hxxp://trblox[.]com

Analysis

max time kernel
1050s
max time network
1044s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-09-2024 06:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://trblox.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133712021409654351"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IntelliForms\FormData	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 6087adf65f0adb01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 564947e35f0adb01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = eb6538e95f0adb01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5b9936e35f0adb01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "1280"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cff957e35f0adb01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
3928	chrome.exe
3928	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe
772	chrome.exe
772	chrome.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
5032	MicrosoftEdgeCP.exe
5032	MicrosoftEdgeCP.exe
5032	MicrosoftEdgeCP.exe
5032	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
4888	chrome.exe
4888	chrome.exe
4888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1560	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	380	MicrosoftEdge.exe
Token: SeDebugPrivilege	380	MicrosoftEdge.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe
Token: SeShutdownPrivilege	4936	chrome.exe
Token: SeCreatePagefilePrivilege	4936	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
4936	chrome.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
1772	firefox.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe
3928	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
380	MicrosoftEdge.exe
5032	MicrosoftEdgeCP.exe
1560	MicrosoftEdgeCP.exe
5032	MicrosoftEdgeCP.exe
1772	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 5032 wrote to memory of 2640	5032	MicrosoftEdgeCP.exe	77
PID 4936 wrote to memory of 4668	4936	chrome.exe	81
PID 4936 wrote to memory of 4668	4936	chrome.exe	81
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83
PID 4936 wrote to memory of 1996	4936	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://trblox.com"
1⤵
PID:824

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:380

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3884

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2640

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd65c9758,0x7ffdd65c9768,0x7ffdd65c9778
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1708 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5164 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4884 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4936 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3144 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5088 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3088 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1640 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2188 --field-trial-handle=1860,i,1556011697120152391,12042801753352976495,131072 /prefetch:1
  2⤵
  PID:3632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1392
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.0.1004521757\1293910699" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {10e35510-f55c-46e0-b0df-ed988a23655a} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 1812 268d4dd5b58 gpu
    3⤵
    PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.1.1465379283\1542233716" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2084 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21176450-5b39-4200-beb9-dae6a4336e18} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 2168 268d4cfa558 socket
    3⤵
    - Checks processor information in registry
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.2.1515886308\474524718" -childID 1 -isForBrowser -prefsHandle 2700 -prefMapHandle 2856 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6211960c-f79e-4b8f-819b-76dfcd278a37} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 2792 268d8f9e058 tab
    3⤵
    PID:3080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.3.1453069457\2061612010" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a439a4-a3d7-4139-af26-17c6cdf80f9f} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 3480 268c2a6a558 tab
    3⤵
    PID:3968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.4.1876844937\493522983" -childID 3 -isForBrowser -prefsHandle 4320 -prefMapHandle 4324 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c309729-d723-4fdc-93a0-e70e778af20a} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 4452 268db07d558 tab
    3⤵
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.5.2019990830\930474461" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18eedade-3d4c-40e5-9c49-2505ed5c835a} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 4936 268db38a658 tab
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.6.1635201631\1848938964" -childID 5 -isForBrowser -prefsHandle 5060 -prefMapHandle 5064 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6531b901-23db-4568-9f00-0ff75d967129} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 4952 268db481358 tab
    3⤵
    PID:1068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.7.1274020784\1137905170" -childID 6 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ea5a28d-6350-4442-b32d-1f9c6e65ac55} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 5264 268db9a5558 tab
    3⤵
    PID:3964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1772.8.416227203\1190973881" -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {819864ec-83f1-42d3-b32c-b1f32a12c02a} 1772 "\\.\pipe\gecko-crash-server-pipe.1772" 5684 268dd609258 tab
    3⤵
    PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffdd65c9758,0x7ffdd65c9768,0x7ffdd65c9778
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:2
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4912 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3256
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7f5637688,0x7ff7f5637698,0x7ff7f56376a8
    3⤵
    PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1736,i,6393912874688396497,14599078597852121965,131072 /prefetch:8
  2⤵
  PID:1344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffdd65c9758,0x7ffdd65c9768,0x7ffdd65c9778
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:2
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5032 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:8
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 --field-trial-handle=1844,i,5380330716807622120,2587308290256995978,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
acdad9483d3f27ed7e86c7f0116d8ad9

SHA1
dd2cfd176ad33d12ba7e6d260e1069b1dd4490c4

SHA256
bff5b4fff4b34ed3ea2754985b5ba1a8d6921517b0fa370f71f37ee0845552ba

SHA512
6e3ab4b6cfa73a7ad3c36fa621b1d2817b26e8e3613b78a40df6691d65e1486e6c2281efa0f8d3f30d2c6647b7ba3430a8be77df770f1cc575e8db76be6836a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1dcd4fe8-053c-40ab-b651-6a7e90ff4767.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
5eacaacf20f84ac587707955d365371e

SHA1
515a4f5b580e1044a5d4d51ea5605f1d50df6adb

SHA256
afebdf45702bf1cdef102c9139c099e940710fe0e58656e459a41c0b6fc59f97

SHA512
37640e2447577f1ce98dcfc7c7c43209d501bd27f0068f47c46dbfe23f0e41923411685f1a89d4fb2e0f5732c0b1198ba524d7364178428a2a2caeb61df8b0d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
4630a69aa176338d7a3130632f166c33

SHA1
ee323e57153f8a1a09eff4e3adc2f72b368f4c52

SHA256
777c0302ddd738b68345a90ead3f9db23a3f1afc3a5df63b25fb2ba5e4aed5f7

SHA512
d554fe79c88cc409fb05d5cb6e1d19153d7d6abf0696a7108ce450beece7c1747535f55806ed764488e322acdddaa1c580194d69efecf41912e815bfed8184b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
dc29b421dd3a033889874e74267fa25d

SHA1
cce4096789a48de9803513c966409276b9683efb

SHA256
0bc28ade34a550fa7bb3f720ccb5617136828a324e7122feb2a4f5ed2b3aeb5c

SHA512
be4f5fce928e73061ed946417f1479f4262e222be447a18134b1a82de6ca97da23791a49a0ea33d77e634ef2855f27a73f76cc03c14b05b0a459593971057577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
4ea50f7e31834bcfbd3952952a8fa934

SHA1
09053a91f7e2cc03c602187f0131d0ccada4e156

SHA256
67c91f26f3766506eaddd82486c64b2f511eb56cfd0a7e59cf0524e4273b8be4

SHA512
517fcde079ff07ae0a5c0aab276ff9b7f84df5b6b5cafde97c8d021ff954b0c29fc0997af1c15b200b0395fc355402ec9c85302e5c19f17bb78e67a6fc8d7a6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
382124c0e8e19a5b77167dbff2a2356a

SHA1
baa276be5c77c600adc6defb47c01171170604e7

SHA256
6902710bdc292ee67e0ed9ad818f77347f0d583355a4cc8fb73579fa65accfac

SHA512
8945659c4d57208452932db98ea5b5ab18482dfbf9483810826fe0bbe8ac38f57853ff135040e704714af90dd6071f31da507afebb7f11ce5c827eb9d111f28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
162beec42bcdd647ea6c9f231b59dddb

SHA1
02e3aade8b28244fa16ad76efc1edd366bac2ae6

SHA256
2d29e6bf6c9d082197d9b4d12ea874ab42a10299d04e60d183392f452f32e7bb

SHA512
c67e5eebbba51a8202edfc82bf1a7fc41ce43a02f15635d5a2685e51a07a191d4f6807b474fcd6bfd3d754e87657d8b572c4c99fe80482a69a22b4a2b91962a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
297d7b087a429f15f46e16cd22a06bdd

SHA1
e7b8f9a719bf34f634c2a3efbb628b3fc91ae535

SHA256
bedd51eb6e8e19ffa7e65825fbbe1698155ebf53ee119ba86120e1579ae3eaf5

SHA512
f00ce3800d14bbfae33b0df3790bde4f75fd26c6e026e9c95116695f7321fc51c1b8f6c9754557f7e7fa19d6b530845f9d96b89902fc25c5430e0c4b7232779a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c99bc32e7c05022041c06948f4e671a2

SHA1
4355f5e92a9f95dd5ff7cdf79b98c6edf9261148

SHA256
63e5fc5a03ac8599fcce9067604f42b138a3d01f3346d5662a36bc65597e81fb

SHA512
29f1183e8a41ace2f12ddfdb2fea8f95e51b41b34e920e1975f0286e592b81fa2b30309451890cc71fd9f159226790643a965d72be06b3dd992a813d854ff8b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d726d71c5ffd4f687a0979e4212be975

SHA1
3e6d49719d21607dfeee145409e26f744da8a80b

SHA256
8ea688954a022599f03288be2c4f4cf6125df76e1a66a7ea48fc89e88bd595be

SHA512
d0720874a4f8d0f069e62ee25e35ef3a65b32773b738eeb5a219d82b653eac290b9d5f14a9607b8a52dcb16332341e2845707cafe302dea2de6495905584f29b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
908c8161941537338f107758538513c2

SHA1
0f6343bc85adf337ac3e4415c86ca3f5ba1a05cd

SHA256
6afe15513385c4f23e2f6a55c6ba9a3fa27c5caa88e68ee5eeecef457a29ac46

SHA512
6a1d079b75bfcaed26eadc62233bb6254e356bc3fa405a099395de86d66ea145118d6f27c937fda9819f50bcf0f78b5d7beab63af354ea42f4bc09a2e3efa1ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
3c3b58128483c7f725f71d49cc160d0a

SHA1
45c5ecf54d70e30785e23d73fbfd61af5a54e0fe

SHA256
99a7137403fef504937a276bd8ac6036f822d7089aecb288dda651c6a6be436c

SHA512
7b0aa41a2eb9149aef0a2aff427ad40f2d4f5cd639679c9d3b32c20e7b3b8d87caac5f797a255dcf848e0de2b89759a71dcfb017f671bd394637f4c6159dd4f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
3e7d159f6a64445085ee225c7e811b2e

SHA1
fde70f435f7212168410caf7d95bd3965260ff57

SHA256
a5e1bb23376d80347cc6fa386bba7534852bbd8b40121705f59daa826f82ac28

SHA512
4a3352af60faa4d2dee53102f2c48025d4d05209a38a0bfe87321e9b81b734ce1b81f3575f55d262003e60ec835be8cec30044c6c9d0183bfd0ede4bcaded6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
24a240ca4d58e8667c30916ad85711d3

SHA1
35e44b9813d24fd7c576aee32a8ab54625bc42f7

SHA256
14954b45d1db942d4b0b3c28c8bfd507b1f419614ac2f35c4cac1b7b871677b7

SHA512
a7b7373f3238c770cea583448155fcffb78224c53feab432e2f0da3155b5b1a73a1282bc1484971dcdb4a33b0200b8e318fb56f4877eeea2b23c094886de5bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
365d28e99a2fb7e7dbbc2eca46ef483c

SHA1
1e13e86046838355802f18b1185e5b67f86d0409

SHA256
08c71da7391520a52bc8c25a5af85e9ecb29c489c8aed4def03c02a00dc567ce

SHA512
4e303c2241dbe06935cbf82dd282044547201cf9d774c07a1aab3888f8ae3a6e9de698160843849a15a1b444cda38f8bfb826a704c128b62eefb652c627b34b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
446fd143a1ad2a8b56832fc78c51c88a

SHA1
d167c2ba12a8535c2709c991261d5c9aa7cd83dd

SHA256
d19576e2f14085f25a2b0491cb10a54fbb0d1a69457f3bdfd09f761412516782

SHA512
a95802688cf5e5d1d681457193009153d1a86edb04e253cba1dc13b65dd7c4e7f78c562b694a34d5cd6fb70226a8f668b3f1f64fd49e88443c13fbcd9c30c7e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
754f0981b287fd6c66746fb51803a0f7

SHA1
fb75070e7a578733bec8992ec9cf2c16f076ef27

SHA256
ef4d7919966e3a7a5412acf594aa667dc7d2cd1ce5afa721c70be1d2d81a9f06

SHA512
53ab7e8ab1059279c88f9b07d2466b0d1072c039555aea668ddf43d6527d3bfcdb76309b6ea4288d1f01f1572be0401b7d3ad5338efd5a8f5c2d45d7968bff62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7672df84e0e5412fa61d8b622134f70b

SHA1
e1c7b1de75ab1c0f41276b9bd0b04d4650443579

SHA256
65419797b94d3d6b38b526ca5a279a45c879b63d05bf21cb6045fea3a086146c

SHA512
b0fce2cdf11c266aa80698094a8e355071b79953562eff275131de05ba8c095b317f108fcb5c39e3ba3caf1a4c5efd8128d69d36ac3be7d408ac13f7b4e24a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dc71f0dc9e480be05bfe56f464eef8d5

SHA1
572edfa5e979e21eb30b797e822d713a8d19de6a

SHA256
9c7dc9ddea514866fb54549a9ea7a1789c68ecf31f45ab02352dd5ca348fb84b

SHA512
ea1d40d80efcd2c08fb408e46fb84eb83ed3776302c964f96f54d3efa8b2ac098c508e03fc67e0f8a2a4f4bd122928bac733bd7b9a81d0a9ce7628952f052b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6712daac3128e5061a5f6b2bf386aa94

SHA1
e011c1748143838a28151f833ddc3052f12b63c8

SHA256
59ccfcf09a3474f7c8be2c27ce04c628c1cfcee71957b65d44e71c653cdb73e9

SHA512
025b464e47d1ec0d60710d6272eff33c35c2dbfe41f2fe33e971009a28c6afed511f8126c2d58fbe05672c198e04f7d776de5fb2ae2cd99534dde0568c8e9af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d68065bf55757a5b8b80fd4a6f5938a2

SHA1
fd48b301e866a09931171ebee8be5668dc3dbc5c

SHA256
a75679fe6c90bac9d0f9c50ab35a8df0d9bb5553f132e5efa9aeb9db317ec2c9

SHA512
63200594a0c9788bf9a5ba1916a83bae94ea9dcf6ca3e2db241cff7976ed1bd09a4736891a46e080fb4e5fa990f558b670af2095f10e6ada14d9ed8d6243be7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
775d6f29b2592c38c15eb7cc020f5dab

SHA1
fb05ccce42f7de76d561301c42e3bde99b7671b6

SHA256
7c90e05d940fd647d8a926cde1dfe06443a3a926f72ab154f4d62686bad5b65f

SHA512
2550d1723dc2faac7f410bf97abe35a87762b9c017054a3aeb09746d491a29d901eaf86dad021de3bd3351af1e3bd57ba766dbdf99b8c871e8a9fabea91cb8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6a6c0e501cdc4ab8a9d1424d28e8801d

SHA1
1442e250e427840b9e7b93789e3d39d0a6f0d21f

SHA256
20342e79b5f420e9f17f1e30a142e6480c570575ffeb5f5b4419b5ab011cf433

SHA512
924eaa84e3ce7cb69c934618686873e4e454967f009b96fd03c68a4c4c0fb853dbdfc0ea9f825610406cbd59de2fda3a882b5bc34385820c0c0194f76132981f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e671ba6ec8a206f00885741ae5692f48

SHA1
f08de76cee2d34e9b8a997bcde8869815291741c

SHA256
da31a053eb04c4d802ffcff4cdf2bc53f1cfcc2177cc0e9ae50b59d9f837f769

SHA512
d46ea834731f409836e071823272dcd64f2aefadeb443a5c1dad76ae3e8502310c78a6b39bd9177cf301b5ef024655773f9b59b63add1eaae997407bc9250c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
d0b79a349df93529e89e32e0a67fc44e

SHA1
4ffa1e9a6a00d6b1bf34f8946fdabf6a704b21cc

SHA256
a28e150b1b5e5eb9b0f2fd24a6f653f559a79b6dd5892823fc2783fc44f34a30

SHA512
23d6f13ec55ed9fcefdf6f78e384fb9bae5e1312facf8bfc5049eeb3dbe41467276e597270f770548d6ee7c48e71c5856c9690f0a98769fb3db45c0cdc070959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
52093604aa8ffadb159477c5992affdd

SHA1
8fe72f50bfd46f4d4caf087aa18b2480f54c596c

SHA256
136c49576ce9c52f88351647fee5c15432fc1a4ecf09ace75a5eada19b2a1ced

SHA512
4e0a3727769a1336b3387035d47eee7fae4b93323b76eb5cdd84c695510219ecb2dd39978eb150affe71137e4c4e50aaea192bbe6154d075437088d7c69f84e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13371202189108196

Filesize
14KB

MD5
23075b7c5320d6920f19f41b235b9775

SHA1
59c5070c85a52cf0eccd6cf0bae7dd48c343ad6a

SHA256
6f6648137eec9d08dc15550eedc19dd7b3d348aa942c7098cbce2916582daa23

SHA512
1aa0ef06e6a72804a446fe213d53db8d482e701d7f1e116fecdacf6b456f081b987dd4fd342e988db8c9a062c34f4d27ef3a17dac8e456124bcbdb0ba4ad78de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
57c96000aaadcd5f0287d1e070d33e8f

SHA1
46f9733ba078375722897485ec7b2638bf837cbc

SHA256
113546f60034d171407e526fcb585060f24b9698e67aa30b725b5b7cacee66a6

SHA512
d7d2691cca569cb649adef8aac74ea6dfb7ac86411b2b1a4c60d323fbc7dd9daa26e732d55106faea46944d893dc7955269b5336089c376b4c86c64fd19782d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
6645444a8f7f20411aea76428c599c11

SHA1
50f8521ce07be1373def89a845dec733e13fc887

SHA256
bbb334ad580eb17017a9bc3521b2f34426a8cc8fc6994bd5da41ed41f25197bd

SHA512
d7b137a44c54c73291ff43deda7815745803e0bde2a7a771f92b132045c411ca1bd708810fd3578723224622ff505699acf3cfcaf2334e5eb8629413d9b3f40b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
578724549bb2076484135b84ff0ab9f7

SHA1
da489e8912554593eb21f6ac2746fa3872bf79d8

SHA256
3c090e94a79c558555c953ab004be03f58143814e8b59ae79613f9c68e67220d

SHA512
9818ed23a21dda0a6dd24997a6d59f9b1bbd2c0d82a1eb4203db50a3249ff0d5f4c36bc7244184ec3a2ad022a9ed2de499d18ffcd357e298d745bf1ae3bf7442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
f595b024800ea3878c334ae546168c7a

SHA1
4a6e636a28a47e595983b3f83a6230d4b7efea38

SHA256
aaf4e1ef015ebabc19ee35cdb62b8c55f7dd86588a41d7c416209cb69943dcac

SHA512
87137b9816ee8a4f6cbaaf157b1755c6784d81a2d7810b4c75e4f428cffde71be29cb96b250b8766a3e2644491c1f3eefa27f4195fd7e6c87855f2d5756c7226

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites

Filesize
20KB

MD5
e91479722d362f8e338d6b7c0996b2e9

SHA1
8aff5b3cc22708f3c32ce5a5214b1dd08da5c468

SHA256
f8217b5f59f13f06affc7514a552c2e00c0b88628fadfe19bce224bb3683c424

SHA512
9f9aff534a5a15c0145b1e782aed056b8a7beea63bfb28ab2e6b72c62e73bf6f43d7dd6281d98de31a9cef344292b8f0238f9f5fe583a0cfc619f0226707adab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
7df5c391b0e110dc54a2fdb3ed3d4509

SHA1
8a2bbaacd4da6e96c7bfa04ddca63ef29f67b572

SHA256
4e6daa0bb44e0f37f61282302458e3edf4073ea2cfb6611e68040007b9ff7ee7

SHA512
5b7e69c692c8fcff237877da5b47fbad80586761c34760f717a069bdbd041708327c69f21f2e532a55c85d236e8c94e5856a34ebb1aeffe024681f9a792ad726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
fdfa9c38ee771613feff592411a0e759

SHA1
f15ca9fa086ec567940a6866945ca835d02af626

SHA256
58444bca8c671ecac7fce5ba166ed41d031603b6b098daac0b91a4fac6e87304

SHA512
51d0f8731a160a7c913dd6bbe7b4e2c9ea65c2a7afe86d796e48281e3687c53c11933b4c7b5e7f5af1aaf0fe9ac4902fd424053dae3f83f37a9df12e4c2069a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
e7a65e45735ebbdc44abedc950094399

SHA1
9b53633e9ede24e967202e661e641ee3b6c585bf

SHA256
9f97d55268134a92518c3c9a83473f651635767d223c4ed344df305229c507c4

SHA512
294eab5e0da2c7edeff1868ed803fe8c2461682b6af6d2250e2f13aade2608772cd932d09f75e40682632d5415f8b990a720b9afb4dbdc5ad73064629c897fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
308KB

MD5
0bc5464798513dbb6375b52c4de4ffe8

SHA1
0a22ec9fd4df2210d84c29c9aa4d4d55ab4d05a2

SHA256
8eb8c8abcabcbcc68e97a6932c1713e93a1f183fcc176600dfd979ab05c6388d

SHA512
ff5acea2d047b715a76a3ff049de7b1f4e16b445ae9a2ff3443e35527037a2900b020ef453833e4ee931c553ee623e566c243f1c5742600bf62253f2fe19b462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
ed4b88ef5812ca79ef0940d1927b5e7e

SHA1
b0b77033aeb192ebf9a2f1668e8574c8b4e87857

SHA256
059c9bb9b718ab233e6bbf9a92eae4a928a872bb0e361dbe28b06ba3e6d7425b

SHA512
f16a6325353bdfb82729d04e0045c1b3f1e1b58da56ae779e261ba64126f7b4283a425895a6907514cb995a72493605a4766bf10c00755927314359fc00c96c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
308KB

MD5
dec7598868dc125aa99a3623ef8d25b0

SHA1
f4f04895d3e5f6318d467697a68524f1766d73cd

SHA256
86a1bc6b28ce428d4f1bc74c6275f851fc0491df8482562ec11e3c3e4144c408

SHA512
f8b1a1dfa94d5cda8cdd0eab0847e8514f51323775eb3a53bff8dae6ace7034ccc6619a6f1b018f4c7e0c8028bb99565c071bb16a4a30e634a9b499a38effe65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
308KB

MD5
652f23b288bb8d96f92b6d07625f570c

SHA1
eae0c44afe28d4d512d7f16c81383cc6b6e37c4f

SHA256
0f5d40448db59d4597d6cacc179361923f42ce9a566d622239640acf00387672

SHA512
1021143cfa7c52ca240f091fe2f9485feb545609f519cd02cf625c040d810c19cab9082b35429a70764c8026e4c0a3df5f4b4746764b853e2317b85696afe20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
4b56255595ac4f0ebf98af626d61f518

SHA1
32f212d66facf8f4d6a5458ba560e7774868cbfe

SHA256
0f14155739056c724df4b47eb045c0ba654b4062a257c61ed90767ac7b7e6b9d

SHA512
02bab2172ec42d6f03a1e4e2b0fada29a2ea3209d13b5690fe44b2f24f5728b3c932e83b7a4e45a25afb1595fdb6445b0b6c0b8f43093f2143d59c9ae751fabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
51b4663d11fa85a273dc017572b5b801

SHA1
b968edcfd6e4b0064ace96e18e31469c6e4b5b09

SHA256
22b1eb12e918bad1f7d3d2cdf1f60895c5188f51b5c525ab9362e79b3ae5f695

SHA512
b67a5ae8b9cd0778806c2403876325a74bb90f686dd268eac46610e8793ca93c2ae0a6ec7ef1f6a12a758b70519dc15b6ea2cb3e4deca91666f5718154913377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
2a4c26cc4330082f54bbd5d9cea31fec

SHA1
fee793132a9a484f8860957492de7c8876492810

SHA256
cb44ffaac698159fa2e775eb191c50e7c173fc6eca4be94226e880f0b5ec0e5f

SHA512
1e0f3bcf3b0fd3bad2b256b5e392cba9dc028efc5f1f1f50dde276e17accaf2af36cc1a6d03779d5b4c638b472eee4eccbe2dad342cd3e8d197f809f6ff46b21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
222KB

MD5
be419d2046521fec4b94fa70fff3bba5

SHA1
9d03e5baba88abc55fd776080ae0d27295d63d4a

SHA256
6fbec8313d93aa55bcab5c727252540681940419280cd348402afc8a5cb1aecf

SHA512
dbd7c0aaf025997179f2fcdcdc4be68aa21e3a824a37651867c2ede928ea7a78aab852afcc65543ed8a1a6bceed2044b48f5a388103e63f5a9097fdb6f068e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
4029c90de305d0f0dcab70825c2dc92b

SHA1
96885cb9e5926faaec6cb22a85446847673e7a01

SHA256
077305e33aace9c7e48b1af60621582fe2251fd8c7608e668d1308dc6b2f1a52

SHA512
e081ce9480e84488bdb215b58641704bbcc53f9436538e590a6b4314308c8a2a5113208dbd9854bbc9260c34649a7ecc20ca86a5df471da589d51264c7d92fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
0293b50851f0cba67afa02ef72f5fbb8

SHA1
ac73c6322292286d00e0a12035f18c05796b5126

SHA256
9c8f9d5fd1c486c01e8a4f62e150d78c782e9f2deb6108b9d9353ef4bc4f96ab

SHA512
323a65c06fd5175bb0dc145c27266e705e307505a87f78c782b9d3721d37654ad13c654fc24d48222aa9a9bbed7ddb00e1d9bb9369cea4bdf2eab2b341848231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
7ba9e13d01b5193740b0db5b810084a3

SHA1
281b5b5a835ee9327a51fe73460965257ff79598

SHA256
7e1eee5275037c0ddd25e5a71c0e519c5b959756b65337010f0d8f951c3ce1e4

SHA512
5f34712b247dff7d7a7739e3297ae9ea9161e66b482f015038226c903bc6dc06fb8f1855284a44b493fad542359451743f01d0d0b23a23022d1763310b12a1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
2a9b41010f6da2a6ebda1f07d25b3365

SHA1
c3c00b69da40586daba284fd9c46219bf97b8ec5

SHA256
a133f83bdf1b5201711b3f92adb61e1eb6fdfb5f136c5dfc8b81f783f23bdf9c

SHA512
70ac909668d23b3fdc8e59e284989c03a72255ef1e9967d5eef23eddf01b6f5edf7e9ced182da8fddee7cfc40a25a16e9d81f81fa09bf89dfd03baa8512b336a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2f3caf09c3a5f7f7a7aa4b61211f91d4

SHA1
7c61abd4c14124269508c958bae9ff4a508dbcae

SHA256
5442ed9e624e7ec959dbe60ad3b56e07a95e43e43be389b6cd29f84ead44cadf

SHA512
7c7b2fcb31e6e0ed1cb7fe04f1ce1a60485a372c5c0d71fbeff0e22655796d2170d1e23d0ba05d1c4362e677a3ab53f64195fcba4d34aab32bddc9f0e9b1e010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\E49JWOHD\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\79LPO21U\api[1].js

Filesize
46KB

MD5
d7bb07b6ecd6fb1a2e123203006c33ba

SHA1
09cc76938fa366e40992880ff94accd8be0c6640

SHA256
8eae5159c56bf66c17e0cb002b25fc2e343f3e009dc2a39a7e230f08b7b8c672

SHA512
d87c6b675ef3f260cc86bd130f91a08f5d07d301f2a7b14778c5ccf42bf0d605957ff653ca53c57203a85aadff5f66f3514342a35dfaa581fbaf57fc3b72d722

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\79LPO21U\js[1].js

Filesize
309KB

MD5
184d4c50854aab62448329f2920632e4

SHA1
432af01353e16c86fd0a8270d87d4d847a103c84

SHA256
99aa1f4c1a37a96196d1590c5c414696405db31191ded81e06cd43066bfae204

SHA512
bd064b283bbdc0deae2aa9ec32ef351821c6458a9adc1b6646abbe53a3302869d910a0a41a743d48de0e7658a7e099f0aedf4f7d75320dd26e4db906b19992a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TTSWREZE\bootstrap.bundle.min[1].js

Filesize
78KB

MD5
78c4cd0c84838bea16844c9f9ef24b83

SHA1
8cd7971318371ab3d16379df6cfb254a5c649fca

SHA256
ea8fe021a4ace4f6786fecc418f70b658fc2dc02d136e8fe5c6ab6b62a46d5d0

SHA512
bc80244dddc0af2f6bc1fd25adbf64222a722246af2a96069f2a29057b3a4a22df352cc0bc236fbd0bcac015795e56a0e0ef286696795399f86c7a04ac64318f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TTSWREZE\signup[1].css

Filesize
1KB

MD5
b3bf44962f9521f0c35943bf49d56261

SHA1
f60123e019101544f7ac1946387411578c2f5a49

SHA256
1ee33da900246240567c43a634e2f9a70c256b21d18ff8013a62cb2951123a5f

SHA512
e55d37c61d5d94fa9f8793cc6ad1c678f1805e3377796e5e76b21d10b689c3131c9d8706b83ce9ec0213176151079e7c914abf5fa3af1eae9993a00b83f963cc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UF7HWPIA\clarity[1].js

Filesize
64KB

MD5
70187a383adb805dd9fa0f16588b48c8

SHA1
e1ed844db90fc16308eab60276bd9679784d9f01

SHA256
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa

SHA512
c860317ce2f70cf96c9a93f36c7fb608217601cc6e63b45a9f2e9571fdb7c6aa286af566ae532f23aa054b1d83dad6097bf5435cf6b8c9c2cafe750273050b87

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UF7HWPIA\global[1].css

Filesize
9KB

MD5
1dd7de946942b76e263aa55f08a489ed

SHA1
58ea2be4f898516dbfc46b57a43cd77b1e6042a2

SHA256
f2596e6f920a9ec244af58122066d195ef2e1e13d91dac6355158cc99bbeae00

SHA512
4c5c87e13ab019dfcdb3972bb7d5deb804fb81419be809a0a5e1ca386dd820ad95b6012dba4663355fbbcb9011edb54d5761ca870a7c265daeefbae471a98ba9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UF7HWPIA\l354hmqrfz[1].js

Filesize
518B

MD5
50580f8dd7603c35f873ceeea8005f11

SHA1
34f7fb7276b241eb71dae22f73dd988f5cfff3c2

SHA256
b0b29a2629d844f08d05d16827695ab74c719d8226416eb604b9c594284c0afe

SHA512
511df7ecc97b136a6aa7901801ac68e52df58ff83ae27062e068ae2f6d6ee8d41827147e8c43d3d00fc27f19d7a73656c9e84096fa6da4d06c56fa92956ec2b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UWLFE2GR\bootstrap-icons[1].css

Filesize
91KB

MD5
8f4b242830ec54686815617e7b5a5b1b

SHA1
a7838d8a20dbda0ee9e4c1cb7f1f832ce9af1c11

SHA256
d8824f7067cdfea38afec7e9ffaf072125266824206d69ef1f112d72153a505e

SHA512
d326210b288c07ee973a2b38aaf580e3690f90a6f9e3eb8c68e85bb2d6ba9be690edc64e9b98731113eb4649249e5a44768c550b062e8bec8cd2345ace90c5b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UWLFE2GR\bootstrap.min[1].css

Filesize
227KB

MD5
d603cfa239a34ac65af566681e7aa3e7

SHA1
4af3d7e15a6a380c6cbabba42e9adf330b49d58f

SHA256
16ee7f3d53462650bbd32e263c48c0ea759574fcf620c681ad719008912c461a

SHA512
8868c69b0226d541cd692bb088d15f077f87a734ff60b24c8983cace54045694fa1568b9adfa5bcab06e4cfb1e49c382581911b6cad121bad3cc9a50d3621a2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VMDT14EN\syntax[1].ico

Filesize
20KB

MD5
276e9abeea16d8066951172b71d24fec

SHA1
24fa2f9d16ade328f90de6536fad985a174086ed

SHA256
768c377bf41bf095e6233a74f3673e66dafc629fe0fc1be2963d2eb2d6c61c22

SHA512
c503de9b501e3f13fc2881460c2d767d83d77fb234e416a234397c4410463727e1e4b3bdce05bc8a267bc9a3104b2e5e1226191f82cc6d247e35345dade9191f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF64A2513E890A22DB.TMP

Filesize
16KB

MD5
694a94c7bc52dee11bdb81cd680e5b2b

SHA1
bc8f2b64fc3699c3cf71a02a14c0c3d2967167b3

SHA256
a6e65036ef76e99e52bd6881cb7562d4a910f1c3dd725f80a6c6dee53224b3fb

SHA512
58c00b23a5fc66c9802c5098847c6c83a9d06dc87bd44848542514105d1114250c3b9c173cfafd5f609732116ccefdbe463538b035756586876981ee80be417a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
20fe5ac305d6591cb3c4f865c91a36c9

SHA1
dc1d0c94297e240733677c43126e84b5e54b0eee

SHA256
63da8990be407316016189ca621c8d0b844f98a8b882618998a43795addf16b2

SHA512
4e590646872ce203679a5ad06c744bb32b96b278d993271261a837b2273386507335d83d7e99cd3188ec3005d44e3c151ac87b22acbd25cb560fc8c51b2add69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\a19ed20c-1e2d-4c6e-9461-202827904243

Filesize
10KB

MD5
69685b643d47bd9e34f3d92cf836411e

SHA1
365b30c9a39a1b4929ce2055c38f6de0ad4c91f7

SHA256
e4ee49e715098a5f394a1e0f8dd87c5807938dd47b6c1edd98aa093da7cea831

SHA512
2d032214c6b4bcbc8eba5534564506d094b21787cb478c9e812bc67e7183570c00b48f7b7d61fe0cb97e539b7b6633139999e10c48854696e423656baec26b30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\ca451cb5-c9f5-4694-9a02-08c833fa28bf

Filesize
746B

MD5
43b537ae9e2c8c05046b758fde224257

SHA1
f895d754551b498371299e4313f6df5c2cbda827

SHA256
f03adcf581bf212994e65687dbd285976161171c7ac04b4698e28f126ebd16d0

SHA512
18b5b2b0d2323c12ceb39c899119483051a55c768433b1f5e27a3c4b8e79347dde3bb369a593d4cf545fcf0fc0f86e9e40ae62a5975f2478d2a6cfed5e5f1107

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
d4896d5d48bf874ae9cf59fefba9c3c6

SHA1
508e36a12500eb78336398b9fe1aecceba4f2a9f

SHA256
4bcdb8ed53174aa86b36842cb3625fe896eb3e45068bd898aab2119f1e8ac2d1

SHA512
0c044e0d423712ca5668f5589bf51f2e4fd9a1198150a28b515dac5986c8e72fd6cfd470cdf4a3baef0b87264b7978ce2e98ef325b8f65d7c6f3992f09966f95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
1d14143583b70174e5b2be7a6df4976e

SHA1
ec26980d82d3122f80179887087ba6cb1334ad5d

SHA256
00e1fae7f29ae64d439263349ea36e3276bbf86029eccb8b1effaa43b4f88a6f

SHA512
effc85cd5197ad9b96a5137a291698d9c02501c3f6154c431aaab69202a94910a1386610efdc60c64a65bc80b0c117b07aa9916f6a7c1d7365acf4e08826b4a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a2d580043d395ceab4a3732f509e5a4e

SHA1
577468c7e0ecf6fd9df034e4d80fcc36f8e9a049

SHA256
68234b9f1e41d63eec4698d855266f2f57b905bb17d6a556265b433d303ad2b3

SHA512
4afb298ab8792ceb0255b1ddc1940ab8ab4af3dd78085aa179c69ac10b6ed8740f11db618e96bd2e7290b72cdfd271fa060cfa98b6dec8c16da3306a7c90a9b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
974244688a772590460cebf619ed2ec1

SHA1
d29d1cb69a476751f9835c18519400eba3f92765

SHA256
244cdea5020e647abb377c11cddf273341740cf4471834d43071d80ad6c85006

SHA512
cd2b6a8db6996b7295217c81f120e304da9a47cc54d2f3d594cfc983f39810af6e85ff4024b5f37dbc2bb668b3c1d07d47e70f5491b46323c6b153a45d648ff2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
02c7bc3d7441ddb3a972f746d20f3a63

SHA1
9fbbd32e727931c5d25ea1b19bc816770074682b

SHA256
57d3a7d065f124257fa1d8f1a03773c6cbe64cc4e303193877a29f5287a30d9f

SHA512
e6265273023e27ab4a6cb6034251bd0e22c259f8dfd431599b708a0231bfeca12fa98a8a12734dc3c55322012aa249ce26490acd416ee82a977e49d28b40dfcc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
cf78cc5685b2c6e0d4f46fd539219874

SHA1
f13b7c42edf947a9ecb673c2812157ce10ca9465

SHA256
75649b3ceb0c3afabdcbd54433e6ef49c0e22f6ac816602574e4150875ad1d81

SHA512
160e7b1d15876f682dee8465d0d491afb8f2bff694578ef4f9bba23a7ea56750651003c84d0e7c311a55a9fe774f558f4dde0516577ad11847729d1bf124dfd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0ed2663971e8051b2bcb574926400fa8

SHA1
467756bf41c377bdb07c8be10d5391f1df1d80a7

SHA256
0c44c9887ebd30506041e4f483422673660df0b74c7468b0cab2c69bee1f4e8c

SHA512
e521f02d0a4dc70e3bb33747c5113c76f18f15b4370826ef13700c4f559c8b158ed1d8ef79d7d88794bfea61496a75d653237391f2f8b5e53d8574a21f113898

Download Submit
memory/380-16-0x0000025ADB420000-0x0000025ADB430000-memory.dmp

Filesize
64KB

Download
memory/380-118-0x0000025AE18B0000-0x0000025AE18B1000-memory.dmp

Filesize
4KB

Download
memory/380-0-0x0000025ADB320000-0x0000025ADB330000-memory.dmp

Filesize
64KB

Download
memory/380-35-0x0000025AD84F0000-0x0000025AD84F2000-memory.dmp

Filesize
8KB

Download
memory/380-119-0x0000025AE18C0000-0x0000025AE18C1000-memory.dmp

Filesize
4KB

Download
memory/1560-43-0x0000023E4A900000-0x0000023E4AA00000-memory.dmp

Filesize
1024KB

Download
memory/1560-42-0x0000023E4A900000-0x0000023E4AA00000-memory.dmp

Filesize
1024KB

Download
memory/2640-98-0x00000267999D0000-0x00000267999D2000-memory.dmp

Filesize
8KB

Download
memory/2640-270-0x0000026799340000-0x0000026799342000-memory.dmp

Filesize
8KB

Download
memory/2640-113-0x000002679A100000-0x000002679A102000-memory.dmp

Filesize
8KB

Download
memory/2640-100-0x00000267999E0000-0x00000267999E2000-memory.dmp

Filesize
8KB

Download
memory/2640-96-0x00000267999C0000-0x00000267999C2000-memory.dmp

Filesize
8KB

Download
memory/2640-92-0x0000026799980000-0x0000026799982000-memory.dmp

Filesize
8KB

Download
memory/2640-87-0x00000267997F0000-0x00000267997F2000-memory.dmp

Filesize
8KB

Download
memory/2640-110-0x0000026799FE0000-0x0000026799FE2000-memory.dmp

Filesize
8KB

Download
memory/2640-274-0x00000267996F0000-0x00000267996F2000-memory.dmp

Filesize
8KB

Download
memory/2640-89-0x0000026799960000-0x0000026799962000-memory.dmp

Filesize
8KB

Download
memory/2640-272-0x00000267996D0000-0x00000267996D2000-memory.dmp

Filesize
8KB

Download
memory/2640-106-0x0000026799FA0000-0x0000026799FA2000-memory.dmp

Filesize
8KB

Download
memory/2640-246-0x000002679A7E0000-0x000002679A800000-memory.dmp

Filesize
128KB

Download
memory/2640-220-0x0000026788540000-0x0000026788640000-memory.dmp

Filesize
1024KB

Download
memory/2640-102-0x0000026799D80000-0x0000026799D82000-memory.dmp

Filesize
8KB

Download
memory/2640-104-0x0000026799DA0000-0x0000026799DA2000-memory.dmp

Filesize
8KB

Download
memory/2640-218-0x000002679B100000-0x000002679B200000-memory.dmp

Filesize
1024KB

Download
memory/2640-219-0x000002679B100000-0x000002679B200000-memory.dmp

Filesize
1024KB

Download
memory/2640-94-0x00000267999A0000-0x00000267999A2000-memory.dmp

Filesize
8KB

Download
memory/2640-158-0x000002679AAF0000-0x000002679AAF2000-memory.dmp

Filesize
8KB

Download
memory/2640-156-0x000002679AAD0000-0x000002679AAD2000-memory.dmp

Filesize
8KB

Download
memory/2640-108-0x0000026799FC0000-0x0000026799FC2000-memory.dmp

Filesize
8KB

Download
memory/2640-142-0x000002679A400000-0x000002679A420000-memory.dmp

Filesize
128KB

Download
memory/2640-131-0x000002679ACA0000-0x000002679ACC0000-memory.dmp

Filesize
128KB

Download