hxxps://drive[.]google[.]com/file/d/10l431UmhLHpP-I0m4f8s_x6njtrZvSfJ/view?usp=drive_link

Analysis

max time kernel
43s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 11:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/10l431UmhLHpP-I0m4f8s_x6njtrZvSfJ/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
18	drive.google.com
29	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133716525836150743"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3848	msedge.exe
3848	msedge.exe
8	msedge.exe
8	msedge.exe
2640	identity_helper.exe
2640	identity_helper.exe
1960	chrome.exe
1960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
8	msedge.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of AdjustPrivilegeToken 22 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeShutdownPrivilege	1960	chrome.exe
Token: SeCreatePagefilePrivilege	1960	chrome.exe
Token: SeDebugPrivilege	1756	firefox.exe
Token: SeDebugPrivilege	1756	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1960	chrome.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe
1756	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1756	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 3508	8	msedge.exe	82
PID 8 wrote to memory of 3508	8	msedge.exe	82
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3548	8	msedge.exe	83
PID 8 wrote to memory of 3848	8	msedge.exe	84
PID 8 wrote to memory of 3848	8	msedge.exe	84
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85
PID 8 wrote to memory of 3864	8	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/10l431UmhLHpP-I0m4f8s_x6njtrZvSfJ/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff925146f8,0x7fff92514708,0x7fff92514718
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7898557497025542748,11954756198531590529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:5144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff8030cc40,0x7fff8030cc4c,0x7fff8030cc58
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4756,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4720,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4380,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3516,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4448,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4556,i,7068754702305635117,8826428357751966602,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:5968

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5640

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4868
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ad9f8a-5353-481f-99c9-45a95a70b468} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" gpu
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3c11830-24cb-4f4c-b994-5bc1613fad63} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" socket
    3⤵
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 1264 -prefMapHandle 2848 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11087475-c4dd-4b2b-8249-7ca6c36d1050} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2724 -childID 2 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b20035c-ef01-4681-815a-37e23d4725c1} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:3860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4816 -prefMapHandle 4812 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d47ec45-2674-4fa8-af28-82f28b16de68} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" utility
    3⤵
    - Checks processor information in registry
    PID:1612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -childID 3 -isForBrowser -prefsHandle 3704 -prefMapHandle 3216 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c1cd789-a9af-40e6-b8ff-20c2349d578a} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5356 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67b07ff-998c-481c-b14e-334e17cf08bb} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5556 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d20f7b36-c051-4c39-bf2e-5aab87a4e7ce} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5840 -childID 6 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d492931-3e76-4be6-8e22-3abe76d2bd98} 1756 "\\.\pipe\gecko-crash-server-pipe.1756" tab
    3⤵
    PID:4968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0128eb5c6f9dc76553ba8008d32c263e

SHA1
bd24f8b7ee88a94fbd6808bb851b031b02bea3d2

SHA256
1e8c8402a6d9a9a5fd30a4f8d96577a480040a98c77d88b341f54d3784f6bc39

SHA512
b1de60b6e1bb9dca414d546c9bbba003ff157aa8b873b2db1206680ff4f5f0b936787fbb1b0387000e72ca46a937b0ab275667e87f5efdf768f359ab7f24cebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
844B

MD5
3a5c94bd5dde2dae7994ac7135f07f06

SHA1
fa4abc3b5c5812711aa01f7d146ff32e82fd2cc2

SHA256
2565cbb4f0770f0c809aac08fbba8f66187b7c829fe7286be37d8e57532fedd8

SHA512
635d4e260cc029e80079c80de6b676176bcccdb02df30c6b371ac022dde9e8e6b1e601ac8f0d02a8656d2bb0e25af39ca300599e98ad66c233e0d19a40cfe122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fcee2b7a4330af70419bc7d07ede83a1

SHA1
5d31f7d3a29b4ebf0276cc7311719401d0939f48

SHA256
c4e13a453e87952d9768d27e480e9df9fc5c670e0921073735fb65fa34d48b19

SHA512
d30cf9edd0076628fd29b3c70e7b0ab4708e4efdec437ca8cc6edded994eb3515baa649e26be28f635f67f96599316e26635613404fff7b8f1e49b01a8bd3495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
101bfab9bef90fad76e0daa0d924bfa9

SHA1
808ce357289dd8aab0c882d18cb7e0ba80612ade

SHA256
bc67f75cd1923040bc56f616310d50f0f8a0dc5bd78c0bd52b75ac68efe1be69

SHA512
92b9b7a29971129607c56109366f58a7220e828a15c398049c765c8422dde848431b342e2f6672dd46feac20c9c66cdb7849a5bc524ed224faa11b8a78977f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
593310d53579d5f2a266b84ec44b1660

SHA1
a7be87fe18eaa971102431f6765b1c53411ea0a7

SHA256
db635ab68681a88f3fadd0340463f9875b809f22da17bb1662966d8aeb6db7cf

SHA512
9434f796759700ed8f5366d87dc1d6994e9b81169264682723302072678c0a902c46c1388cb57292b4fe51a02f45b896fb4b3ffba18676ddcfe8a011e6e6e12f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99843d4585b7ad11e85788b877a44c7e

SHA1
a3e9020d0f6de9c6f18b766615a938bce97b4879

SHA256
f4bf25a3051da5321b3e3d1429f42f4df74b22b26f3c349097b1d706eafcdeca

SHA512
ac9407b52760d0ce66a5a817e447f6dd0f8384540442b55a88096c4a917483785e099c4971f6d46f938a48c2ff85ace8f316a2fd23727b3db36660814edb0b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c9770ab48cc09ed70657c7b9b03b3c0

SHA1
7d2569c53b903a0af20ffc7e4780691aa4892888

SHA256
2bb7937a7c452386cf12eea4b4f3d2e322178b47ef027e110faf4f02e13cfe78

SHA512
0b498a56b6e9d5dd52efa08ce4f19e6871d9c9885ae14d808217a57a1c798c87ccfd4cce76aede49905cf7975d47d535688bad7851423989c3caed0db16b101e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f74f4f28e2e7fbb83794cdce8939bf01

SHA1
65c38b5db5ebd9399739cbd1f16923f4cc83e270

SHA256
8e9fca36ae8417d2cf3506f3afe91f878b7d0268077ead2727a9797037b99bf0

SHA512
a04f3fc752f7f7899ea03d8962a30980d1e885df74dd2697a65cff5b7cbcaea01b08e8ac2b2e63350f8c0cefb4baccbdb3131e3fe82173417c828abda4a2fc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c839dea53d17c3e0444b2fc2d092ee31

SHA1
41d283050c1a902890e8f16b8df6ff2b8e5cec2d

SHA256
4d7fd987eaf42e9345a7e321ee359999422041c85869d03fcfec28ae64628561

SHA512
74a351136809a47172bbfa3cf101e03a7f988071cbfe3ae777f204eb3cf63652f52ed0f14d0b58b16743c048ebb3be1fd3abc136d9a185f60cf309aae9ad4e39

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
8f46b334bed7a8392ce59f84554ad93e

SHA1
dd423f2146f0035234ddf1704d449afc625e46c6

SHA256
1d32f6074d4859781941792b630248fe7e5eb8cf65c4eb66833f42ed6eee5781

SHA512
2d7d5e6e2aca65f4047a911c63dc1851910307fa79309ca1a7a79f1d8725c09df7b593392ed949d6726950c9b7166577382beb17c0c4403e3e5c00ec5d87496c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
73aa42e9c7b3e971c1b462db31453ec5

SHA1
c80c5b955a8ddf28132fb2852feb8070e17274b9

SHA256
019eddf1fac9648df61658889c50ac4f97669b9069c8c3c6f06ae74a4738af9f

SHA512
6c62c54d038973acb9cffd5f6757f39d8906758c2b51781441b539520dba218393444940aec0d2b6c3b995fcc4a2774f1c1db03a58d38c7295453ef088360849

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\25c9d699-4e30-47ef-9b94-593c2c9c759a

Filesize
671B

MD5
5ae729e6f4efbe9fa004047ceddb04d5

SHA1
d16a0d9a8e5753c188bf6721f4f184a870b44654

SHA256
4876ba08d29797c9ad5c53a44fe5dc67f667a321d842cde1f8554ae2ab729a3e

SHA512
18cdb337823c976c7b9d2810c749196364ac46b4debc77c5bb674c0557384dcd3d7d4d14b4e415f16797b7b1ead8700d45c7cf93431f1d675cf1eeccce8f32d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\65f60255-b98f-485a-8597-820b894f5178

Filesize
26KB

MD5
034d95feb9e7d3087e9eb47fc4f8aef1

SHA1
1454c7c16a3fb76bc59af41cf0c9c353abbb6797

SHA256
dc5b48f55d3caf45f25c1198d814af302edb3db3bd1a821afc6be920ccddd696

SHA512
f555cde67f92db74e7dfc2274f24004b922db5c3c944fe85f8375b3adcbc6b89cac35ef95a23cb158d5e0c68d5b7138792aa840a01a2e948eac9f1102db96f41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\87f6c4e1-498e-4f2e-85cb-d584d4770a8a

Filesize
982B

MD5
28be1e04ef5df3394575c7a7ac149454

SHA1
7e6669da06fe86a52dd0d2aa33696c0edb81c69e

SHA256
404bf6b5c4537f8deeb4bf0c02e99ea7aa075c9e0647ad2305c2a2839f42337e

SHA512
06bbe44ea3c037bca485e8ef14860dcfbb90bc2dd3998503bb3e715f6af745cec1a2b5ac9a56a8b8aa6bd4328daec0e50997fa34c1e6a32a08dd181b8d56853d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
10475e18c7a9117d496e8aba78ce2c7f

SHA1
b1b7b9de097acf50169da43dda31fde30f6f3ff4

SHA256
d9378ecb9aba29745b9e09d6447208831225957bbac0e111fc902e91a423b71f

SHA512
61e07090249de4e0e677630b5c1844fbaa0bc866cabc4f124302f9f2a17845aa5bf0f86c4a2382a259fd9a24b259c978fed9fcc63089010b39dd041fb3ecdf0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
399034913dc38674a578faca5d3f14da

SHA1
9f200512e525152f056578ea4a8f7634b3ca2109

SHA256
90c6efef903cfafd1bf3dede2711fe9ba359094a61af59fa1f8bd4ef6f739887

SHA512
e85a6c7b7c78de9e63c2c0549aa20e3c8c8e9ff9bb493112c7d393b9e9527a17565794e955435cd0506e3263f276a370289b059047df7a3d4a115bb701ee944e

Download Submit