85c50233186f14429d5b37023c0501fdf2ba9b151c4c79ce85e764e057d7989d

Analysis

max time kernel
118s
max time network
125s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/11/2024, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Adsız.png
Size

228KB
MD5

1f4b7f26a1421a5d7aa0a7c9757df00d
SHA1

ae999d8e547a72943390656481d6ac01ce4092e8
SHA256

85c50233186f14429d5b37023c0501fdf2ba9b151c4c79ce85e764e057d7989d
SHA512

ebe69dedcb9095b497fe6b973f5e409578bada141a384bb31772d17c12344b6348e4c36accf2a570ce709ae140e7ff6961b7f8d4c9acdd0033234ba499350e25
SSDEEP

6144:+a1RWcUlllwalRphhPx2u7cgo9lcOv8DEkQL:F1ocsr7lnPTHo9lPv/

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation	cmd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765187055195899"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3696	mspaint.exe
3696	mspaint.exe
5420	chrome.exe
5420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1936	firefox.exe
Token: SeDebugPrivilege	1936	firefox.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe
Token: SeShutdownPrivilege	5420	chrome.exe
Token: SeCreatePagefilePrivilege	5420	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
1936	firefox.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe
5420	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3696	mspaint.exe
3696	mspaint.exe
3696	mspaint.exe
3696	mspaint.exe
1936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 3696	452	cmd.exe	83
PID 452 wrote to memory of 3696	452	cmd.exe	83
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 980 wrote to memory of 1936	980	firefox.exe	98
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 1852	1936	firefox.exe	99
PID 1936 wrote to memory of 612	1936	firefox.exe	100
PID 1936 wrote to memory of 612	1936	firefox.exe	100
PID 1936 wrote to memory of 612	1936	firefox.exe	100
PID 1936 wrote to memory of 612	1936	firefox.exe	100
PID 1936 wrote to memory of 612	1936	firefox.exe	100
PID 1936 wrote to memory of 612	1936	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Adsız.png
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Adsız.png"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:980
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be24dcd1-6ccd-42ae-ba24-374e2c2e3f19} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" gpu
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8931770f-5ae0-4454-86c6-20e9f796aab8} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" socket
    3⤵
    - Checks processor information in registry
    PID:612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2932 -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2912 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9682c67-c278-44ce-9053-ee6db8705f03} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
    3⤵
    PID:1880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4376 -childID 2 -isForBrowser -prefsHandle 3800 -prefMapHandle 2564 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {688c71e2-1360-4733-a970-8db13fec020f} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
    3⤵
    PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4800 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4844 -prefMapHandle 4840 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b00c0bfb-4602-4572-9bcc-5b0fb5c5fdd1} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" utility
    3⤵
    - Checks processor information in registry
    PID:5432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e433bea-55e4-4c8f-a1ee-5f32866db464} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5540 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f4df8f7-0848-4c74-af1d-f58ec3780eed} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe8bbbc5-0c20-423c-bb36-7306236c7220} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
    3⤵
    PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6124 -prefMapHandle 6120 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1196 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9c25ad2-1e95-4799-8229-7d46ae05e41a} 1936 "\\.\pipe\gecko-crash-server-pipe.1936" tab
    3⤵
    PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffffb6acc40,0x7ffffb6acc4c,0x7ffffb6acc58
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1980,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3804,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3768,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3264,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4456,i,8054514072101579936,12582165883627192734,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:5664

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5f149a02-4910-4b96-8fec-71df90bcb4b3.tmp

Filesize
9KB

MD5
c6ba4eea4bf1e7bd2a255b5f66824534

SHA1
a1c74187e896bd2808412ebbe6b2cebebd805484

SHA256
c5cb6846233cac522f91080bc6439e62fcb7589e2ff4b330f6211ada13e06a9e

SHA512
7fd5ddb41e4283716649834fc0b8aa35bbbede00d7060ccbb813da3b1e722bb15f368e46dbf97878be29c0d893b34a5c3f9b8770d3ab86542e6664bc0fc07a86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a17d004f183f05a4ad4e67dccd07ab35

SHA1
7d7cd3ed58618a73498f31c7add7e38e090adda4

SHA256
54199a5e1a9d3c804bc8e22fe43342a5c15eb6920bc6b69d7578491c9350a17c

SHA512
848beaa11b3e88135f6f90dfe852d38a17e21dc6f852f9d92a134ede3333f44b622ffc58ff05b8b93fa20bbe03db460bf803aa974e70363b4bc8d5c7f4888fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2299b5f5b587bac5_0

Filesize
375KB

MD5
a4f9c8a39f151e23c85a10d56543e6d4

SHA1
c3acf7842f372c69f52b78138c04ba108e27a030

SHA256
7b0ec281427883ec67c90dd0021324183145092a03b1fd296e5e1888da6965d0

SHA512
5d5fbfe1a88a57b7bb4ea147857870216ffb1dceeade56b45913e663f40ac8c53bdcab3d8e9d09b801101519e7e6cbbd6e081652bf3df166209226f51dd74bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

Filesize
289B

MD5
c72a5b90b1a64214fc7df97edf7bae6e

SHA1
fbadf58b729d64dbf164c6dfc2af6e329b10d24b

SHA256
171c9cfe60db9e69a2075c18cf3a24cbdc4fc5cd5ebfab91560bd47f2d1dd8cd

SHA512
21a3ba28c6bae92f06f733a17c1bec0fe84e5954f5c3459cbb8fecf0a03e83e736e43b9025f9e5f1cb551c2f33708dac863d7127714d0ed675c054363e5d94f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b59184b44b097ff74f3ac0ab728bd370

SHA1
5c1dd0c45ef260413df4e2a92d7c5931ff580893

SHA256
41731009f06a19d8a070d02d30e65ad5fcc130d87a060bcf510bcda00719e1ea

SHA512
3662a53f3710fbbfc89582c7d8ec1fa9941fe0979b8b3268e98ec6e64b34dd168fdac4809ef4b5383b09a550e9f742d3bbf3c5a24b9f869906214da9c4b30c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d441d2025d60b6cf631267719ee213da

SHA1
3fc651648864326d64b956d607982f4be078370a

SHA256
75a26def8dd4b8098eef3f76c70f8217117fcccc6d62b7c22c5d4fd312826d55

SHA512
e0689d3113d49fe0530292f81674f39ad3ff2d25ef36c68807627fd863b0ce59c008b0303f9484247200d264a8147fb04b87f69eff522a4f15891b4c4f6e26d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6417fb8fd65510f661c9fa5f0c278780

SHA1
538e96dc1ec893ee3eee9811e449170460c6da73

SHA256
9636d92e1bb6863a8a68ab9b8a74875b58a9604f3c0cb5163f584fb9ecd7af62

SHA512
d265ca6de15b31ee61825cd17a6e33aedd9e17fd5444d20f054249e8111b44708a40b845f2f71371f242880a3c477cc8db286bf6ac1b271fc71685b218676383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2d3f024ab8ee9c4981b2cb30f8266269

SHA1
aba91bda594b699e3701a176e68555b16aa31817

SHA256
288b6b8c83753e763ddb90ddfbdd7e96100fc66cff022f48b576d87b393858a7

SHA512
b0303bbfa161ee8a5ff683d7605ff14432f10642154e5ccd638e75c81d049f7f4d3095b8d6d6f857fdf960a35b545aa31f46134339c79fb0163a09d9f57256f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b21068f25a718b25c2bc36e6b827378f

SHA1
4683c8dd4fc0e04729a533f6d27b831a171f8cbb

SHA256
3daffc74d29734223f512acbb22e8b88882e4abc2fadd2809dd42a77f04b24e6

SHA512
4b10372bfe1d2cfa7bd44943975ba9153229a989875ce12a2244bbbfa324c5deed6f0bad41219de17c927dc37bd52f8f9de38c102c32e70120514b7755b0b51e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a5bb37029a5122bfa77f269f1ab4695

SHA1
be74cd353a64d99fdcd44cd94496d726d2cd0bd3

SHA256
06212e2d499c19d4b95f28a92aefc2b0bcdcdf613a3d4c516e6339843a23fbef

SHA512
99fb1fbe536a10d8ac32197604627b0e25747e045fa87e833232597e7a5a4ae4643df04fa62185067b2531c34405ec3f63dab50d7e1a8166d5815aede31e1382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a64d72f07bf9bee9fb6ba01c560292b3

SHA1
e5f3565c2980b9dd2cb24090a0875b1286a3cd8d

SHA256
1887b7e01c30771a14fabf51fb8f095e7e006e764c0df8049e6583d69b9f4d9b

SHA512
35cb26dd2e9db85504551e75ebe56757fc98a8a01c736621e2df759f21d3bf8adc60064839b3485fe6c3fee231ff1469c6b0c3657166cc58945df176e4ac8351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d2fa46fb8c6bd15f8ac06b1b47a93b4f

SHA1
91f5012e5e84e376698688236c55eaa193dc9a85

SHA256
46ac2d7aa13c9edb6c9e36375d58d369428cb874f4c993a1c7d743b3e3f408c9

SHA512
2af02608c0fd74da7bbe14cfbf8d3e0bba3ef8b396494dce6248cbfb5703826845f2b152bf6a20ccb9d7d3be5cecde32b1cb1b9bf4188d7da7514a07a421ea61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
a14cd1101a33dc62abdcb0202c0974f3

SHA1
7703596c21974730d150953e44e84103d297371c

SHA256
70b2175c169c335cf5cd0cc99d6ab1619768df9cca985d7fb4f05245cb265f22

SHA512
b76d272d42404511153e382976a1105f4c1c6002ae51cc8c3810ea2ff24790f3c4936a1313448c42d25c7665b98fd32de523bbc3dc280f855d6b6b889a0db778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
daaa0def548437bb98a49d04c97897f8

SHA1
3d89767e85b0324b90e01f6695de8437ec38a48f

SHA256
3126a2ec3b52d75e9642dabc9d273af021bc5f5a8e32d72b7cccc96a6dab83df

SHA512
6e7de48ba4ede34226ee3f74553e61bc9a3a0b0693e2e5758d9580971b013eea9f3ad8a853e83adb8639348d94c91b40b2e73b1e98d2e8bed7b6a393c51f20ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1f44a66cd207db1dddd25b5abedfd4f5

SHA1
029d2061c6d9110694b11a54426583fb349f355b

SHA256
d988b1da01c093165337f242ca10ade6a6d696100dd1580e58fbf6c0cddf6945

SHA512
fa8e5e0d2b7af7ac9f9f1460e3d22a1fb8e46c4f8483a6ecc2fd6279527c7c405bccf8e3357dd81ca8c0846254b07877a945263f7a2c357e49a22e3254bc8491

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
c1d42e45bc93ebbbad17e17193fedc88

SHA1
9e56b099212ae2ddd53db418407737591a95e09b

SHA256
f61ea8ba490f9371272dac0d2ab51d514d22205ce081f729e83abed25a495f72

SHA512
9b76e1839d2434d84022b98f75785548ddb2deb2cccafad7c7cb9a1cefe4e48e5c299cc489789aa16522357a1c1d8337a5cc045caa786f536a7d169208205fa5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\2B16ACC15AA680352D12943E950AB926A085A466

Filesize
224KB

MD5
8b038efc489aea2c2337038ae18515f6

SHA1
d595885772bbc7f63cc5a628c6c29c2e21879a1c

SHA256
3c1fb257ee4c530877ee625a3d694b98ca0bf74aaa7832c56394ac265104af30

SHA512
0f7bf4fa400c135ad3a26b340d019801fd6579130ae0d20da1f2322dd88afda34e7b2b54054fea0f89057aa05f79f6f1bf9f5ca494ac13f0140221c89b1ee3ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\cache2\entries\2DAFED1FFA4D7E6A0CA81A21A9783F5E75F52F0A

Filesize
61KB

MD5
5f9515412c1d305cc70893b1495b5166

SHA1
dbde094c2ccde88dc0f92196e6ca310a7c08fe7e

SHA256
19f330813e84b6dcb9fffbb77d6c3b2308edee973b3288b7709bc61061e14269

SHA512
41a9eec6f93f18a08ccf56bcb2e1044c4ece699263dea7d03b2c76d3753b0e3c52c0a67bac80016afb65448f03643045db44f17c6b207d3323a98a78d9ea1df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin

Filesize
6KB

MD5
868d0ed45ba0a11ee974884ff9c6dd9e

SHA1
9695f1d03e8bb2d28221f679be88556e0a061b58

SHA256
0359dbea25e35d08a7cdccf931bcf74cdc5f3b639059f4fa6ebd92ce783766ad

SHA512
e728056f148cedacb40dcea3fb1f47e0509005de35284501c295510d6512ec04cbd3bb710e9222a61e1e3e7c47df50a22d5dbb4b7fe2cf7d78f318fbc412d6f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\AlternateServices.bin

Filesize
12KB

MD5
604bf70353e858a864fa7eca73a51888

SHA1
cfe2bb61af5c56c5c7edb68180470b5e20648c31

SHA256
7886fff8727afa0d1d1906d25059eded039f7e39f5fede0572ff9b8b7aaff313

SHA512
c7cf59de04f80fa9fa06e25c8365a7b86e5e152294d98cc342066a6c91ef624779a2b433ea48ac3256a87d426de0bef79a75f82f0eea8b708aefe971cca77b3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
964b1ca8c9d3fdd8b3ce07b13bde2f18

SHA1
72e308189a2001412cd9512d0f7ff0577f0f7098

SHA256
e65863051550bfb76d8d156011f2e46b56c43e70a83285e39ee94f9cd9c8c2a9

SHA512
ef4f8394d1549d73f491123b438ed516a987130462f6686a9ed5cf5b5703a9be627d775d31e5df0000c00489f5ad18f40829f543ba9f3ee509af0e5c255b5299

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
ce0edd8c3ceaf1116e536a9e55d2bffb

SHA1
d4b448b95189600b7b5a83b41f6903ef9345acb4

SHA256
e7e13a844107504dab6c35708419a4572fb25399aba005187c007b89abd8d2de

SHA512
df59d34bda56dbebc41557f16179bb398f6241c03ae876935a647422c70924a1030ec937cdd27904c20bdf643a00a496ca6f358b65be9e8c1ddda27cdad72d4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1b0a3bedfde588e05e3f6e3ec04f6841

SHA1
cfefe7edeac43953658d146c01980f80c9142736

SHA256
da5f621aef39e629c843b3ab9684e541ead7bb5116da454a6a0ad17eede363f6

SHA512
fdee9fa930b6ff977dcf7c3072e92d589dda93986cc51273c65b4d9a01fc9a5022a08f845d93f95c8c4fec1d7f0ddc8b079e9908d142958885af45f4860a0397

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\27ad79b8-aa55-46b0-9a4b-2e04d38b5bf6

Filesize
982B

MD5
64d3a77e662d3b941ecde2cca8e47459

SHA1
caf2f7c0c01594b5540303e419261a729c5a9e99

SHA256
77eb70553ce0b1f5e39c6a1f6c8b8e9c81b1bc0cefe39ce8a6cfadd99149cb57

SHA512
8072a2fbc87f07eea59ea0b9ce926c1b9b0fe18497c49328c45fa145ebb0ee55a77661ddde7f8bb72892c44e3b33d7109d02b1336521e5918262a0cb95fa77a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\b5dd0a86-4ea2-4f5c-8520-ee829f851059

Filesize
4KB

MD5
c2e6db3c56077f608bf034a621449644

SHA1
b0dbfb2e1beba4c6f83637dbb6c78aae1ae8d84c

SHA256
042c83ce8dbbf88640dc1d1b8cff7e54b6af22a090a7ed7c2dfb2f96c69d0b96

SHA512
25e49dab1d4ada825d6caf62f87485732064bf495c6400ccb23c19ff565ca299d1eadf608fdd961bef4a067e3c6cfb31e1482a90499f0c49ba8c717e70c69274

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\cdaf6e35-b1fa-40ce-bf95-201d7677c0fc

Filesize
24KB

MD5
5ceda2c58b22e14f25d5cf6199e176d7

SHA1
d2a38c0f2febb716d6f7ee1739429ca7e8738f8b

SHA256
d55e177485c8f47c0748bd33b0315f975647f8c5b6043dfb33ca8900c083a235

SHA512
f8497ce7e42f8f78d34480c080d5eac1c09a32d4250259481e0f3ae93d9926556121cb6d9d05612d7bf6bb2818536aeff86817452b02a0c75fb7732e48519228

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\datareporting\glean\pending_pings\dde71929-9162-4137-9e99-6a8e38144170

Filesize
671B

MD5
e548d631659acebe95563a8f8ef73ac4

SHA1
86d8cd07312658c387a1fa48cc1b0131ff675473

SHA256
e56dd8d0e9dd2eea7b4bae9cbbd5093967383b5238e2394f92b2988bd5383236

SHA512
68dd37b4ba5d8d7e9d1c52e9322e3fd91216861677f73e352bf71149ed7620823b84393fefbb1e9d6e85398d44b3923e470f0602a4110d32f544a05beeac9ff1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs-1.js

Filesize
11KB

MD5
5a6434a8a3d7a408eeeb728feafdbe1c

SHA1
780bffe021bb1456f5f9b502414e07e406762060

SHA256
2576c0a5ad3ba686741d05df4ed54cc745e50e7ea5ee0b3a5fa1ed0a01135a73

SHA512
4863880ddb7304bb0bf10b45eefbeeb61f42f0a7fbd57d078eaa7540e1a40bcb37b925e1ffac8dd7bae393706a71f79be24b8be599407dccc8acabae06893b20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

Filesize
10KB

MD5
5e79507d5607b12da950cf7a6bdd0231

SHA1
6791d5c948e997ebb3340d15f48b8050d3263886

SHA256
b6dd686cb09f7c99fc13b945d8ebb64de22c29edd868bb25e12b693945ca3a66

SHA512
6c7d78ce17b44b6f25df79e0bab3078c7ecae8c753c81000a16023b54ed42bf74ac399cbffa8791a758a93c0ff3109fb650643c890a31cb88522ef5199f587f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

Filesize
10KB

MD5
606bfa88b07f78970dd16c2d56eb9e66

SHA1
ed4c5a3424e49a6c9382692d940131a96b776744

SHA256
ebffedfb6f1112edd0384ff7d073978ba0e74f4270cf346945b5334c7a54f758

SHA512
4b8e2f852a127b7ee803e790882b6f5f7c69bd96dce0590088d427458e4a723f9b7a1179c2a402a3e7816a741ac8dfdb0ba1bb967435ac3be36a2d1c3236cc65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\prefs.js

Filesize
10KB

MD5
48f5a090e9b4de04e8514408e0a0fdb3

SHA1
48d12511e5f46ae1788cec635fa9a496dbdf0cca

SHA256
dfbf79ee784dfe6b923ec748ecfeb4b691e5705438a3a6bc0d5155caf3a61643

SHA512
26f4dbe0d217c29b292be9a072cb56b7a147b90d60b8b311d31cea4b6423cc4a8b473ccf9ba32d714192df4c42e53084b8478095b8341664a606a5b9ace87a6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
a4760d950bdaac85a00aff2c9ad6486e

SHA1
799871f342de849acc360c9a7646c4a15a059f1c

SHA256
06aaa4d006c8e30e60eff5486524aa898f262442e1abe2f316b58c29dd2d3f96

SHA512
b0d6b9f452885e456a8444354fac14bdeb3e66a9813667998d0828455dd0479b870904eff03bc38cf2fb51a118dfef41ad647a64c98f9cdb8fc98eae12aacd3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2dtnzpu.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
e9b66a84a0dffdb6b04038183d9c8425

SHA1
a2636c868573590332cb71f00bd1847e43974918

SHA256
e5a5e34c21a0253c0814e774c91b14399897ed5ce41608e5d4a130aaa972ab17

SHA512
72b128828e0517bf1613eb58d13bc24a87fba907ecc4f11b1ab7b84807698159fbfc2d739ae2f3ac9797b3efeb73ac82862f8317fbdf4acea5d31f27d79558dc

Download Submit