a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/09/2024, 10:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe
Size

89KB
MD5

7c313a73d7c564e03669ab031351effa
SHA1

4d6cef1bfe77918903107aa17689270df65eaf77
SHA256

a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab
SHA512

adcf01794053718e6c00c8f61befe617e03123f06d4020471c636b774ab8658ece634f10011ecb583dd30ee53e8f0249bbfe6f1a84fc30254e1d2d503b6264a5
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfxxVvDO+:Hq6+ouCpk2mpcWJ0r+QNTBfxnd

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702657708786420"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{5BE2C2A0-97C6-4192-9AD6-E9212BFDE5E1}	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
228	msedge.exe
228	msedge.exe
2556	chrome.exe
2556	chrome.exe
5408	msedge.exe
5408	msedge.exe
6368	identity_helper.exe
6368	identity_helper.exe
2556	chrome.exe
2556	chrome.exe
6868	chrome.exe
6868	chrome.exe
6436	msedge.exe
6436	msedge.exe
6436	msedge.exe
6436	msedge.exe
6868	chrome.exe
6868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeDebugPrivilege	2564	firefox.exe
Token: SeDebugPrivilege	2564	firefox.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe
Token: SeShutdownPrivilege	2556	chrome.exe
Token: SeCreatePagefilePrivilege	2556	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2564	firefox.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe
2556	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2564	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 5012	2828	a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe	81
PID 2828 wrote to memory of 5012	2828	a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe	81
PID 5012 wrote to memory of 2556	5012	cmd.exe	85
PID 5012 wrote to memory of 2556	5012	cmd.exe	85
PID 5012 wrote to memory of 228	5012	cmd.exe	86
PID 5012 wrote to memory of 228	5012	cmd.exe	86
PID 5012 wrote to memory of 4608	5012	cmd.exe	87
PID 5012 wrote to memory of 4608	5012	cmd.exe	87
PID 2556 wrote to memory of 420	2556	chrome.exe	88
PID 2556 wrote to memory of 420	2556	chrome.exe	88
PID 228 wrote to memory of 4016	228	msedge.exe	89
PID 228 wrote to memory of 4016	228	msedge.exe	89
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 4608 wrote to memory of 2564	4608	firefox.exe	90
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92
PID 2564 wrote to memory of 356	2564	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe
"C:\Users\Admin\AppData\Local\Temp\a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A865.tmp\A866.tmp\A867.bat C:\Users\Admin\AppData\Local\Temp\a18910e3f6091a7438fb6e69173a0c10e6b71701d84383fee6831c21fe4dacab.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb2d03cc40,0x7ffb2d03cc4c,0x7ffb2d03cc58
      4⤵
      PID:420
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
      4⤵
      PID:1356
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
      4⤵
      PID:1784
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2576 /prefetch:8
      4⤵
      PID:2692
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
      4⤵
      PID:5460
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:3884
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4492,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
      4⤵
      PID:5300
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4328,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4836 /prefetch:1
      4⤵
      PID:4620
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5008,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
      4⤵
      PID:5640
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:8
      4⤵
      Modifies registry class
      PID:5948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3728,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3736 /prefetch:8
      4⤵
      PID:7068
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5152,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:8
      4⤵
      PID:6156
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5180 /prefetch:8
      4⤵
      PID:3088
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5156,i,674747985175147375,1659467100125926409,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffb2cef3cb8,0x7ffb2cef3cc8,0x7ffb2cef3cd8
      4⤵
      PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2
      4⤵
      PID:4644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
      4⤵
      PID:2180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:1520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
      4⤵
      PID:6576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
      4⤵
      PID:6584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:6896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
      4⤵
      PID:6904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,16864714079577980693,8953521362667621026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5720 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" "https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4608
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
      4⤵
      Checks processor information in registry
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a045f757-f45b-46af-9615-dad5a7a91d34} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" gpu
        5⤵
        
        PID:356
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73413f3e-6460-4807-a4ec-e20ad1dcd4dd} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" socket
        5⤵
        
        PID:4740
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3356 -childID 1 -isForBrowser -prefsHandle 3348 -prefMapHandle 3344 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {799c8c0d-6066-4f49-9f7f-bd95aba5e4ad} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" tab
        5⤵
        
        PID:1928
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad47c10e-96f2-4633-94c1-e1aa8c0af627} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" tab
        5⤵
        
        PID:4044
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4356 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4348 -prefMapHandle 4344 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c962f13-aa5f-4f6d-a6a6-a9bac3badc59} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" utility
        5⤵
        Checks processor information in registry
        
        PID:5940
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5200 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d167cea0-7219-4816-ba25-4ac679c55f73} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" tab
        5⤵
        
        PID:5956
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ee10080-5a04-4251-aafe-9382a8a87eb5} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" tab
        5⤵
        
        PID:6028
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5620 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9eb011cc-d9a8-44d3-aae5-11575da8a9f5} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" tab
        5⤵
        
        PID:6068
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3940 -childID 6 -isForBrowser -prefsHandle 3676 -prefMapHandle 3672 -prefsLen 27181 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {237e1149-a6c3-44a9-abc5-ecf6cba70dad} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" tab
        5⤵
        
        PID:5800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9f9437423254f9d51f4f62409a0852c7

SHA1
20370ac560e775154d0c987637491615e1f2d55e

SHA256
8deffd9d49d8470ad8e14f81568f49ce944c9e2237c3e16a829fbdbfd56225e7

SHA512
bb5837abf93cb88312a3ef7901ece2bc4301a3b22bf1ade133b011b19e986f64523351ae5cb63244be65d19031495be36b8e656a0ed93717645bcb9b2370a514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
dc9b0857596dea12b48bc2ca7922b438

SHA1
022937b3430f70c6ccc2d1bf95d8ff8152e7935f

SHA256
12fe6f0c28945bc9cfc684b1f7d2de3ae5b684404f726c890da68b0f7f562d59

SHA512
74f38936514837401a7e1846abd02f49360055bcdb0749319e10aef3121c92bd328e00852100fa24adf8978ad3684bb5f99042576d73fce3b3b924f13908da5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ed0d492adf6fa7da5afe56ecff43ef1b

SHA1
e925957c7fa885d004f5fe2d9704a92ce8281d4b

SHA256
a2b296023c47e148337274ad3c636c7e1bf46c4b531e1ca27c6607921c3dee82

SHA512
448fd69766a2295a38cb1728d4b868d0385bc0502c863fe4e23779f8f885c834704a75fbbe4b6e9e6919acb8dc768df9244b431a00b4de62da2d2a834c5666c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8fbac1c2be14a144226daf3ec05fbf7e

SHA1
b6dffc3c9ed04e8f72767dfedda880ceb2f21914

SHA256
cf7959b5b71a41fd2c9536470b547b38486708cd8c6411e818e1c0e8293d66d0

SHA512
8c8e3529845e785ffd281117c5b205c542c81c51bce67e286b21f63245bde104bfafe4ed67ba667ccf339e48770b2665462a4fcbcef3c83a29897c8435ab610d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
02cdc21f21536d2ca41c2a28795121af

SHA1
1cb859edf6a1c6c275d9d13dc075a17744c4d4ba

SHA256
79f419f7defd3bded709dc4dfb650a676aeec9525bf077e0f9f3a9e7eda4e15f

SHA512
d6de046cc1c903c105c2bffc84da3ae6df6643b2fdc2dbe5882243858fdc3a08c04face9cc189a955e6571295247f80867ad81e47920f6c5054c7e3901a95c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a37756efca5fb6e476e023cdbc1916c7

SHA1
64714ee1d7ef211b9cb96d99141fc4d33a14d9ad

SHA256
1a4867d5d88f1f71be3dae8318189a48b570ab69d4a4992928e3ff48093163fd

SHA512
5d810fecf7141c883cc2de6ab7239e0bdc3483a39dc13b715efbd0e2c58de80cf2bc0dbf5a7f50a88b9a9dbbf8e3acc9ed6df748ab9671a1177d2af9bd6f7f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9387b933814013f7b6f2d435e1b1c04d

SHA1
73e07d9fe2d6bb7e66c06bd354eb3e82791a30a1

SHA256
56fef13a6f839f8811882d923abd1d7958a9e1d3c6550d489704fde77992ff8f

SHA512
694eaa536d8e1e29fe2320d15b612bedec770239785ad14c5726723ec4c472a1998d8dcdd7df487de245e3456ff04b52f12a1304216708d957fed69d1016632c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1589f15e189d8b6a4a07a37e18d7208b

SHA1
06c6193113eccf43e0417b1d65230e3e3cdcde53

SHA256
e274a9edf4baa1d5834030376b258537220c6ab0e2617df404d81e463249f80f

SHA512
022676f620255adad8978ba04d2f8b2883579e79b7a4ca7721052a98b0d549b6ea3d3d65bc539de6fc3a1361fa46088f549a3b327169e8b3e27961275c3a0eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28abc68b2218d6cdb07408cfa39de636

SHA1
778bdbbe7cd4697e8daddbc373d7d3f7dad1ad93

SHA256
866d6fb5a8fc8e05d3ccf1623c63e1d14b82afc7483dfc3853805a698ab1dcfc

SHA512
09a6f2fb7c75e51a7048133b9415b6c1420443037cce1f1c89489a45eca1b80a9ef1ee2a71f165a46060dc64b5f6cef85a61d7afd0f2607615d83e5e600e67a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd098b25f44275da740090a22bdfaaca

SHA1
51c170bd5abaaa6f8281836e3f519f748be6448f

SHA256
5931d3200b73636089bef383d6bc222b0c375a0f69332bfbc9be64108208b02d

SHA512
e354dc989f1be475523c8e56319bd76a185acae4208c07fbb92b50206dc3ca42e9893d7ec8973f020ef6028845f2cad9aa7655296a54fe164139b59e33295eed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ae307409b2f826a80013485d88fbf5b

SHA1
a5bf7d135bdf4e29c62f8eda3b3129afcd7d63a2

SHA256
a8f9de85f871352d7d99453c9093a4a74a1099bdca529f8155294a5fb5655a76

SHA512
3d457e6575c37519c49c8e48fce372084b7d6f575336bf1ea1b2ee26b4f5373be91dbd0a3bf668fa336659a885e33b6413b74ef5ef43212089c0563f8a1c7f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e92f803eaf8cfc0864a0bb02161e70b

SHA1
fe5ab94e35548f9e6e160e862a1f8273e531263b

SHA256
3f5cf9a3042be8d32b4f9cdfa928ca6dd3c7cb88cde8b0560e60b7fe4d3312fa

SHA512
0cf13b10f62122b99abae1a1ce4b49e93fbe61672279633cbb4e98dac3b8920f48016f418eee3a14d22ca98ffab72072e587b312d252854da68f72823e4f18f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
941e1b3a7f2b8f8fc725066ae3a8e3e2

SHA1
36e179be30bab6338b45ec2d64b0dcbcbd3d11cc

SHA256
5a3790e8058bd4bd1ac3fc3793d81367eca98a0a7130568dc94ba05794a3bcf5

SHA512
577721d16cab8b8770646ea39e8116d146f152442efa20f88aa38abc0b83603fb8845bfff542efecb3c6a5192be116267af794b6fc0080ce70104e23cf8113c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c97007bc031bbc92cbf18b1e259b099

SHA1
00c1443ab416b8eefbf447b3b166628ed4582180

SHA256
ddf6d5b24a2722dd2bd0b9848a1dc695078f7f515a413e86178e936a07e82583

SHA512
a9fe1d6fdbfdb4e38f37632982239d9c0dbf0feed39a5e9e9df9dc8a0c68fc3778580f5beff83bb252360ccf3c27116993b116065a03159a2d2d60a77584173a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1039c68d5848fc41603e427bb303e3a4

SHA1
1782cd3fc1e4ac43c27feefbf1b6ec2a917ffc24

SHA256
5bcf16fafb441353e69b9039a1c4d3dce906992446595e53d1355174941e65de

SHA512
9019962b59d0e4c80d95d16304b42379565e89627cbb35333a7dd1fb5dd79c54a14ce76214828ee255fa5c973d854d607788d253f34c0b75b7a0b23422fc791a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94fb357e670ae71d9ac2d0f30bc9b32f

SHA1
b349e441d4e9d08f4269742318525c9c16e10b7c

SHA256
57a8a6854a5bf38739f1ed01d124ac854c3d5a8dd8ba289331792a000a53ae85

SHA512
6400c23fa6daacd00fa8b00054f02397999e274ad33520cc740f6eea21b39967334656338e61153f90a9d264bbd195c7fbd39eebcf7e7814c8af0180a76ec716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41cb64ad9d4968deb4f7b7dc0e303db4

SHA1
cebe15ffe5952500aad24998f1d3b0d9762a835b

SHA256
be2423a0d4ab8bbb89e772877b4a619d4db9bac11d506dd6ca541748a95f382a

SHA512
83625ce024bafd6d684ca452211c88237803110e14c4e42680a53155478b5156bd03fece177f162012a758027c304d50ef82114ec3e99cd06815b8a87a695a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
48d66232a37e6df9e613273ad47ca81d

SHA1
5457a6ab58c02b7f8cc98f1fef7eff3326374d40

SHA256
797eb71a30406bb7bfb8db4ee9c4ea261412de85352b31e10815c561fe29aad1

SHA512
aa1c5e4ebc3319a969d8c431d764f1d3b60e80cc17742da48458c91a56144131e1b7140593465c2aebe33fbae05052f06b29c939f726a6a413140fe00e7b06fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
42a0ce0f4b7dbcee18f06d0f5eac6ae6

SHA1
b1a19c5a66cda99ad2bf824ea0c417babc667b5a

SHA256
10d5f2880e7c28360ae442ff03437e262817eb88d1373812b6bdfe0816d5cc35

SHA512
1be0763f10221d6b99d6a3c2eaf4c241272a2aa809358dda2b36704b0ab18bf2e40e21b92018fa58c2ff2912bf0eeca9b8329fd1cdc29bb8817ef93ca496afb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
71fb27bf1c2bbd82e204434ab1fd4ff0

SHA1
931c5fba5fd328872369ff1919ba956439421004

SHA256
c037c63973084817e99931bae68e5922fbd20d22ba19569a00ffbc83329c6aa9

SHA512
2c1d097595125493875e7330660ad9baffb17c2968e2a07b81159f815e7f68dd7af95044b923019ff8be13eca5b0271af3c026fb93f89086813d73062ee9152c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
8ef50a3495e940160180da1a5aeae0d0

SHA1
1c9e2c6bef79e19cf1244f8ace4d59e0c2b1dc12

SHA256
d36346e8e69f2fab26e1ac392c7ecb6bd499ff3fb29771a6292ee063af703d7b

SHA512
35783601636b24989d32246c8e4fc7b7dd401663723bcb34e20e6414e18cbe57a4dca200e3f85e2671ab81e15d688a266378abf59b0125c7da8daa55f829d21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
c23437f799699267a30e16e497ffd43e

SHA1
c6046f419f2ea1960160b40c89ae7098013baa23

SHA256
b8c6f9f01f5032ccb037f26c93fa8519c7850e2bb38c292453d492670b62865f

SHA512
d0b13a551719d3fb0fdab8156ac202b2220716449862556cb6035e3b7bdcb4e8b52eac9e68819ac6b25f551eea90d2654758ad9dd0b30c08a744d2ec14f28fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
1f7b4e0dd194e7107a2f26adaee46d88

SHA1
4965f25dac34848a6f0f15acfce4e179ede64dce

SHA256
1c13ed58a1b1a1f76173453fd6fff3939fcd411c96b3d30550d7f54d328dbc64

SHA512
2b143491821cc6b4b8572fe938ea4a3abd0c8643090958a1ee7212c3dee01ebd63e0f0771d0813478e68587ffa7638132ca6c9c205f6af26b8ae6750fde2741c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
d1fdb550d8526bb04cc3cfb4cdb7a82f

SHA1
0959a8fc841afcd2bb271f9101a0fc5dcfc0c29c

SHA256
210c44a0267f54bc3d68a9ba8bb79636a11d1d2d882c151a541e0318675b7545

SHA512
ea67dbadfa164457bdda27f7f526b15f8f556e8ac2bec3dc2378d3e0c5bc25fe1990b6f1b461317aadd2a470d3401aeb4214fbe7810c621d42fbd265654771db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ddb51156d877b169773c35a14e9b4d87

SHA1
efc35111ab54b4d552f7a07a0c6f377e4fa66720

SHA256
2c7ff25e0183471ed7f2d7a052ec70d1ede30cb45eb52fe7b4c53c7e2ce2588d

SHA512
a67765423e526a49b329d6ef26e543b488c994b01d3706b3bfce6f3c4e7d2338e8df9b9fd05fb0a317e23e24eba6e54db7422836ba558392fd6674f06f502285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4a9a00c104d72ae33770a57e27050066

SHA1
5f1e300563f432cb446423c337eaf8716948b50b

SHA256
d1cf71db8365df8eabe0be59dd69325a594bbc77035b155b25a53b587cf90f32

SHA512
b17e7d4261681a2981eb74db7facfbcd3e5c62350e67c3ee41fb3e5ab1075145fc5775d795c5d0831a11c43b1f30a6319637e1025698e3a2d878c90bff0b0c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7467e27ba63988517aa9e50be0e35da7

SHA1
a49f8a5c131457e5cf5db4ebe7e675bdd6eebce6

SHA256
d1aadf16effa8c79d1629816cd2f5a4b3c5bb89307e2bf2471bde257f03fa350

SHA512
69f992c521daed92119feb55413fbd26b70a7a3698f5ffbdb2f37afbbee6600d4f038aa53091321281a2691e84b7228149590d5fb936906251a966a9871de5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
498ec2265e112b0450220b62b77cf7af

SHA1
2dc11c5d1eac7320934c6f7867b3c0916dd8e962

SHA256
c86d2f034a42cfaa850eed216686ba6c51dbd00df791ffd845b3801b57c1769b

SHA512
1a5bd4f3963551780d5916974716deba2e938f2e9cda6ef87799f35b17002e0dd73ad17b04fdac456f09093f9bf3137cb9ef73b39a51a9e9fb55263b9640c959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4598434d2e367251ae6e65badf01790b

SHA1
445588683c2b341d9fcf8d0f8976963cd2d9e700

SHA256
365cecf54512846ac6d39deff940b5e3a22c50ed3f93da6fe0c9fd5b7df34541

SHA512
6601f6494ca8f74f1063329d6d945cb4b20e92a888f47c510bb93dbf0e29411504b08c1f45115f48e2210fb16b860dfdab3e6c9ea7642e19fb018efb62a87504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca9728afed7608f0f009e237965c2a2f

SHA1
99e995f6bd239e03a8cc093098d87d9434624d65

SHA256
63c59b7bab5604a27bf9df2c411b24f953ffa5868657359d9669359bc299126a

SHA512
682fae641778f094b47f0d17a27d4b813a6dcb6ba40e476e1de29996a7190b6251757addb819593f3a0566e3686008679c0492b716b2a8cfea44988e55d05a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db56f5990e88c14dbcfaa4b103c0bfc8

SHA1
5190358b16d9314efb6a8c438a28ebf2e74f4558

SHA256
9a56c49c2928470697ce5e4fa0564baceda077debf9a780c85c05a2c10ba0936

SHA512
d2a23491d92145585201c6c7ccf7749c328f8cc5227cad14826567ef20fe0b85ace2f2f55754be8ef8e70026e734de12cd5744e960da8188912dc378d5caf4cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
42KB

MD5
d2c340f7c67bf55dca57de35849fed98

SHA1
943c1ca015fafbfa7770779d0a5ac3df5ea11887

SHA256
defcc8aa5339dafd2649f807e08e22d212f4a13a0608e7cbc5d552a72397a0b6

SHA512
98ea74fb18062d0fa9c0b4151e916631b03c164bb51bab0e9dccb30049b6f7fa95f04cc557c4533d14e1cf3667f7709a4e23b7e7ad9ebc56946ce50e2a540b5f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
4dd66d1a90966f14a9b9b1e9a4be8df4

SHA1
f0648488d69e7d1a9ceb6b18e73f227509fa7f09

SHA256
7b1d39a7081fc8981adf8852c038088b57516c76230418402ad16ccbedced0d8

SHA512
6ba38b94d4e68e9b8a2532a4f171b7af7a8f6a4bb7b6fda2a893dd4f2cb4653f475621f06a2b9499966b1c7b0300c89855eb2407037408191634ca2e972e64e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\A865.tmp\A866.tmp\A867.bat

Filesize
2KB

MD5
31c09b550c61042384ef240a1cd226df

SHA1
731fbe63179f646915f8fa37ca9f8c85fdb9b48a

SHA256
752a176e12900c9f3cf947bc36d506e360f86da00a2dbc1e5fa821f2584c75db

SHA512
8fcd654736e4b71765b5379c6e1699771e83c5c1df1b5e3fa7f74e4d3b5629ffa1f54aaedfdf9979416d3704bcfb38d73dba7c36c7b6f1ac9804737e7af698a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
6KB

MD5
378d43fa797dcb0bf82f2ffa2760ff61

SHA1
e97e07b4fa74e77a9d4ad7bd5a4686a2df508fce

SHA256
fa298217f22dda38a43418d1c32eeaf80e066a7c7de36a2e900a6e5437716932

SHA512
e6cb5875d1925bb56951c099512d6070cf7afa9b3f3e2002177cfd2b8b30638464990a4099cc02042853899c6855132d6e683e189165cbdbb0ef8b1b23dcff89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
7KB

MD5
b213237d8f9a603a68e25b7af06ceb87

SHA1
ab7b3c06a561edceb2a1b71ce8cc9fda0cbb8939

SHA256
b4738595f0e813f0599e1eb9306fd45396b184a368763142469a61154a7d8e9b

SHA512
b51adf4a93ebb7a887622f8be29e2262ca58e934b26de353084e023b8b06176839618ad33f4c81586fc63050c51f38338bcac11a6102a9ad7b7015f66577a0d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
af5102143f322da9e1ff40de0e0b918f

SHA1
4624ef6c514bdb727380179c0ffd2421a646ce7c

SHA256
4e8a7dfedaf06a1885643b2a02dcdc4764b6fe9e9e255b2b0f1947a9067fd73b

SHA512
91f7e42b2614632f4c71dbb20232d277e316db7520b6a1aa8c7de70ef458286ddd4e9f762b68d2ff5b9c40c4c8676325f3d4121bee2809287e5e776282fb2865

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
cb57557c9d5391d84f7de1750f9d5091

SHA1
4986403c380d2202ff22001b150bf7a62298bcae

SHA256
6e787c4d8460cd39b1d989819afc33ff511672612a47f0816bc8ce245a15371c

SHA512
1e7c44efbf35625ac57176ee9c16514523c317404952cd2ad1f17e53a76553cbde4b18b1a5c46f9b4cf3198b153b6d20d02975800aff2f845d0719f842c588ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
14e6304a0c49d47e60d029f32b8475b0

SHA1
64363580499598d04221e3becbce5994fb0ea2d2

SHA256
6b6ace1dde4d3cb84f669f54e2d69cd61b53587ff6e1419b2b66a929da594b37

SHA512
531a6f31c599b2eaf537a69abdeb5a1c018f35767541383660a6e7cffb2fa15a4186811aa0e741075875e67fc006afd0c03e386b3c6d79bf6e080387bb321dcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\3a1accfa-eafd-4e39-9451-0f281f85906a

Filesize
671B

MD5
4458cbf6ea0de31a6dc0d786f76dc2ba

SHA1
2bfba2e132a2dc0cd9065c51bf969fd943dc0684

SHA256
d2e4ed3be750300cdd86986c327677081f709ed13c23dfca6703b0b2792411d2

SHA512
04a2809ba311a0f4654d54db97c45c7b74d684e4b76e2b69c1d02ce937192374a72ce10bbbc41e0147bca6c935aaca007f806eeb8bf17ee484aa760cb9a75fc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\c2447b27-a82a-42f9-83d3-90dd2f8fe2d8

Filesize
23KB

MD5
b13656c40516587baa607a20ed724da3

SHA1
eb3fc3302841ca8936ecf333133cf5b40b547765

SHA256
def00c4130ef181491ac1d272ad8ab1b53dda6d3f48bba9181cc399bea31d237

SHA512
5a8eab78647070bd3d95c9af1425687683980c8f8d1f47db83df5156bdcdc1cadf97ae85235670564b139e405ac1412afcaf46eb444abd5b0f1eb8ceb5c00898

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\f952424b-ab2c-49ca-9125-712fa559f520

Filesize
982B

MD5
5739027b7332b7b0d2fac24961b82ffb

SHA1
9969fcb8f4ee82f54642661ebbb8301b45aaa62e

SHA256
1c82bea11bb9a947bf376206d64f978c3e133786721274441faaaaf482d82c49

SHA512
ae8b14746e50349f0f2b45a3fd42aac252ca2c3969be590804c61a327116fc07dca8389e38cae232228e79640d0481970c53cf121e1b2e9b8dbb80b2177c8631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
13KB

MD5
5cc66830ae8aea1ba3a5aa0933bbac4c

SHA1
b21c45ef6459bd2998cb32daf99c040a7b73cd19

SHA256
90750e10ba328fb68c3ea5ed2b94e9c4c6338ae4601bc2c7eed8589995a1aa52

SHA512
ab10a97edb266f33e9b61736725da0ccf6ca78803484665159ba01a59c400416ef430cc8e04fb88ff435f1068f9f7c107dde9c0d499d57aaa9e97fc610a9e72f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
12KB

MD5
2288bc12d6eafaa22785b0100cf6cc37

SHA1
ad0648dfdbc5ed70f5c74379cdcbbe02d7f40d90

SHA256
3ea961f77686b5fc36c5c19a5acf575de0a39c310a27e40454375049483e78a4

SHA512
1ab9d78dd0050bcb126d099026ffe3f3c08193e32fa0cc64ae7b102337e2007f57bcf2ad9b937fba12d65668c8c9c0329ab1d65243a2585764e161badbcc3b3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
8478bff4376b8ec94257743143d23d4b

SHA1
04633a0245a653276e493f2f17a6a9e63874dfb4

SHA256
d5fe98ee613dd06a641e2a8058cf4a6177e64217419aacf5f5c8f9e3dd40ac6c

SHA512
6c69f59fc940609c1c63c31709b3dcab16d5ddfedd696c0c0398a4877ef7047bbb5875bb8ea4672f03a6a36454f0ed20f56f2b3e175853b9ed7b669311b2c0cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
10KB

MD5
e37170e31473598afe1a6c48987d08f1

SHA1
82fe62010c57198c1dab740cbc722716c98ccd4c

SHA256
1a153759dc98d1514d52915487c97d4d69100d1d22a75af72c3696bf667ee3d0

SHA512
cadf365d6f24574c7ba0ffeb3af498a808291dbab0bbbaefe7d6fa27a6909f2193b9ee76caca4e1575b17dc115ed0e00c68b9a391d16878bd63ce89fddab7875

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
10KB

MD5
0647ff88c66cf49c0cf25c8e48cca442

SHA1
0a5f518f230dbf02d565f5c067f2cac78a958809

SHA256
970fa1d740357c74218b489ffadf2f34656e4ba6d22337b5e1594ae38c248ee2

SHA512
6ddbdd2830730d602cefd67540da2199e81ee1691856db7ffc0fa689dee0a4901cb261fe3ac1008942fa0b5e61532923dd91b3a00d9b39fc1d948cf8a15d5b03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
eab51e50da8916dc0486bba10b66ae1d

SHA1
7fa2c4c51758bb808e2826137f6598fbdf391ffa

SHA256
9f0b278beedd5fa9321accbf22c130bb6dd1bb45b138e0ba6145642e8696d63d

SHA512
de21675ebad8ce645b1519306eccc47c75038ccd7704cf3bb349db8d2e4eb71da839dcd87c8f1ef9f7b9907e90ab4faa4f4bc04667e367f26952161a33f1036d

Download Submit