hxxp://cpcontacts[.]uniperservices[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cpcontacts.uniperservices.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766601999842907"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
3644	msedge.exe
3644	msedge.exe
3428	identity_helper.exe
3428	identity_helper.exe
228	chrome.exe
228	chrome.exe
6760	msedge.exe
6760	msedge.exe
6760	msedge.exe
6760	msedge.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
3644	msedge.exe
3644	msedge.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
3644	msedge.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
3644	msedge.exe
228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeShutdownPrivilege	228	chrome.exe
Token: SeCreatePagefilePrivilege	228	chrome.exe
Token: SeDebugPrivilege	5700	firefox.exe
Token: SeDebugPrivilege	5700	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
228	chrome.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5700	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 4568	3644	msedge.exe	82
PID 3644 wrote to memory of 4568	3644	msedge.exe	82
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 2324	3644	msedge.exe	83
PID 3644 wrote to memory of 4948	3644	msedge.exe	84
PID 3644 wrote to memory of 4948	3644	msedge.exe	84
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85
PID 3644 wrote to memory of 2616	3644	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://cpcontacts.uniperservices.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf92b46f8,0x7ffcf92b4708,0x7ffcf92b4718
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1263369555486281246,8124266630907912201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffce6eacc40,0x7ffce6eacc4c,0x7ffce6eacc58
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4816,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4692,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5208,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5024,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5168,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5204,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4552,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4032,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4400,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4900,i,11283021563379557647,18396261550838129022,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5868

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5524
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {096442a6-cfc7-4759-95a6-45d78bd0ea0f} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" gpu
    3⤵
    PID:5912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85fb8385-06d2-43e8-a7d7-1a826debe692} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" socket
    3⤵
    PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2912 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10dd72e2-7d28-4046-8afb-62bc16ff37e9} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" tab
    3⤵
    PID:5796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4292 -childID 2 -isForBrowser -prefsHandle 4288 -prefMapHandle 4284 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c97fc77d-27d4-4f5f-95f9-5c02009cc0e3} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4664 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08423f82-d886-4202-a1ff-980fa48aa8dd} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" utility
    3⤵
    - Checks processor information in registry
    PID:6884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 2692 -prefMapHandle 5348 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b814c66-2b37-4866-829f-4a92825e622d} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" tab
    3⤵
    PID:6228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e63c836-d5d6-4f71-8e47-47283d630d38} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" tab
    3⤵
    PID:6240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b095fd76-ca8a-4ee8-82b8-368b047a0e82} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" tab
    3⤵
    PID:6252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1624 -childID 6 -isForBrowser -prefsHandle 2736 -prefMapHandle 4260 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ab3cf54-7316-4058-9b62-63a4df33e6aa} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" tab
    3⤵
    PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
08574b9ff3416edb8cd7cf5cbf51fe34

SHA1
6f55790cfd4b9575f1e739094604bf5db430ae81

SHA256
84ddccf77d9fc38b5f3b499968fc2443ecd75e9c5983d811643ad29bb2a53b18

SHA512
9178eb9b1b8a584b128c799b0b330cc7b8f0ed9e4c6277e863e2885cb5ff42fea39251281fed57da941f78ffd8d4d169f75e478be683b4ee171b324e2862a12e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
950aafda08b18befe074a0bf6868b4f4

SHA1
a216b4e3b3f53d17bd489edf892ad8ef614337e4

SHA256
20dc388b58555b19b27a5f3a080274c87cad3002929259548969eee7be70e426

SHA512
a082b2c199bd8eb48a47cd8519211faca8b2eba5dda0b5cee7850033e455e95ca1bb048d34e05bf76eee731fe31e58089e4c284a454aaab99d0c63939f98fa60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
5659d851a27ae5f4b480fc8db62f132a

SHA1
3c8df4f16969264a9d98b45139dbb16639cf576a

SHA256
785512412174a509ab29db67b42818f1c91bba2c45c85a488e4ba8b7551728e0

SHA512
130b2d82aa0c16124edd416938c7ff8197c715e426969be5aee61e1e7dfdbc63e33e3113de887092bac9b4441e5b405a3cd09891e0c8c3e53f634f613c649873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9e858b42725ca6c9aae82a89d66aea60

SHA1
33de93c1b105c3cd26327f4fe95ffeb8679875b1

SHA256
0307004976130a3831d480801e0543385de84778267ce9a8aab2e32e3507e8c4

SHA512
392e6f782f66000959c24971b3f980596c07c7bdbe73f27f690bc3901c9bb48fb9cfca6b1267ddc62e85da5aaa572c1fa513ae87b33cf98b69d36b361b2900e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdca79f40df7f0876e122923ab613258

SHA1
5fe3484678a204833b74cc979a8f27646d8150ee

SHA256
55728cdad1d75ee45025fbab9259ab83b0f1fe88860385e8846a8086438e4cd7

SHA512
aafbb840ec7c0a694cf24db144d0b0b25d21844bd78c67344a4f5891814ae0f8e5299572174fe178fa4e2d167631b03d88fa6b99e9a330679e26a948eb3ebfac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdf5fc9ab345f15dd0e26d1d580018f5

SHA1
36ede22cea5697e1e914659b46ef55ceb61e5e2c

SHA256
7c852ff406dd3a8df2fb3b61792f1c418fb32b4192eb5d78eebd4c708e26e912

SHA512
1fe4b65416af30983852661c850e867c80d154436bc83983421efee1bcde44ea82c2e95b6750ccaefcc425f1ef970bb3b6e5c5a83b53d3d94103f152b3d831a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b24bd29828f42129e0cfce2c9009bff

SHA1
978f1cccf9bef270ce2957817767b7bb31a849d5

SHA256
ecf67f790d33e862395f187f217866ae53bb51d579da28e60c21430fed80c68a

SHA512
b58c7d8b626a4c437f2fedd2845b4a1b37561717f9f04f8478f0df43090af5b33f31818a302ed6a0378e4150c1e0682fc54f3da1a4e54032e575229c64afb430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b270caacbb25ff3500478cd31ee473fa

SHA1
23607b4a316a8dcae9032af8eee33c3dbb4d9644

SHA256
c3acaeae8a3ff58c305be3da460363b35b8adc9c1b4de08ad115dad505d584ae

SHA512
f5729458d5cd0b6c03391efa1cf1a464e68d4b4a554c42dff09564dcdb15503a64cfd7b9ecc9e6067750b37747ca4ba0366a49d23c7087778653baeee6f9c40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02b732007b9cb8463fb1c5fc34a0a75d

SHA1
5cbce991019d19b382027b4d79ac3d745c49a5ca

SHA256
19e0049685049dca77fbddb095bd45892f04abcf1774a615e89820cf46541e68

SHA512
57fc6ca1ac1256a5cec71270af9ef72fb505e080bf054432a4542c79737378189c0ef5fd78007670fa53cac6052ab1a9322344d2282d359281c785958019875c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f32b9cca2b2fa3253d0b9860aa82f250

SHA1
1382ac9a323cdb52b395bc75c97c528acf904398

SHA256
dc34a844c7e3664d444879278eda7ef87ecbc76d850fd791c8d8b73704ff6f49

SHA512
29b37df5a8cc1015720e6c3bb176994474c551c7150fc76cc38ae70a1d3649f8669ca0c626f0eae40fba9e2b466473f296aba8e85325c7ab5d44e9244d5883f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab82125aac2042a39a022f6cc5ee3334

SHA1
4b3560bff3428c067f911f08d36d03033f7360f1

SHA256
62d46aaff077b8e5596394ef6402570db956d82d7c9bb40331dda61503c2421a

SHA512
2a878f8532f62fcf3d3d4dcf25c31857a551d2fcdd0fe2d5c5d3fed3f2967e432adb2e7159b96620ffa22c4ab1496943542c3819f53f7aee4269ca3d79e7746e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d928ab3ea24b82880ed3907419f5518d

SHA1
b7aefbf522366b0c7f4debd168695fff12136196

SHA256
b84e00cf9aeb2c600c785cc40abf3fce7a48bcf4a53188bc3070aa9594849139

SHA512
5ce2b506c358063bf0dd06689b93474740b41ed1b540843eb603cd5bb85a56c653d27ebbe2784864f5c0c82d976fad8846c75098dbaf7084bc01498d343a6546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c2cf08f5bdec86523a7f4d53ddc7ca4

SHA1
e6158773b00725117a9dc67e2be1383c1dd23e0c

SHA256
0a0fc30c75e2a7674fbbb88fd5db9367a9b20bfe6c76406594f0859ff46c7e4a

SHA512
3c7b808160ec321704abc866226ea25c518f319580b23624b20780df103915fa433af0436fe9a2c7a0b43b18fa1bbee03061fc802e1503becfdf7ceef667240b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f605ba9e862b3dcca2a4aec09c544cac

SHA1
8dd531e17fd5a0c268ebb7e558ee4ffa9934d2c4

SHA256
8dc4f6221699d9a2afd4bbf50fde1c2513e06b5cb8658d0ed6054da21aa43ba6

SHA512
54ecff56361ba9b587700b8f95034d5cc939920b7bb5b7589860491ec5febe9fb1274a7295411d7dfd10ef08f5bb23d4ea125a51a98943af605a0d97a71f03bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
d6c00d1b577165c401a44530ac05432f

SHA1
813b082b9752387f85a23b41ca422026aa3a1c79

SHA256
03c1e80b485c93e086d29386781a7d37e892f5657d5620b485ae060e3fb33bee

SHA512
ff896ad6fb06aee2694c18945d7bca17c359a3170142568edbe708cce04f36ff379a1bd3c6afcbdef3e67fe6ef6791d7f6470727b2816cb128b2c8d501132340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
76bdbd233a5174a654a5cd4b127c027b

SHA1
95b12c4c8ca030b22f7be32d40bbabad8121585b

SHA256
7d93258da7a028155c04979704aa14ad842e91c2bded709af33ef602cd0aba3c

SHA512
97ec22a3e2a048bd0949e4d4b79c51ce7a97b4914a424f7cee1b61641300fd642a926397c444d9f8412dffdd03c6226b8ce6a0949080eb0c7b18203e33963687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
8d5ce6618124e6106fd84eb313c91923

SHA1
8aefdcaa1a8235da7ed669973e4b174427cceebe

SHA256
5d1324ccc0321711b7535db646b0631879456704f009109023443e573735fdc1

SHA512
6382b6f4256c1378daed2917713a407e819cc513a4840f77b8ad7375a931e933f0e29ab1deafd1f1cf137620638a814844855b4cd115e8b3d4ed1abdb88f4799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\59834b41-2cbc-47ec-ac75-72b48c96645b.tmp

Filesize
10KB

MD5
12ba665bf8ab88ad04f118191b23ebe7

SHA1
e585a6789f92e20cd9fe0d6980750f91b85984c5

SHA256
43d2bb6d482ce864f87427184983e22a752dc8ef626fa3c0be933f51b794fcfe

SHA512
55029e0782dc635a810db94e5d5e44080c409eb51fc22c6c8de74b6a0484277ce3ce4111c74773035ad1ee30082b313b419d2186633d7f805ee1f828183a73a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95dd3673e8329adf9093d982a739b97f

SHA1
ca0e3760736dfeed83f77fd88e6ecab56a4e64f7

SHA256
095dc3e1ca260086c7a88135aff90a569922104acf3db82f47241be62e164f98

SHA512
8d48c14be20947ed0af4d10071558b3f60912cb1059e36c2461f73fa2d77d43f477e63c88fedd8af7aa260872b17a8bdd11632c3f7a9632d2ca794c76d7e6c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5116e21b4991ae55b3705977b6459301

SHA1
12731056612cd0f6298218a24d8204a6f310e645

SHA256
a851f45ebe5cb03a6e9aeb3fb081229202d1b268f441cea805be6e1575dfca61

SHA512
5f100ec79c5ff811e0fa57b07d0ae10b8e197914bc70b059148f69ae77d2502bcb891c84590e1343bdcfde1aa52733e4b40cc95f7393df134ce3809af339fca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97ec6ca2e22204bce42ae9ceb5ca2cb0

SHA1
1d300e8959245ac1b0539614bd0436083a7dbae6

SHA256
be305141da607b8d40fb2d4a6d393218a88c560453e288eaee58d261b4dc64f0

SHA512
62971f4bda404204513e6ce64607e12a7937f435207d7eec25d7f88c636ce8559a4253c3a710e9ce27e4e01c22bdd4005dbd3dd1c908cd31c82d8e183fdc723e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e6079be1a0c421bb832e23be1c886c3

SHA1
190a6c5da036982b0e8a986db16d0845d2c1e369

SHA256
42055bdc08fe66c43be8b1b3bdbcce70daf9c8de71d12ab1c5e2321a635e2935

SHA512
ab8faa2af374039b5e3f3700ad58c7b061f122115e98577b905ef0384db966acee69b5a9eff01a75db248f4e91da7abd2798f285d6621146299657681236d39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2bd3446003bf1de3616031fcc42acef8

SHA1
ba3dc325324645f7fd4419c523bf5beae13c5831

SHA256
0bb3fa3ee749b74439091a541ea1f8731acbb6d6335420ac5cb06897cb19650d

SHA512
976c309e6da4ef499d972709cf631cd8ba6615133b5921421e905d62a91aabb4bb84f9f57f513bf7323a9fce1223d29ec212f743a4ef49d8526899972b691133

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
71f2e9b7ef59e6b5131c901b7c036031

SHA1
a8ba4330ce28c992de31b7600ff5f9ad31d425c8

SHA256
a80d9b630f8db680eb445c1b07facd6482f79fb293e9508396c1972b418ed971

SHA512
c7f555716a492918bd0cc3579037de72fd99d718870fba77f2b2f32131cccbb765e88667cce1e749b82a58289941d3e8b2a4645fb8c6db6aac68e0c488421802

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
6KB

MD5
5374d60b7da4c933bf6230a3d7b5b713

SHA1
9837cab6d57f7ecc9b00b733b850d0048d677ad9

SHA256
c68bb7707d03deb3951a312164bf2ab4d4534067d144ccbb4b271e7b23de01ef

SHA512
9c463ae23fa7938bc78383cb800926a4d6d3fb116533869df1a3053188df4cd2aab5c741ee46a29dfb075cc4e794921dd3f1191123a72fadbf9061817745ef94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin

Filesize
8KB

MD5
cc4d763e08e95bbb311da6f48b613b63

SHA1
09a714e498a328e14e95e4df159937ac92e03125

SHA256
5d2a8dda41171b7bdf19062d520e6fc0bb709c22ed9e00449e7f40ca8bbe6ca3

SHA512
229f50b9c00bfb5dc681ddf8056b7f8717d1daec130c1825fbb36c7dc5f45d019e701b23dfbb761cd2fa0f3b9ef8c70e84dbc2c9aed0cfb1790c5877c0981db1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6f6a96d49994cdc15de8d19044c17172

SHA1
37fd94bd575b5f8451327dadebaa320f21786fec

SHA256
78d7c1c603d5f84a04fe3cd2ba1242f37ad961252f87122e810a676b50cd8594

SHA512
3694a536943bf278780ddeafd59f56714055330fb9abb3f5cec8fc737c6e52f3660ca769dd8ebe493c721c31a3f4959ff711743f28ce9975087ad10f2d64d3ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bed034a8b4746e55af35e7aca097feba

SHA1
7b8da091169944c849191883c713194910536662

SHA256
d29bc4f66de950a12b25d53eb9f263728016028ed49f135625daf29bfd837786

SHA512
09e0632ae5edc3610a6368410865a983937222066ce3967e2b642fec9c706f09aca45727c04d5b605f37a3df699f7b568d018f9d871eb4b28f84eda43af04b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
af20c1932259b6e9bfab1277ce2418a6

SHA1
1ff3d8b707c670ffda0881c44ab7e6746ef2c495

SHA256
f63a9833a9846b9d07673e42abf13b9baec527d4c91d3d8ab762e1a97ad6469e

SHA512
a17a5b6a45eb5cae2bf46c8feac0fd4b153f92dee1ea53dd899edeb02878c877c5a2ec9cc38f7411f7c82bc0cb5810767e497b4b1283f9426a58ad6adab520c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\060b92cb-9bc7-4a2b-ac93-86d4ef434bf0

Filesize
982B

MD5
93071d097c7f11ea4f20d469b3852c93

SHA1
84d8405a99505997162df7e8aa27c9b3714de060

SHA256
dff46a19498a1aaec9abe085f03bb829134caf799eed9ae91eb878321e0c6e4f

SHA512
9e5b852a6d53d3bb69ff942a919e798a2f661c5c19ca15d9efcfdc8cab12b0055ed064a810032ad13a874743b755bd2b4def57aac11079ff9787e8e40798d300

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\0ae7ad46-fc0a-421b-941b-fb01f5959824

Filesize
671B

MD5
ec3f02ee2cf009ab93a2caf85fb4e75e

SHA1
e4f7ba1f70c491dc36d0a30ca1672dd699b6b6a1

SHA256
832449b5c01e74417aaa4074d6cd83c777c2e26ce92493b844a35a76c54c7787

SHA512
3a1cf7f95b8efc55159c8c23a5d3114a92290796d45bab663bb97fffd96891d494ae394c678959900e11589fc8429a2a1ffcb01d22c39cb2e71accba3f1f96d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\5f0856bb-cd50-4b0b-8e23-07556b24edb6

Filesize
26KB

MD5
619e52e93c69bae0b8c2c0a33b45fc68

SHA1
757de44c0449853f1828efcbd9dbcbb8eb93aba5

SHA256
97f83d58abfb7c45c8d5eb82b47a89619ba44777509cf2cddf9138be9c2e830b

SHA512
878123adfda26448c0c47d7d99170c972bd2115148ee4394a6f9e1a800cfbaa31032f5eb66626162062f11170d46a109cc3ec825122e33d26557993d9f0723ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js

Filesize
10KB

MD5
f15ab9b50b9b95825faa71dd6f8ed9fc

SHA1
f25ca75aff9e2cca3fe04c362d90295614da7d4f

SHA256
89198dff424274a75a24f61a5d930eb1a0431f3ecbb9ca84ea96acd1dca2e86c

SHA512
edd82cbf68abeb9d8e25281561138ef508c77c2121218fb2be514032e41dbe10a274bf30d3e98ebac613f06f1fedd2854feb522fb6c9d0a38245d6dbf15f9824

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
11KB

MD5
7af37fe89baa708dc94aa96c7c37f82a

SHA1
c96421c2ab347cca3bf05e5a386a5685f6a48630

SHA256
26e930500d64bdbb7d19a07c5d7d0285b3da8d7d3c0676504419f2e8fdc25812

SHA512
72fe4e17d337076b19aa808d4ec182857ced5a791cea89b75edd36b5cbd501e95476c9b6bc9558a9e1677e01da3e72881b37177cf39fcca8ecf3cb0bb66ba4c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js

Filesize
10KB

MD5
348bb60cfda6d09d295c9ba00fdcd54e

SHA1
fd50e99e3d504f4fd8166f85f50d6d43afb8db4e

SHA256
b44fa7ac1197697aa0e5973286d073c5b71dad8b3fbd427884d21cbb0fdfa0fc

SHA512
aec3d190addf038f4aa9ada0bd53f7f010ef668de7b0d75b58e99b7c2d0ea1eb26ca5f4d16ee683a1ebd13a3a127410c3e67d94a385974311a2af755c01173fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4c1fc1f64308dde8e22c29ef1cb7ac73

SHA1
321f14a5d4fd5683fc7d8f704858aa49050d00bd

SHA256
b24410e9e3328ab36cf21286ed13b4e68c23f7401c2bd7c0a198de7bdf06a531

SHA512
07825f2693ac8ec3c2c02ef2bcff1d3681297ea5b744be1496039a3beedd5843f1b1f2f8903374621a1484e8fcbcc42bd1feb393fbf787d71b96c9eafc73835d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
b5403c86239b605b19f44987e75c4469

SHA1
ec808892486c3ab9186a10985cb4b66c8d7e5298

SHA256
c2d1e5c7bf29aeeb351da3ced0eb999230f95f063ef97fb189917952e7f1f160

SHA512
2aa533b873358b315539c67012cbeb7086ec60c94b0bc8c9e72c99a380af9e3854484e92bb8bf3497c58e02f12c6bed1635362b62d93e6174784ee799bac4dbd

Download Submit