15cad67aa4da0c218944760ac5c10a81cdf7e1bb3ecac72abd7dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c6c3ac9a672aec224889f39efed21038

SHA1
07531098914ee543bfe9e463a18cef3072b7e914

SHA256
b3de335ce40c7468f5bcd2c1c5cd2cdd73cc5708b16cce2e8317a4a39f42a6c9

SHA512
52f929e9b117f82cf5cb6c45040276d2570839a3567a65c566f57d152bfe6d4017195bd7f24c1daca4542b6250da5841ece71b9a82c583ee38c289b2f3ddf644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9d548a671c76da9f8fd711b0ae16b90b

SHA1
50a009e58ee17f1a092f618199a9fff4f8c6f68a

SHA256
65dfdb4343bbf8491638978ffcadffa6eab3b8b0e049995f86fa715f95e3929b

SHA512
dd68ada88b7ac0f6c647ebc836ec2efd3a3930b7b00cf8e636a0ff28a38e4658911664adbed325516a43fd17752365bd42aa1d975f69b593065668575e2dd8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
87c81fa639d46c6205d43930445048f7

SHA1
ad36167555068370dbad212c5d1cc0a0f277ba44

SHA256
d291c6f1910919b588fa3050cb7802ffd5f5198d80b06b47a6581c5684ccd96e

SHA512
217928ca2cacdd0539e691c4caadf42af74cee5bebc0a2899be670f4b97f4fc46fb5a6090930c75ca82dec4759fa0025919c64a50019e624c0bf8f29112fb54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
c115e76caecf9f2c248cce89910e26a3

SHA1
78c48267612eaf3f7ed6c3347e00b4d947949192

SHA256
df6a9f3056bd209afc50fa5fd064448d52a34ffc20a895102fcefb5f7508069f

SHA512
a5bdc4b38929c4a1e6b5532f1c8324a2858393b922b0ef454107a0a4dd49d6384012aba23b50985dafb194c817cbe78c4c9db2eff66867d589de2abeaefad932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5fec8e0d2adef906c9c73971e3eb31d8

SHA1
f4116b55100b5666ebca8c2e058252e4ea2047ef

SHA256
0a853601f7feeb60885521a0be343457260f0dcec9eb777a20e791f655ebbf32

SHA512
1d8ae68bd6be08934d54b7d9b9a04dcbf710ffbf6384eead1018b4d620de01171b48a4e9a7347984d994a671fb6b9ad0bceab3c53549531575c5b71d34ea76a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
99e8c5a654aacbdf9f164c475671fb79

SHA1
dde0076aef43611f1aeeab9b8113a07dfe99ecb8

SHA256
2646b227dd35c2d858ce2cdbff24c8f6105769aa72683fbbf601e1643bd0e020

SHA512
bf28bae1e0b0d837b5c542fe50da5f31947d55f593bf4144ccfcf2e6b2326328fe5d04362cbe77e3ff00ffdccb7108f749c82715af06b21d5ea591a99cfab4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
40b9da0524ffbe3f4c17b0102298c64b

SHA1
8671d381863f42259c215cdb2f2d66c2aec9c749

SHA256
f2bf36763f922fc1aec41c536994e91d4f7f2e7aae2b4264d8ea33d1cb1ababb

SHA512
318b2c87e1fbb43d3b846eb000e45d0d4bcb5c42456496e00d8585b9ff3024207e8c00cdf073e6a16db927ed1f14affa8cf2ac353fa046b2efe58672f0a1f21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
52b69399e358bf9cb32ec1ce6d2baee9

SHA1
34bd05c67fbe34ff8bbf51b30efae40080117295

SHA256
6105670f2b0a7413774bf5fd0d10d7c31eb80f187799b39ca3991af788dd40dd

SHA512
033587baf0aed20bcbc80e70328ffd72e80e108c74d3e3ea233c18d3e96f17dbefeefbe08e95aa72cd56130307f6679676206bd28ebfdcb9e7d7cf21799d0a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
2e1a447cd335bbb45efd2fd740f6c29b

SHA1
8238586710057c81337937d8888ba00c07081e85

SHA256
3a8d61bfbb3ed178cc4b34a819044447da1a0212518aa5a88acccea0a3591086

SHA512
5ddcd753bc8df077f98994740ba06b65bd7aae82447fc60ba9b421ca55dcfb23e62b9da65e2246c7c77bc7fc92763b56867234cf6f90a5435d2640764ea00aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
72d4fe2e42ddfb261d68fae4c63d0b03

SHA1
b72c48535440217f076d0717fdceb2fb5c203cfa

SHA256
d62bb0bcf4dee745deac7f7e5113347996a2c60879d788387023563090202cd5

SHA512
d630f3f2ce8618262d558ad09db68257a09436cfe33b99578f54bc72cbbdb1a90588ce6c4815f6d6d65c52ade51766926cebf9977db1b243466125169721f68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
6339bef956c42bf34fc3d428392dafd1

SHA1
98698aef266cfcc36516e26e66211da40edcf798

SHA256
f34b208da5cb93c22b7ba8ad330fb4eef779993dc8d8bf8a440b3f21a8ec14e2

SHA512
2d1227efba7e44e6ce785a53285242fbba31db63a71ca2a88b1b6b7be89d1a0004ba6db06422b9a1773dbe5de194ae579967edac2ac1aaed5ca8ce4b2ca8bc4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
608B

MD5
791320e5b29b746c85f0e18528d4757d

SHA1
9e4405446526d74e27e68fe6aaa6aeaffd3ba265

SHA256
36f281bc45dafdbb8d4ddcaa17894f7d045677e1af96a49c6165fb1914c45694

SHA512
6e2a0443bb5c0b5c0315a8e09a889d1ffbdb4311b6f1ddb5d18f0f89340b77663e1746a1e8160d6b1fd67040ec31f07404053627034a53130fd1b1bd7c1a2b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
112B

MD5
b20a4346b1cf2d3fe507942b90be1763

SHA1
9399eef9c83be0d48eb09a0a7db540e541d3f092

SHA256
3aecfff4a1e664892e4818d3d3286f3edaf3f52d93bdb10631c1d09496ee52d5

SHA512
8568a162473c05a2153b915077683e9f4b81c5f4252a2a1a69ae8469e7fa6639980e589207980dee6a62795c1c36173e7691b54bd5cc28696ea7e0cb16418f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d83143fb345ce62b61b91db0e80d3bde

SHA1
2702f85da332c54343fbc5f7f0c0708c2404f9eb

SHA256
a35bc2f7859b7a999af8d055539280ba3f430f324679f181aad22098db0e6ae1

SHA512
d6bc2f4fa113db47100cbb45d7ccd580bfd7c4e142baccac828b8bf81bf18b5ff6fcc091b748ae32c43c38eb4b68f3ed632bd21f06a067688ff0b3e0e9a63525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f90463624382275d2416a272c14c1822

SHA1
9fd97bd319d449a54ce956f99c08dfb734afb418

SHA256
4a6eda8e33d75d3e6b277e803d2e84b2eeacc21f712c20200df1b0c8d2a88860

SHA512
e2477f52b6e9c80df2c24cc80981657d7ffa246e737a710a731c405f18ae5ae64a5a259ff48b981275b3af3318dae446b189cd0332dc9993a8d9fde974e99798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
02ed3cd5fea69b45897aeb753bb7ca1a

SHA1
a557ba28b5243318927899d07df4bdd5314096c0

SHA256
86196fccc79bb8b82ba1fd17c19833704584506d3273d2074609bf870b49ef12

SHA512
4510cd0b9216bbe1fa3d964735edaf6b6b40aa7135562a34ab8fccde7fbde5a2a3c0af53a4148278b7426ed9e1838b46aab55412c2c77335ddf47577281be363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1852cc43d4de53bfe8fd4fdccf7e8469

SHA1
e91a56b1e2e18ff597b579f476383febd4b197e3

SHA256
aaf9971837a25cb5101c75a9ea6eb90eaae02372644652b1c221134ef2c3e181

SHA512
872c5f950448058158dbf5027f11f8fc71f56aad6eb86b531da38551e1e1abf82ce3b5b704467ebf87c2ad1f3c9a44677bcf31f88ef958b868ff08b0c44d1acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5e307ce1e8bb530d50d1a1c2bb380f9

SHA1
2d29c5cb98d6f6dc48cf2876c95b967f33bbec6d

SHA256
79d364682715e881790991d2fabd1c47075fe7b859cffb4e3a13b27ba78448c7

SHA512
805c9d34154265f4ac07266cd524e1315b4c15b93cd5c0f4164b486ea2a37f6f30bc7e377400c03378edf0b6485247b89a8ee98f4c07f08e94e325ea96170b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b9dc61a26911cd475a57e34bc307ce2

SHA1
4a5b5d7ad9540212b8e29c4841737eca2ff9fdff

SHA256
1b3f4e1fbffdcdffd2f677dbab35848db83b7dc78927ebdfa82abd26881b6e0c

SHA512
586608d09edd9c5d9be6f4a178f789a6bce457186656f97c531c53d93762131511112b082a9c3003662553ba158ef9e70a76d81bc7cce9543b2710796a7be459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7e6fb6a58d4f0e2e0f80081babd73bc1

SHA1
cd4000227dbbaa76c270bc0fc5dee3541e7933f6

SHA256
52033cc4db061b453c05ef4c3c385156201aaa219ad8227d8f7d115f4de5ecb9

SHA512
25c744a1ee7ea7ef58c82172e7084de4819d60df15af6b61ee2e8acc88ad32a383ccfff7d8c6efefa0e633dfb8e48a5c4b8f220c56537a198b961118a7ef259c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98edbe605a4d1c8c007e6ba56796e55b

SHA1
2f1e0d4f09c26b50b6749f270ca837687bd4b77b

SHA256
bacfadafe51a1aae2fd205a2db1f385cf5722976536e48c1172c34ed7ed10118

SHA512
092b8b81a6a4094e5480c4e3bb1b68d90d4f9477ae7356236e10c8ce7be426eed0a913858b9745315c8d4bac9be9d1392cf319181a26038ad9ec6d6edba502ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0537add24e7e9f71bcf383c07585acb

SHA1
5fd527a49f1acdee023b27e1546c000022fa4c33

SHA256
83d8e04b6c1c977a4ab60bc33afba991be9b0b9cdae9536c800d46c51b677b3f

SHA512
ee2b0c36f4b455e04e58430ca64303abe596df53e8296275702f1f319a840da85d9cf283064841771d0ca12dd5145d5a077a5366f4b428d5e6d109978b797f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
723d33602af55d974793ca99b3f41c2b

SHA1
d93431af38c43da28cf76308caf05d0432a54a38

SHA256
2302a8728cf3923bb4195fdcfe1ed37db4e73bbe5e94296ff2ad6bd572836e1c

SHA512
b96e625ef0a89ec00a60d7fd71895f6eba48b1b59745bead8b4de0e3c985d011d742c0de74801546cfb26870325eb6e1c2ebd0178380479559378bf3df8f7c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e690005c7fa13d4156f246fe88920042

SHA1
5ff0160e73f4a51311bd21dd42389161991802e8

SHA256
ac470b530424ae80e01c77aabb900256aded5498fe2f7ff8bb36bace7c3bdfe6

SHA512
9070e72db09434e6fdb3326c1116f4fc8cb8035e92c4df2a9ccc83fd5f760e432b364446d1b1831a53362949501481ed6f4e92129100360f4e7f204afb78883c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
40ff8425dda27e210c3886e9c61abc51

SHA1
7c9576849e65f84e0493afc1f45c4f6ff66e17f2

SHA256
5e4ad97b47f95bec896b28c3228243603e3929a6d2b7a9a96b6295aae4f99b45

SHA512
e3542405bbb7bd26d5ec30c5920d9b776ac1460e137e4023c8dab676fac7ea49e249cc2fd8834a38e832f94bb9b55e972ad9ec265b473d3462e942fa6471c948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
796a3439db050fd1f59e30923c7d7f45

SHA1
b6efdf3eb095b8eaa26143828f589a56225edda2

SHA256
5de57b387052b8b6ab4936a4e89114914685e5584cfda1ef7a7c975ce3b2ba88

SHA512
c288ae840677a2a94916df6fef10431bb012d7821334b0920760785930ed5519f66e67db767dc2f2efe9da2b02d1b0b588537a108771f7177c020e8bed4d1acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370012792172798

Filesize
3KB

MD5
c0aae3f8d8cf71b52b1eb6c94652b7b2

SHA1
69ceb0fbb725e2ffb990b40cdd12c28d72b0cbd9

SHA256
67fa243004228852f30716a59eb48a5fdfead54bbef77f26f23fd2df7be621b1

SHA512
e59b19f9f485f43a009e92ffa16f875fbd5bf7aab205cc1510de149e33a8a18c7f48c38ac156ebc5939b052deca0b0ba27f95ae833aac813992ea536b5f8d8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
72272b6a2c9565eb5057a4121f544961

SHA1
9f8e6b3efac99d27cb1f99b94ffe657812f0adcf

SHA256
6a73e34a65661edc839b76f6608c9745dcffb1276aa3a5741dec5b6445160222

SHA512
33f65b98362a8f66c878e7dba458488a33b1259cee2ff08d6ec552368dab69c1a5f32a5131a399dc83d0233c014eb7db49b8df1f7a0625cf3ee45335cc8dd235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3d660a395f673e233081dd66fd3d6663

SHA1
9f4939675d5533ddf21c7ccbb8f51260d89c0669

SHA256
aa26b598f210093d4f5d9e6363d083adcc582681d9e5ef00c18ab5016e43fb67

SHA512
ca0104705998c8853fe76f5d7dac47766baacd80db1b5b7c9100dc47d7e77deff893d7294c023fafd52123ea7e5b18a1bedab4b110e4a579444e850ec55f8cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
031a4d72d353824ec42bbe22ce8b0fcb

SHA1
0e7632cd3cc0c4e58c99d931c152e66a977ff051

SHA256
008c229c8048aaf1c6523330d5c028f38f5d6884ea946fea10c17ff7f275c703

SHA512
6597f5a259076057f53a023957b62d6151d059731b4c0bc4392d70da5911b89b82e5efae33105d9223bb28bad35fdc5c7a38046d305b7f6d3182a3c8ebbcfb09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
411cf8245618ed56020f4b0de188ca61

SHA1
d34dc92806e0aa5ce021fc5e92b904ca3c654250

SHA256
f9ba29b3b4dc5226a18c99bf78117d3cb435e1cd2c56f3a204a02c47a0b9fca2

SHA512
cce0c147ea5f7a7168d3cc099b13af4f929f3a50bf0e02fe6e3a99828b0b7f2d0070b8989e00804fb3a377e9320e1ea5d27a318a4ce8ac0bb2216fee6201b89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fc244e3388ef98e9cfed740498030b4c

SHA1
207103c6263789ef5e3e956ecc72447b0f85fa18

SHA256
87ca30f4fd8b5e8d223c56ebf587e6e140cfddea202a45c359513e3f2b94065e

SHA512
a9e1f36537eb09c71d3695450d6e05055557c47e91d6c4072b189d851d5b0914ed12d3403b740ce0b1ce63b1c06d4b798c715b1d903e0d8bf75673d6352fecb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58491a.TMP

Filesize
203B

MD5
5457e7eb15f1a6d689706478665c8492

SHA1
0d486529257bbb793d40d147245c16d44c76f3f0

SHA256
9781b1fe1c1946b21fd8c13be4f02c2a3fdeac2e44f54eba11381694bac8e6fe

SHA512
f162561ef802c88564445a4115e2aee18aae8fc6f31cd8ada4c5199d65fd89c08a7eae89acf662fdfa6e471b40b2cd5192464426cb0cc2f0467a9a3ddc0fda44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cdff7242617be457cb576bb4aae8007f

SHA1
e2c0c667d89a4c81bee381f42aaf7d97aee30b5b

SHA256
7221e0255ea43e0581180eca0b8ed86d929da13d4c7ffdac1c92747b217367b9

SHA512
62d6f7783a4e89a7c9a1bda49162487ab18151bc9d2bde2ee5e4dff31d1233c1767e8728ef212e35453d7ef39f346f4999d1f3be430dacfd21e54dc4a1017046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
901KB

MD5
e2df7d2ce7b8aae66935bd7897e4f41c

SHA1
8f29f012f79b2b51bec56c6d91989ba1796870e3

SHA256
89c70bbda18de9ebff7a18cda331659cb268ed772420644a0210d5518d6b1ef4

SHA512
871efb63778a8ea100a93b5869b76baa27965ac1ae7b578af8013628d360dd67bcd513359892e4945a44c24e756064efa2f21ba19e76ccc8ec5b2bee6df60346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
27KB

MD5
9839c207439260a543f73bc350823ca5

SHA1
6948eaffa5521249cffe3c3fedfa14f2c471c37f

SHA256
d9c3e7ccb8c3b693d022a4c6a4bf8302bf01b51e14390b3d137a8aaf1652bba3

SHA512
e5aeaad19fd86c8ccd4fd39ac14d5f0848cc097f11a508a84dfec9916f83421116250818f938a0b122b683db6b99bcc3a441cad5849695dfff4c28e50e6a63d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1a75fe3bb156a89cae9e6e290be438dc

SHA1
6e4e7fcfe699d615e51c98912206e102c072405b

SHA256
16f0d0b14e1300d4ce414050d6913f48de4fb2939bfd38c56b3f1636e4a8af05

SHA512
8aa932ca828f0023e4f0419e27e5235add3b8b0a0a6343dfb747e5b919ed71b379ce586060673842b269079628e374613ffa3ef0f34e0911d97fb809c246ef41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
c00b34cfe64a4735b8bd0a910f8dceba

SHA1
e3ee56316226b42c71469998beaedb40dea93e73

SHA256
b8b8338cf45ab6af6373132a34c3d83fd8c8be928a60f2df6b160623e031e46f

SHA512
a206c18cae6168b2ce5abb7b485f5297a02b9b1567259eac24037881f250b3d6ee1abdc8dda5fbce00e0e368da3990bfef402fdf478b5f5dd332f5b41b64d786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
44f3fef1768a55af6b7895fc4e873a93

SHA1
83ba1660487bdba846f7b1b16795bdebbac2ca42

SHA256
4b6e84c8afe26f2b0fc650801c6ca241e39bed80ef2d36808f7dfd0c45982e1b

SHA512
dab29f7a27359a2c0e71ce5d6563df9b38f195127750b34db0abc05b9d49727319c72e413b274bd83b50e958aff5a62467e868978b7a1296a0db49919c28ac0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0320fe6e94fdc390d0f873921081b1d0

SHA1
904adba2cd5bf00b9d19f02db063aea6d7feb7ec

SHA256
67628df0b5d51ff86f6e517e24ae376a707f4220e76b27a552b4f62deb7fda28

SHA512
05698c6a38600b916a16452d709452984e0a5658452a677f3809875b3eb641219cab2867a9547ec05b1081569f8e329d4c517d5295eb2c74f380710bf30abd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
53b8f1249432f14d51a60c426e924840

SHA1
61a820e5acb3ddbd4199225b371854a0360ef15f

SHA256
6286f248382654f1db6944d80893d10c82e2660fcf65c7619d687b9cc38aac09

SHA512
0e88412311218f9f1ba79340d3e19cf86aecab0ec71fc792caf7d382d56f75bb94aae8d1d1f0a5087d5a750d3c9d6b5d7d2c7023a6545e180b9dd365c8c396d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
fb9a772830112c62a2c47ec9657aa433

SHA1
a4fad3a77fb2ac5c7ad0a84e48abfaa56bcd3789

SHA256
dec8a5020e30c4a096b263a8a14c2e6125163a2fbb5c3ca1323282d481bbd169

SHA512
4c3a15f11593065206e0e5fff3efd91e5be84bf5ab5e2e0b234a7a7b74c9954528fda2ae2e8034c63daef53919d8b8464ef8573bdc021081013d1bab349523d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
79d4943dac89dce424bd556f7d12ab28

SHA1
01ec21d479698cfe7140756ba7590c55b1293699

SHA256
d990a0854b80a71ea16454e1f3a43109347efa1ab7219fbe534ea1a4124fff18

SHA512
df8f879ca256f73a992ea70261632b3f3347bf98317e2b784aeef7ac59b88788c1b296f4844851967c823b36c03c9a689c49eeb7a6ed7e7e946c34b65f03493e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
c163efe909c3e529ef27177fd126f9d1

SHA1
248d4c24fb1fb7f8d6f37629cb04b8175ac2e8bc

SHA256
f816041d56546ab402df3210ba540f9c3e645a2ee7b4fd4608a6da48749b6489

SHA512
4613a2bfee55f12b8ef67a01a45f164ecd40ece1c3e41f419b490d8ab5e112a66257806585e1c024b421677e6453e07ebc6c68faba5ff7cd1efda99afc55a1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b50e6cca31d4d4031f171fdf73989966

SHA1
77a8643fcb080b9dc63f12edac78674406820c70

SHA256
aeecbbca0806b00f9ae5ca9b1b9defaffbd308f2604d44263cce250ae0151e7d

SHA512
fcb419ff5610f15cb2f41f74460bf2861fa3555a90bdc030fcfa400a49b9d98b5a5d3ad09e094de572f570d7307e9bde13ef02f9a6f7cb679be149c60fdffbfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
975cf8411fc91a95fc2a5534f1d66e15

SHA1
d417c8d0ca4f73642c9b05964b3c3839c6fffa5f

SHA256
6f959c27e53e377e20f9fe25532c088b65761e53e9aaf8651344e5136212a28f

SHA512
fb29e3df013b229d348c5d4d12ea4d1259fcdc8e3e2ae08a199672065ab8c05dcae6c8a242cc26de6aeb26f0f4a6667675b7f87d3ae75cc7283cd289d22beee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7751a4100423ffafd19b5b715240f05

SHA1
5849ded2f72c8f405d83e4bb03e2725ad2a08376

SHA256
11930bc5682201c0b85430161c4429fe79c00a9662bd76c0ffb694b112543d7f

SHA512
f476b9cfbe8c4d7c6e00f85315bf5b10723d2ac3c7e63d42abb0595feea62a30751e583a2237629af881522b2de2e2493a9517ca18ac2ca6ce4239d0b1c68b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4107aa9843979be5e6da45ae04df8e8d

SHA1
131938fb2f26dbb1512c906293a2f6dfeb74ce20

SHA256
7fcbc2e611e02ee1fd3fa698c5615b43488f9b14a9bc80404ab02364f12e6533

SHA512
00878ca33a4a2be6d7e25aad136b444382949e43748a597a79f50cb92997b1751076bd5dfa6265f79a75f14e36e182f6f962d972c3778b39c5960884099645a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eddc74014bcd50cbc907feb07ececaf1

SHA1
a3d4d6343513cacc2f99a04a7cf31509440a472b

SHA256
b85f11a972901331bbd17f854c501db1a45bb26dc630dd5a257736463820d7f7

SHA512
39f3ff0914b76bfe97035b7c911f81c1339e78952bc83833083abba0fdf6fe1f97fa293f18e43bc203e9661340d4d18063166118bf0d168b023d392f04042255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c18152336fdd40b66e2f02bc2189249c

SHA1
1740218e3e2bb8428ce0b118828d1abfc0477a1f

SHA256
15e2e95cabdb1a8b30e6f1d6c5d4bab9299ab129d2de6c7d287420b1dbd5973d

SHA512
3c7dab51ad3e28ded511c90007fee25bc8ab57ceccbb8d106aa4273b3357def3b583e5d82f4af873588312347e5c76cc1f4de6bba3db4fbc28671975401f9c6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
1bf3a39e9f855bed11637df7f18f98f9

SHA1
480d51d3c1bca315e5425b50802a9abf1f3dd8b4

SHA256
0b49f529b5c3ef8e311cce19ecb11b148114635cef496089433c112975f2b3b1

SHA512
9735f21d5fbbe7d838a78b81a2cdd976a51e864d8442089928be79f4debdaab9271a06239e615cc62ebd5c7d968aeb5c64e32abe69f2c7301d48da34328e906f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
73d02317b2b7d017f87018d339285dd2

SHA1
339619661d973afcffcabcb82bfd1f7e524c7e50

SHA256
0da2a4186eedd502d6d85affc840182f740e9a78bcb972b9cd9d21927275a4a2

SHA512
8abdfc53336aaa05d25205b543320b4e1bfc56bc5a41249d82707091d2a3c0a89d0823e771608dba8ef92bb469daea3b1250dcaf1857aa9a67c01c983424f4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin

Filesize
12KB

MD5
7cf19b3ec14fd0de6d59d0c878e6f207

SHA1
9df690f70ea165f91ee674807586d374b9208269

SHA256
73b55883ab3acce039092cd5d53573f0ab3c3474712e10f45d04ac90329005ac

SHA512
c24005aa5d375cc2d1d477d0a043ccd36e85d75634d6472c2a5314143aef190a625ca48c2a22f26a6c498de5789597ecc62c2bf5fdcb38d25d30ddfae28340af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin

Filesize
8KB

MD5
45508590d5ddfe95a6526a4ec47d62e1

SHA1
827ce12573c85f0ba69c331cceeb71a77b31561a

SHA256
690fb3b70e65beb4503e0a1c68be6fec5cef00b2168b54f2c048540e4e6fdf5a

SHA512
6d4ab6fc0f687d12de56d6efc119021bfaa02653e78f9a72ce5d0d5687b1959ab008992953aa410cf0f635a0a80705366f1cf2820225f8bfe729049677dfe69c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
af24e2402fc3ef623ebfef7ff7058ba1

SHA1
5e3d5cae9eb7f85580422d44232d45f64f82ae73

SHA256
3b5136e36d3f0c9a6d48f65b014aecaa87f67d8c9d97f81f90aa9c6eabdccef9

SHA512
3496b1dfe698679672a54cdd350187bba1214c732e573c7f179935afbd04c6ec0b30bda7b6e6dc5ce9c2238d2970c017e675a998a639c40344181db968c5cb23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
37KB

MD5
6aa495a8ad4e02c051b840b3d3118e41

SHA1
fccead6062950dd5347b25ca714fb5b128c68a0e

SHA256
554ba3afd2a5dd3ced5edb93eccc07efab221e521addf93f74fc7e15cca9fed2

SHA512
d098f2f9fa8319f42310cbf39840bc37e4a48f0afb9734a02d68762318893c262168dd1b1c0edb4baa348a32024976f6929232260a1a9b50911e634b92e1a4c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
37KB

MD5
ba714c4304dcdbfa67252c6b1ea86d80

SHA1
62b45a1f6f8618f357e2903613f842a42e4898da

SHA256
62e313ffad9b9d29c74e3655f28bd7e5a1d87e1129a4a1c4b8748c001f29939f

SHA512
6d69eac938cfcd38d5b845dfcbffc8621666d69991d4675f2cbb5d674eda8db4e0b50fa3f74ca9581506c582cd8e887f5136137aa510f3efaac6683b8528fff0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\048ee3cd-8569-48e6-a4fc-5772dd3d316a

Filesize
671B

MD5
61b7829c37fc035703fbce0681176cea

SHA1
140feec7a7051d584baf8f655f49089308102fef

SHA256
cff654687e53293358fd6fb1d5d612e435d62382c71f86eff3a298e6fc553a81

SHA512
eebb44143e795c1e11266a4d8fd850de36b05862b1168d1dd93cb039ea0d9a06ca131604a1819267ff5cb888a1d616836207e2099b9e766d4e5adf0db3765762

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\5c91fbf8-3bc2-42eb-b0d0-d059672f69c6

Filesize
717B

MD5
8cf04baf591c420cf32ebcd9824af2c5

SHA1
a9706f0c368e86a4ad08b915d1bc1d56d7eb9c65

SHA256
008ae226953da4c14d8da12b13d6bd86df611c5cc447ad8116e01f15640f313d

SHA512
eedc05cba0efe0ffc1d2e19074e2549c0c05a5f7c741f29621073072d34957f1bf420dfe1bc04bfa4b9038e601e94976f5b249daaa44df72f2f5002cd34f4091

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\62a8b02f-59b4-4070-a807-d838491b0309

Filesize
26KB

MD5
75cc0d26b30b6049ef038d0555805b32

SHA1
2c9b66fcedc0f942d004e29846a19c5b05fbfb3e

SHA256
98556dafdc0dda5e5315e718540d481b7b1a5783d86a842990eda797caa5fed0

SHA512
c90a7e6db06ce9645416ee7c4d1bb94ae1bae551a226d6e488b60dfb00dea50e784251987cfe3940d3fe162e7ee724291519900adc0c6db487d05ffb8e603aae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\a819f81c-7232-4608-8f69-7d9fd6f7e149

Filesize
739B

MD5
c8c22f5acf6a03c9c7e62fcba09fd921

SHA1
1a2728a7ec357c86d77e8f2d20e302d9212781aa

SHA256
6832c20832e8dd85b1d856b57c75e95484b57b091d6af0ce8756d2c13bffc6b7

SHA512
f91bdcc5b010b51676e5361e7877d5c85dd333552eee5c72fd23089cba582b910bc39d24e6aa61c89a76a38259df094b8826a4844507a7b3c37f2052d8fa9757

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\be7b1777-c196-48d1-83e2-d9fd3ffcef08

Filesize
982B

MD5
a5a9699d877f0f3d11b7b4d429383b25

SHA1
fe5982d1cef4f609407336a690d37afefcda6243

SHA256
4bca04a07b3d216fec25db8546241db838826a9dbba12dc97f16acb0a15d031b

SHA512
1c1d054d70ae8def0bff665f2552009709df46bf7df29eb2360f801bf46cba04985703569456bcd658a04d26374d1c1fce0be37eee52bef96ad033fb329e61ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\ef2bb928-8e50-482c-8b3a-0d125ab0d109

Filesize
1KB

MD5
f2fcb793aab9165031741b1a70d5320d

SHA1
1f689839bc8b28eded1ae4e53ff3ec70a15302e2

SHA256
ceabee7ed7d0e10cfb80ac5247e431140aca93e45c94fe44de31290f7c105969

SHA512
54542eed56577e8a6be9470c7ed8e068e0ee9c006964aa00d9b363ac862b421bb83149fdda6482c52b76463d33cc91d792d3ddc49e5141b84e67055e464adbd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
11KB

MD5
6a07b4567ff0364b135fae502f2c6de0

SHA1
3a221841e112ae341c2ad167c8b2ad00e0782824

SHA256
a236b64bba85fae6934e5ec054f033b94d91fe12adcc49a592d616077b3d3f07

SHA512
adf0eba3d4d32c0f36ed7d5391b3eabe35903c83b81dbdcdaafa5dd82f0486da9315fd9962e2cc36a4a5a361740047bb49be832bb4cbe6e3bf06402fdb095943

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
10KB

MD5
1a262ff980286cf7f7e549a7f852f302

SHA1
949a20fc15777c8ded74db8e5effc8d44a7d56d1

SHA256
743b3e9add38a632c5ddea9e7722a47e004c63fd93890feaab995fd575552abe

SHA512
dc2a7340c6f67e58931cb29a7339567a2495e567dcb236169ce4dc80d662efa217ecf15dce8e99ffe18a5d741461d3de0f3840319841c804d034ee3c8786081c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
11KB

MD5
0101d4dad675f24d17753eead97f9963

SHA1
29d386a2a236375bf1caa0599848db40e80f6105

SHA256
c9536789987037737018e0d048559084e08133110e232e99af4c03093aa92a57

SHA512
ea27b5f502faf53b419a191579579d7137c56b4ae3b936336e80e85a3c3182791039df4e3928a435a2d6f9056d8873333872b13899740beb0558a205fdd76886

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
11KB

MD5
27ebc873393926d50ff76a5f1b339f1a

SHA1
c5bf3806624fba8ec937fbdf62d76c67f7c03024

SHA256
a46dd7f3d70c72834906dd5d20004d3defffba40a5f1bef8ef2affaf7024fffe

SHA512
0cd686a9a42d0cf1057e91986642a010ba8d6137f7f45a3b48bc154f48e0b2f1d81381b4233f8b0509b78c5fb59861de5fd5a708a984bdd50074c4b24f72be69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionCheckpoints.json

Filesize
181B

MD5
2d87ba02e79c11351c1d478b06ca9b29

SHA1
4b0fb1927ca869256e9e2e2d480c3feb8e67e6f1

SHA256
16b7be97c92e0b75b9f8a3c22e90177941c7e6e3fbb97c8d46432554429f3524

SHA512
be7e128c140a88348c3676afc49a143227c013056007406c66a3cae16aae170543ca8a0749136702411f502f2c933891d7dcdde0db81c5733415c818f1668185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
f041168060f549e1c9d453886babc1fd

SHA1
89cc6710acbb7d6c6cb4bf7c1cc1d28c242f6577

SHA256
c14f83fa32b4ae9bc34ee15ae305cc9363fe25214d16bf9e8774d60b36b4a724

SHA512
23bb94e958bd855394950fad944fa36baa47f64452581a969884d0663498f4681b6adfdc3dc1deb40c7bb8696a9227bbc7297205b9ed342b8184285b247f66a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
02a092337df10d4888724815e0007ddc

SHA1
b2b9d614bc3fe4b8a24c10bc2c9c3922f3942be2

SHA256
49a7fa209d20215260fbfde10185237326b0feb4bf2615f480f28faec30f69ac

SHA512
6d0e9518c02c47a7d59d600916645c68d2617f33c059195a1eb0cf9374703d2b12af606cab5854aaeb090a2482eda4faefc41156d822027b18506adf49be1dbe

Download Submit