1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06/09/2024, 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe
Size

89KB
MD5

abc4257218bf8cf459a7d6c085576f20
SHA1

f934a0b84dea0b2611283770ad9127ff2fd25310
SHA256

1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820
SHA512

19d9cf296775d46270cfd90389f6003dd491a5411d062da5c4e60eb9ed4280e84c5f5e47157c03235b14fd92e9f276081cea24afa7d846098377c7e6b6f0998a
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfLxtO+:Hq6+ouCpk2mpcWJ0r+QNTBfL1

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133700628589148916"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{0F71D914-25DD-4CBA-A5D0-600E5C34D9F3}	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
1576	msedge.exe
1576	msedge.exe
4344	chrome.exe
4344	chrome.exe
6124	identity_helper.exe
6124	identity_helper.exe
6828	msedge.exe
6828	msedge.exe
4344	chrome.exe
4344	chrome.exe
4532	chrome.exe
4532	chrome.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
4532	chrome.exe
4532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1036	firefox.exe
Token: SeDebugPrivilege	1036	firefox.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe
Token: SeShutdownPrivilege	4344	chrome.exe
Token: SeCreatePagefilePrivilege	4344	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
1036	firefox.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe
4344	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1036	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 3136	1536	1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe	81
PID 1536 wrote to memory of 3136	1536	1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe	81
PID 3136 wrote to memory of 4344	3136	cmd.exe	85
PID 3136 wrote to memory of 4344	3136	cmd.exe	85
PID 3136 wrote to memory of 1576	3136	cmd.exe	86
PID 3136 wrote to memory of 1576	3136	cmd.exe	86
PID 3136 wrote to memory of 3268	3136	cmd.exe	87
PID 3136 wrote to memory of 3268	3136	cmd.exe	87
PID 4344 wrote to memory of 2808	4344	chrome.exe	88
PID 4344 wrote to memory of 2808	4344	chrome.exe	88
PID 1576 wrote to memory of 4608	1576	msedge.exe	89
PID 1576 wrote to memory of 4608	1576	msedge.exe	89
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 3268 wrote to memory of 1036	3268	firefox.exe	90
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91
PID 1036 wrote to memory of 2284	1036	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe
"C:\Users\Admin\AppData\Local\Temp\1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\89E1.tmp\89E2.tmp\89E3.bat C:\Users\Admin\AppData\Local\Temp\1b89d6ba330937d5c02dd8a6b72c1576bb819711f3d5f2221b0acf08790b1820.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4344
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fffaa64cc40,0x7fffaa64cc4c,0x7fffaa64cc58
      4⤵
      PID:2808
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1776 /prefetch:2
      4⤵
      PID:3620
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1392,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      PID:712
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
      4⤵
      PID:5020
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
      4⤵
      PID:5388
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
      4⤵
      PID:5396
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4348 /prefetch:1
      4⤵
      PID:4612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3548,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:8
      4⤵
      PID:5488
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4724 /prefetch:8
      4⤵
      Modifies registry class
      PID:1380
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
      4⤵
      PID:6236
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5188,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5204 /prefetch:8
      4⤵
      PID:6304
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3752,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
      4⤵
      PID:6676
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5224 /prefetch:8
      4⤵
      PID:6664
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5028,i,9585600269019197510,7321204729312384878,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:8
      4⤵
      Drops file in System32 directory
      Suspicious behavior: EnumeratesProcesses
      PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fffaa503cb8,0x7fffaa503cc8,0x7fffaa503cd8
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
      4⤵
      PID:3228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
      4⤵
      PID:1332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
      4⤵
      PID:4620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
      4⤵
      PID:4732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
      4⤵
      PID:6896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
      4⤵
      PID:6904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:7076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
      4⤵
      PID:7084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,16440309067496240668,506361989446853156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1036
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2ed66f4-7610-4e21-b71c-9f0c3515eca3} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" gpu
        5⤵
        
        PID:2284
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b341474-a3ed-49cd-b835-510e53deb618} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" socket
        5⤵
        
        PID:1696
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2652 -childID 1 -isForBrowser -prefsHandle 2896 -prefMapHandle 2892 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a6c24c-7498-44aa-916b-e7650d442b41} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" tab
        5⤵
        
        PID:1032
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3068 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fbbf5bc-77b7-41a3-a791-3df57dd8bfcb} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" tab
        5⤵
        
        PID:5144
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4344 -prefMapHandle 4180 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7bcc733-63b4-4129-b97f-e873bcae7b12} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" utility
        5⤵
        Checks processor information in registry
        
        PID:5804
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 3 -isForBrowser -prefsHandle 5484 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1952194-daa0-42ef-b752-0cf8071e56cf} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" tab
        5⤵
        
        PID:5956
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 4 -isForBrowser -prefsHandle 5584 -prefMapHandle 5588 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96110a41-5682-4bdb-832e-ed2aeab5710a} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" tab
        5⤵
        
        PID:5980
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5800 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e59983-6f1b-430b-a389-13905e6f5a5d} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" tab
        5⤵
        
        PID:6000
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6120 -childID 6 -isForBrowser -prefsHandle 6104 -prefMapHandle 6004 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc85ee8-707a-4aff-a3da-7431ce2ac8ac} 1036 "\\.\pipe\gecko-crash-server-pipe.1036" tab
        5⤵
        
        PID:6188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\451ed717-db76-4bce-9d73-f3fd56fe35d5.tmp

Filesize
15KB

MD5
2e9929fe352b8877097c834f80feea4c

SHA1
72de3f65b70d94fb6c7b7b7f925aac6f5c7b33a9

SHA256
5de0399a549296050294be0ce29f598d3cd93f17798f88a086fc95fa633f3f67

SHA512
ea655e9d9635c090babc1384df903e6581e5d25076d8b7aa90e488a4a1350fa1fec82c9cfdf7ca1751ad71354449da1815e32b93e955b8a91ccf5f8ce9d1d8a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
71849e5b50d2b26a5d90c3ea5d2c750d

SHA1
79a685f381cf7c4f87dfd2de44ad6261440ebf10

SHA256
95580645116d64b1d172a7102df33ba778bfcd4cc0742e9a5d4eb37f2e788132

SHA512
37473a694be1bfd536aabf60f05f850e2f365dbd6a7b88b985692de0ef3a20c34cc208199d138d9038c8f6d87c63d80c8cc013b7cd30879739361bbaff5284d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
bcf129c9d2753327728b0acb189c76d6

SHA1
71b7891c2e144fa2d894cec484427270b3b1c6b5

SHA256
5363373d7e8ad0042bd467f5dee4ef1cfca26d3025277d1abc59a45ff2e74bb2

SHA512
e5310e252efac7897b7ab6f31446abaae663723bab8b9368b2ba7d6e62e93870d88f79121fc9fe72a604c87ed938a568fbf2f5b4cef8447cb5d4a48345fd7030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
88ba1716698d2552939f4fedf2047e67

SHA1
d94f10b8f09c6adc844ed8cb3e930a5156d5d33c

SHA256
8d212ad1e326d2d197e891495f18d3d5d4edc4819f5ff104a95c121cb7eb3fb3

SHA512
82057b7b7a950de7d748f2327d17f8854be8b66ef2c1d1be06254e67c39b2b2cf50efb989cea0bf3a4e0ce12adac66afa3b7932e0af8617ff7f35c371906aeb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d57cde85d1d4b772d65f7b6a3619ef5b

SHA1
1d31df37ffbea6232687f51ddd54b06a1e091a4b

SHA256
e2f2e4c82290f82e78240307bd4bacf8ea5312a0120a8a1505a9a7873563eaae

SHA512
000fd32bc480ba5a6c62f7634dbd281649cb1e5a12fdf4022d0f6f4804dffa760ef157b410660b03cdc95fe718f7f1dff5c2f30c71bb44862615d5312f63268f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c65166e62894040470f77af3948852f4

SHA1
2a3b227edb18f8d13b22c2723092d984015c3062

SHA256
50c58e84b39484b1e9e3bfeb9d4b2bf8b02e4943f4207b1bc32a2877d6f4fc99

SHA512
bb5e06b527865c2b1a9b3f8bb8d681ca576d7058a83e014e11d3c330d320e38638cd9cd2b45aeaaafb78167b923a052e7af234b48ac17bbe0606c6363b40d4a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e8310cf39b1faf486f41741fb111690d

SHA1
23e2229a00f4abe3160e082141f0fc58801abb72

SHA256
01242d50768f86755adaf3cd9d5544a95fde38444ab8ae8af51dc3c2207dce13

SHA512
225e04409d6500fd194ec1ecc0c7e3262f17ec7ced5d5ba00a79ff9e20df710ed6c0d68dd55e2df11034c17033fddcbeee96bc99bcbb6286e16127e21d1af852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5c9b2a18b2172d44a771c11e3d724ee

SHA1
2cc893b603ca88d9d71617525f36f181db1f7089

SHA256
27cfcbb9fef4ef80c92a0c3a18a30655df30ae3211422f09704e1c29c34c4b84

SHA512
4f06b9421ece85cf25fcf72aa275dfce7080631a05f166e5e203b9079c909c042b30cffe46b69526b9901701b247142711be382812d62ca41f9fd14e4dab1774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09fc75d6321fafbc14e317cc0af149ff

SHA1
8fd8424511eab23c70f7f35b67bfe0c91e073d3f

SHA256
9f19be9f7c7116d8c3344dc9061e49621afa15f0470a71314edfca2565714c57

SHA512
f6269c7c61d50fe4200b85b5a5fd7d8deb17c8a79ca62ccb4952996fa77f3126e9af5cd90e9d6c04f9ae11dd6cfab2bb371e9bd541d46763ffdb61b9d90abd59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5306517db8b67746790e896e909a5427

SHA1
5349f6d4732952c28f207a38462a09d31b73e30c

SHA256
5920938ee2c7a37bab63ed52a4e62646ca53baa2e097486e8c9e2a9fec3a3e72

SHA512
67bed6f69f83ecab3db5b02879664c00ddf2180e554d62bb1207b3289caaaa0c9a4e5fe30686ad20d64d562da88e3fad78d44e4a80685f373ac606d4d811c937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7ea18b17f224cae6f9359df100fd304

SHA1
13e1d527a598658da94ad61f2fe0f2a2d590a25d

SHA256
3e93fd44606d783ba35459f5d9f5c2690b5e2476c76418ae50502d9dccc00648

SHA512
16ddf977fd2863ebbd585a16ef4a27b26f89dceeee5b8a4b58e47a0090443bd9b1265b0dd62c415e5d09fbeb02239984851307b08c72dc08f5aef2bcf680387d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19519154343b0db9cb82c8fde213a7d8

SHA1
ac2555a372fd73bb7971f5a32daafc3569a2170e

SHA256
eaaef6253acee2ab24cbdfdbf417c5dd999506dd1417da6355901edea50b69a3

SHA512
66aa347496d0513188189da53b84dc54f20ba08444c58e95bf286748dc4a253433800a4d68a46d79ce0d696448600a84835308152002271b42440c450a152c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb52bf01133115e876bc65acead2afb3

SHA1
877a541a1ded7ba75c31dd46d188268bdae9e3b6

SHA256
27ff725841dd483eb0754361f95ce1b02623159ab65b9a17b162f753bb47bde1

SHA512
7119c2436b5d62e1ad317a737e4a16a5a9802b3a2b913ebd5c31619dd32bf2fc48311accc4f344fdd9839c10314a9f75fd92db6bdb8a81f36fb39351a1427f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
495ccb954054752e29f579cd9483ee9b

SHA1
2f643931a1f96713555ad94f554dd10bbfce3a34

SHA256
815dfdc9ec08b4533215294702701426ff786c2464575e6bc29053487c8c2113

SHA512
7a2d0ffd313a534d56535ac62508f701e26786b9700c471261d14099f1ebec70d95a18d2d3084c7628dd0d332c8e7aadfd3ebf6dbffdd9ffb1db962ca65d9410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98db038ff3a0ee49462b988f62b357d8

SHA1
802366f75479e52dcbc4344cc942e53923c7b8e7

SHA256
302302e600fe3753cd922819675d53df083735b60668770f25f72406c3c24cc7

SHA512
662bc0a8456d1e4305cf046bdb6279e83c7eca6246dc0fd6605a83f84a2b6db68a87772176d590ed23de2eca7bf74dbab6f7c956d07272187f7e105530056e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dd10019988577f03be3040daa0a3e4af

SHA1
9ba6506b3f47816d843bc38c1bd16d9ee18d4983

SHA256
f548e612fbe9894f2c58f7e8c24403bce684a724c6358b1f083aa44ab3b3aacd

SHA512
ed93ddf1d0798361848e4a61bd353429ee2a52068a110fc19415684aa65811300c5f6b40027e7ed667f20326fe4ec4a99fba7b2e70cf13a206f08e188a7ac269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48c65ee71a208497d22c43881c1ed613

SHA1
0222de64d56abd565654c1e1def0caa83eb312b1

SHA256
840e63a49ea2103dd8cd0e40078dade2a0f79cf87436b51c5a719606bf3ea2de

SHA512
19b66ecae8303417576b95381ff7bcd5b19a5eb3030217e69735ace1ba72b83cb75cb5d12c3a207f2a878c047f6d06e0ae8a441a2039bc8c2ea97bd521fe0404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
41c334a95e798a6c692a5c62b9ef9dac

SHA1
8e69545c3a49fc9e623582535edc2c7262faede1

SHA256
e9708ddac0d6ec4236745ccd4db54b8699a320c4cec5fdf22ee3fe0724419db6

SHA512
1392dcb7a555e10b93b44d52e8f42e676cd7aa6ccaf423ac08f677dca53103c2ebc4f8fd249d65a2bfb1d61a9965c679986e768c604e069cb4261569930ef71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
475718b8f57a5a223adaa549b9cd637d

SHA1
cfd8831bd500afa5313e88e8b19c4c96643398c6

SHA256
fd917da725ca87dad51d93c755496448b897085c180a4a7a79d6edfb2e8b3770

SHA512
3440c88752b7c58eaa382bd2016f2299567606736918a147f6e98fe00030652619088e09e603c1dac55af07275620c9e4a6d06c26a7e480b72d9190db17a20f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
c0ffbb2aa83e62cb37f8ddd0e070dd75

SHA1
2e59e85b699fecbd167eeec4248272b1b301da9d

SHA256
5a4579114b41ef9ba1348de87fa35d7ba2532bf9a99ca280d9f8a896bb36b00e

SHA512
3f5795246ea9001520770c94c4259ad8fd7ca5894e1662f1d04dfd20ffdb349f09d530d2d574a0cdf71cf8eb24257545f3b938d051f69ed4cc4ce230c9d06ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
275a087b2ce584579b8750bc25bf9213

SHA1
d4c8f9ab3d33e09ddbfc974023a43ea0a17e2648

SHA256
d0272ea7199bc10f13cdc42cba422f2df9129abc7bd8a4b26b6e3c6418d1c84c

SHA512
551f45a6ea3c0170bab2ce38123f2c0bc224b8d1815c258aba14738e1686a71da84d043ebb90a2650fb637d539d235bf78a7388850d142f7762246b84ff9f8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
81b7bb75c34db1f0b5cbab5f07ab6c03

SHA1
1b58edb69ca3d7c451c8b0ffeb008d7d47b49e3f

SHA256
9d45dc082f0ae1096ff51c0a808ca008c8b14779c1f25bba3e40ee3d56247061

SHA512
49470ee75b00bf5ff3cfcd46b4bc1202184f71e3b93f8381861483025e9a2307ce007262df91ea15ba43bbbc5fed5131503022d76e179bc048cb8e09f604781b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
7bd0e045ba02bfe1fcc9d8ac50091aa2

SHA1
49f471be24d495e4430b08df677ebf737041d3ba

SHA256
424eeb8e9af29c88732af1116f9c0f25260c9cb63221b02c366b670741112556

SHA512
0ed597913040289abda3b9f71d657781daf74a32a7b79fbbe7b89582bd13b95c054b6aa507452d842c1e2a8d055358db90b2ee9836a9af49dcd5eacce656a95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
630a55e99be56c20ec23066bacb215b0

SHA1
857db27bae77c8c187db212e0af27404eb3b7542

SHA256
4dcced0b3f070a37dd044f1b50fd0ab034ffb6440c17d26c4fa923159a5bb284

SHA512
5d5c68309ccec2311fa4c7ed8a92cfca62ab6e02e4b12009eca0efacb7c6a10ae386611ef631f74d56c5145e31e57f9b95a304ad6681ed9c67aacdaba9f688f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
34b347e87b0912424ccfbd7a253a8435

SHA1
e009258744f9b37b958160e5a52f1b836fe11887

SHA256
1138ce6f72937a4644bd1cc8c34e89e015d2817aa259ad771b1f1c056aa8d85b

SHA512
8f4445fdcd1de251a9b90781e780488a9dda1f1c9887117b1d7e3bac8a16324e34c7d28a8c220a143d7da37477ba224173b9e71fc975a882b6a680dace84df5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a662bce62ff50bf84aa8595b26699893

SHA1
5c150f64730fc422c1dc30b9dd5d233038d725b3

SHA256
d1a23b152077caeccbf4b4a1634c4baf45f10a2b0fbed44615060674ef06b2b5

SHA512
243d4143bcf99b99ca032b83eddf31edabda2f753c194e814861166e6273ad0d2ee74e933d65a5357eabdbf26c85d8d940c95f93fbac1ba6072cbc0b9857b77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69af3281760ebbe5952f18e62a5c0b8e

SHA1
dfcb94ab356409a5d701b4421888a0fae6ee3897

SHA256
7e707ea876a8c85e3e101187f77edaa3ce6867a2d2980b1bed739e57c805cf57

SHA512
11f6c685b9d8ff5b7dbd4f6b4781c7ebaac9f201fc760b3657a264159fbff77bd5c94c833360c6be99f7f737aeae8db1eec1b47e45d9dede63faaaff267cee52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a8bb6383d0676dc1526a465e81385a6

SHA1
f9c845d778f25cb734a47bcf24657684f0369cc7

SHA256
48c9ede81e659d95f3ae38eb33153417450b00386bcfdcd5818edd58c46ad43f

SHA512
b359720f8d18e62b29dee5767a5a1093ca6e473c6b825d2bb84079d5b970610a7ec80f7d5b742523aaed16346a097d9bdc5c9c710dfe8fe8ce20b663328f5e0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
36KB

MD5
90cb73db706a4cc03a75a311957dcb85

SHA1
75ff3f66b60a98c95d14f6ecf8ade014494d1d3d

SHA256
7fbd23fe4bbd51d90d72df7ed2d8cd20f23b8f91f0a7bcf5c44b819a8fcd2d0f

SHA512
0f0c400e19aa3ce34cbef20bd2aeecb1bb720223ba177226a556316d165653678dedb5cb180e7be7c4b6aec8f54654cbe96c66327be0bb347c781ced12840998

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
27ee17496fbc638a834f6675b660b828

SHA1
3316c95f359436c5ff22f1071019dc14e97c26e2

SHA256
7c6c6d81f34425d0926225c36fd306f711626f994466c1e9f7354868b9b40d0e

SHA512
0b44ed28b7220a1294782f7648b7b4e98bd7d5f1b9c12b3d5df445f3d8909bfc923a3526065065ee86d3316c385a709c11b0c412f633e32f2928ce5d1a439b74

Download Submit
C:\Users\Admin\AppData\Local\Temp\89E1.tmp\89E2.tmp\89E3.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
6KB

MD5
c065beac17f88bd086d343ac3f66aae4

SHA1
8750e18095dc497f0f6c668e314ffae82e3198a4

SHA256
f30ff1857378dae6f1435df165ae8d4711f0d976d951ae129b8924fa9f78a148

SHA512
635326dac998dd82fbe8c7ad0a9cbfda72ca69e107e086c0f539a634fc7f93a211600938a2c2be0edcb02e3a9d3c27af21c8a275481c2345d74d06ed6bb88287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
8KB

MD5
ee1304cdbf8e7a3122878750edc7d573

SHA1
fe406fb09bd283aede9774391b94a5104a51d8dd

SHA256
b19a63fd45821ffa3888b1c419747abccc7548f062abc5be93b0856d469738fa

SHA512
74609f273eedbe0a993d63c8b5856f605330e1b8feee6ab33daa01e33f7145f3c450beeb79451de6df2a42913f88d951b4773e3153a47632083b752e34d828a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
12KB

MD5
804eb930d777dd625e5253eaca17adf0

SHA1
d666e077d9d741e6afd9d887c7b92aa3125a03b8

SHA256
6a6877ba0b1c2e6b4ea1d169792b5b1604a8b44d38596c6eaaac6b2aea1b340b

SHA512
4c316dfa41c987d08e881602a2e95cd9cee4cca41036703c9f6695f99c43ef18ed37116979cc30b1f5978edceaf9e08571c8e93c5746f304fb614bc078410554

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
16KB

MD5
8e5d3606707e5f0a0926f92eba239521

SHA1
62afaf6d43654d2003d9557df15144d68c2bcd88

SHA256
00aac77a5064577ea05068e87e8702c640083101bddfa86990d006f97e7f84e8

SHA512
613f3b754eb83e014b5c36c6e179c1b2f8bcd651cfac36b58ce4cfa647e5419c80de0d930d59778f2bbef2673b7b785f881f26e0a805eb11b6713d9df567ef33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
58eb875adf94e6b757f968767fa51b0b

SHA1
f058989f1e9f9c233092fc7bbaee7812b230dcab

SHA256
184c8507fcdcfbf144cb9fd2e6e6c18879e6861289b0a27172763f30710388c7

SHA512
b947d863021f0a12f8a40d2417ff9e31f848ba1eee7a643ffd56947bb5d3f279d839c9ec86c351e6d831d7f7544f72fc67549baf81b6894a71f755163b76a5cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
3a1f0d278eaa1ef8549e2b03e0a6362d

SHA1
4200af2b63a719ae4e3876799c76a496b68dddeb

SHA256
65bb73576c4d6a9f9dfd91c587418c7a2ec5fd124db1bae92e2bdabbe561ce4c

SHA512
881aaa796a8b56a991a2ac8621ad249941aac4b27d9a06d2997e98de09a0498a8d4c4ff1df63b9acd9f00ba28ca3c20427fabd75cc9b940e7d180bb8e6b565ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
bcdaf918d8da5f427a552d47eb788a68

SHA1
8adad3de80145f15be9874d15ab2517ebbbe9d6b

SHA256
bb930bfbc13ffbde807fc64fdc4ea597d0db3fab80f972fbef7f47fbcec4462f

SHA512
4ef5b1f338ffecc43ab8ba2e99616608f2664fcf809bd06cbb7258ae52ae0b1ad139461c7426cae7b4d1c2889460631c793244b820917b17ef56ceef36f58e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\14dcc905-3a55-4ce8-8b45-fc9ecc22f5e1

Filesize
659B

MD5
ba707b60def651b804e7f214ea38213f

SHA1
eb0b5d42833c32f1910a8219b510da9c679d3f4f

SHA256
9cf6daacc0a1a1c10e0df6b3bd738d892aa50052c30f7e7019fffd464b8f7921

SHA512
684749db85c3d8fbc2e33de82051613b89b3bc6c63eadd98cf8cf807525de1d93e5e4d666d21d9a703052c634a72d333c69e1dd0b0936c4548251d22a6532377

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\cedb74e6-4f49-4cb5-b542-8845f82c81de

Filesize
982B

MD5
8ee10820bf06a589fb7229ec34b9ff03

SHA1
e6b3763760bddcc738f1f39c45c834be53369a40

SHA256
5348dff792ca003e08b60db2b1e91a1ac552c9f0f29e9817b0a4223cea513cdd

SHA512
7611550904bd39e47c261ba4e8b2b636f12c7d49f8408a67a55eba4064537daf7a9c2663227b78c8648dde5bfb43e6e60bc12dd7a4209f068e6f6d4e08b0d28c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
12KB

MD5
74d7b735a26313a56d1a04dda6812f13

SHA1
2c2bf6205f04730d9068119c62862fe78a16c68f

SHA256
ef5f4c1eb76b288b81592455dfdab5e5f69d1b1f27d3fe6b383a225b04b6e9d9

SHA512
469ff43f21b45fe6db985519c10b800f752f9bb76f5c8b3fb23bad3ab805f15e86cfbd2ea8f44a10350186d549d0e15d02a6f063994741aaa46fa80b730231bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
16KB

MD5
5946a7b20f84488bea9d12d14516595d

SHA1
79d085e8c98976c6c2630cc4d1c97774dd811334

SHA256
a0989bf2c450a863224f45434ec333acc87d67b70f8a155d3c03de01719a8ee4

SHA512
bc04ce5238f3f14d1bf169404b820375e1fa1ace7a43ffdfce51ac21d1f7e3d976ccf4126ec9c5750d6d8f90aa729be4c0d16c12451f58ce5a11b00aa59ecb76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
df758e1c3a724471fc5ceaeeb23b8381

SHA1
fcea829c0c6a96f87da8cb125a512c81d605e41f

SHA256
ad688e32b290b4421b5be649c5f9a87b5e0a582c4cdb4bddb6fcc7ee71721fba

SHA512
1385fb92ef7ba8984dcd92b3e3fc2e5d1894d9909e33fa96f04c6d81d128919f78b29bc6f2733701b4346fedb20aba019f2e9c8b790374fc7bb409b3701ade5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
d4e095eaad4b030132d5aefcb38145d2

SHA1
e696bde88b09ac56238ed89ea10afc951398b534

SHA256
f0692ef09c4c5ee569d67db7b0af5136dacbdf57051a807fd90504f1f0e4758d

SHA512
2b5283605c6d3b53a9843c9fc9b2bddb79e1d8a3e4fa99b6fa2eb1238f86acedadcc2f9e7f07416d9a4ae4162ad723af5e4476ce2f5e5821075dacf0c3c4daf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
649d03a80fb755eaa595af8f1c1c384e

SHA1
c50fe5eca0798112e3927774f27fe4fc2398cf6d

SHA256
64eda0d7c326d3595bb334ba8faa50b5a4c4a43d76987dbedaa22e9f2719d70b

SHA512
e6e78624f82b331855dda54b6bede29308d543099513ef23919c1ba0bd540bec4eaff5e7f32600bf23a8645489d6186a77c5f294e744eb94fcca13fdc4ae61ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.2MB

MD5
b24ae0cc278e8c64c75d36ba72cea801

SHA1
cbf87ab5d44a053f39c49cdd8161f2d4ab898c23

SHA256
4cad3ab7d7afc16097c18b3362d8c24b5e84854e96df5d64e75d895926530777

SHA512
e1fc2c795394d65fd2abb1f92bab1b10f80e4ea7339dbc0caa0ad3518fe7f2c89a32cd8693a61f00deed0c7757054bcfdec200db9c16b49c4c477638313aab6f

Download Submit