fa976ddfc32c90662d7c89401197c650d5b243859e0c0d6ef66c7cdd66644bfb

Resubmissions

21-11-2024 16:37

241121-t4391atakf 1

21-11-2024 12:27

21-11-2024 12:24

21-11-2024 12:05

21-11-2024 12:02

21-11-2024 11:13

21-11-2024 11:10

21-11-2024 10:56

Analysis

max time kernel
699s
max time network
782s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LIL BOT.txt
Size

161B
MD5

af501636888bf06a8bb61dc6495f7958
SHA1

e743bbec7ffec3cb50cf6fe8e5a7c4a87dad1fb3
SHA256

fa976ddfc32c90662d7c89401197c650d5b243859e0c0d6ef66c7cdd66644bfb
SHA512

52345fc030037f113f55576224ea196a686a688bd97e54a509830f5b6719c546e249e6694ebda396f25a22d1d468c003c04875a0c8cac6f78746a5dbbb9c505a

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766604853034979"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

firefox.exemsedge.exemsedge.exeidentity_helper.exemsedge.exechrome.exechrome.exechrome.exe

pid	process
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
5832	msedge.exe
5832	msedge.exe
4176	msedge.exe
4176	msedge.exe
6060	identity_helper.exe
6060	identity_helper.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
2560	msedge.exe
1912	chrome.exe
1912	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
636	chrome.exe
4432	chrome.exe
4432	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exechrome.exe

pid	process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2364	firefox.exe
Token: SeDebugPrivilege	2364	firefox.exe
Token: SeDebugPrivilege	2364	firefox.exe
Token: SeDebugPrivilege	2364	firefox.exe
Token: SeDebugPrivilege	2364	firefox.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe
Token: SeCreatePagefilePrivilege	1912	chrome.exe
Token: SeShutdownPrivilege	1912	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exemsedge.exechrome.exe

pid	process
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exemsedge.exechrome.exe

pid	process
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
2364	firefox.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

firefox.exe

pid process

2364 firefox.exe
2364 firefox.exe
2364 firefox.exe
2364 firefox.exe
2364 firefox.exe
2364 firefox.exe
2364 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 3076 wrote to memory of 2364	3076	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4472	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe
PID 2364 wrote to memory of 4780	2364	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\LIL BOT.txt"
1⤵
PID:2576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ecb2b05-23dc-448c-9816-c21f26c7bdb4} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" gpu
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b265f366-14b9-42fc-a022-431073f72c28} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" socket
    3⤵
    - Checks processor information in registry
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2952 -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9d3596c-d9bd-4050-9ebf-fafbf91a72c3} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4264 -childID 2 -isForBrowser -prefsHandle 4256 -prefMapHandle 4252 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64b3ddbe-283f-4bfa-9f36-ad58f38e0e13} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
    3⤵
    PID:3884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4876 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0c28efd-f140-43e5-b055-13defda88395} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" utility
    3⤵
    - Checks processor information in registry
    PID:560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1452 -childID 3 -isForBrowser -prefsHandle 1460 -prefMapHandle 2632 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b52cf7fb-05f3-442f-ba12-5d650ded14ce} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
    3⤵
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 4 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {697d0e5a-4a09-4da1-a052-14ee122cbe5e} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
    3⤵
    PID:5812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5732 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97f7d878-873b-4a08-a7cd-bdf1859ba3cd} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6052 -childID 6 -isForBrowser -prefsHandle 6032 -prefMapHandle 6028 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b384d48-1e9c-4c08-9d57-4d51830ab495} 2364 "\\.\pipe\gecko-crash-server-pipe.2364" tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\48153b26-397e-4cf2-b342-c5933010c756.dmp"
    3⤵
    PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb7f4d46f8,0x7ffb7f4d4708,0x7ffb7f4d4718
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,11896774957383393912,1621733304437794622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb785fcc40,0x7ffb785fcc4c,0x7ffb785fcc58
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --exception-pointers=49907522928640 --process=180 /prefetch:7 --thread=4884
    3⤵
    PID:1776
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 4432 -s 620
    3⤵
    PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1980,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1852 /prefetch:3
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3688,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4052,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4868,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4376,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5232,i,306208429968130559,2811277219436114316,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:636

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3932

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
1⤵
PID:5760

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f551bb7134ed9259b30813051be58696

SHA1
e40b0b9f14d92adb49d7c27cd9f81d3b143ce8d1

SHA256
e1fd73f52ac6031be4aa029dcd792bb75590b82ddfe97f236198223479ff0a57

SHA512
9fdd87028b3c080db7a732e24a5425aaaf8f3f3a613d8adcbec38207386e24475b03659eaddc82222fd72769e6cf60d7b4b5b18d039be51103eb6d5a8cb6b757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b27fea4aed59eefed7f334e0831d2c4d

SHA1
046ec522494c7abc0c61d9ae9ec82ae1db571cd5

SHA256
f050cafd1a45b76ec2f47a9e5361ce76c4a6d2af66c4b41bcd05d0afde663ad9

SHA512
f95de0f812b09cbc7dc84cad3525456d665adb468c77340017bd810dce8d0b1f870b70895e7366492049775063e1dcfb7928071ad061d30cc4a8d8ce0c03dfcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
592f7e996466ae2379516bbf0338dce2

SHA1
039abcd018d17d77dcef7bd0e265acad85a1eaab

SHA256
95e5354c4b0acbbdfa392d1b5afeb29e8c5ef2cc2f51c1a42cc600abc5feb154

SHA512
e3c04e89c31b41f5d077f1f8be58dd31cd5667fa07b45bc5473823b49ed8b0129bde169687a658d02ebc8b930011eb8774bff48cd8f10ce93a470d3318d1ac2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
62c35f487218b3d1e52e7410c5d42f7e

SHA1
28666c50dc7147beed93b326db3904c8854c4831

SHA256
efaaaa905c86fb73b448d5ef8ba817834a75cbdb6c67ee504a944afe5b6c902b

SHA512
883e2bdf262e97ce3ed6ccbaa22becbfa83ae2d2734502c9c0c2a3b30a3b787a9eaaee3759d1b27e7c2f2af472bc5013ad79ff2bbeae1d6c1eb3c858b9d766a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b8466fbc638868d129ec288b9b5cf58f

SHA1
2638186a21853244430c0607e095ea5397f5192c

SHA256
ca035cc672d4c252b59f47cf3e4938fdbf41874e3e8024fa3ecf99d606d44e69

SHA512
21d603eb9f2e2588334043706e19b51f1e03fb83af48277afffce0f7d179d1b906fbe49d3e101aa461358d7d8f512ff5114d04be2c8e41548da697cbcb25f8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06082d56ab8f4dba519df253c89d5b8d

SHA1
e36fff8a56797d1fb60860619e79c2e0142e2ea2

SHA256
0484bd30a6df59887f041d2859885d90682c05bccc9efffaeea38636bfe84190

SHA512
00bda1072f11599d7e0109f4a8f8f9ab6d17066eefa1a59c0021748c493608f9149bb97e0ff2a75650b4d1af1b73334e72db08ef03e7833d973b343468828766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
23470af44b15b7b22805b7bd988af45c

SHA1
837e1ebac11828d7eeec571cd189d5c0cadba530

SHA256
9d4fe45148253a0bba7f1ff3c3eedb6ded6d3b2fd4eca15f8d2965208fe2d867

SHA512
e0bec1bb5be7902cbb409fff191abf914d0392303a536329bf5d21f24686e2c1e7c5816cd08572e136987601d080c802d9331a7abc95cdbe9abd173cc6f87fab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe30e9b22dec64f07725ad2b5df05ff9

SHA1
d8c1fc10c5bed8c477e98687878874aa42022a77

SHA256
30cdf885ac290305d2ef65c8cf70111166bea5df1c8148c305ad4b5d90d2e3dd

SHA512
6784954e04f0dfc2d3fdd0e1dd726833c43d2f8cf9eccf5e8010d352cdfc493ca87a77c12d95fe610a7fe0492ca004fba3d9ce206f47603f5136a278bb7d9d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2c8c6f4412756debef37f53d5eb3a2a

SHA1
f18c4a153de5bbc34d7010cd4b12b7c5f1243eab

SHA256
0b75910e90e07e5c1ed4d44f9c1a803238185f2338953c6ee56230041b743a3e

SHA512
42a8ab333c64eb232da24651b132faff0be5c16f25f20e7da00d7de30dda0c0c2987a5b1fd768a8fa33e94647c1a61c392030aac558b4d7792fa4800bf01e5d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7894d08ed779151ec1fc8e572280a119

SHA1
b4b9ae4d0150c078610fc62f4539c359265d4546

SHA256
67c9e4431edd5d21aaf524e745766d82366180df9c23ecad08f38034ba9c0d75

SHA512
25b4e16c49a8484328f9be3e88467a8fc9d114dcc73d80f14f3d9524ee892e197ae56d81548fd310533dec4dff602b6856827ab543400862625aa4b6b445883a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0847fdbb39b65281257bc971c69e1d7b

SHA1
76843a485ce3b326e0ccbcd41de1cf287b1384c7

SHA256
f0662f21d879ad519fc5547ddd7778e8648db87b92dbd3f9b043d0f8cb9861ae

SHA512
7299c1a3406e4ac54563ea8e83e322e8c28011f8ae99ab0ff81cf19985981eb9cc75b67f6da27e041063efa9c8551468e2685f29e3795c4ef1074d0b2020ff2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
27060065c7cda17176ccc2f763550755

SHA1
b0897a344a4b7fea7b682cf0234bed2e8ce68762

SHA256
3444832fa33313837657c55ab97239db8a8ced4703d7787ae0089cd5c4abf3da

SHA512
0f1ed44b61d2288b2e30b2eac0ba1d2b2e26cc1b789cd3857ddecb3ce9dff21a14eb018f2ca6b241cd6efe01fff4c52543bec0d3b9954673d894ca5b8655e261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
7d9de663d83772e0393cb681dbf6ebff

SHA1
7fa6b485a225a14101c331ff3dc8b981e950d0ec

SHA256
8a66418df9eb94b03621b82f97d785368787afe7530ddd959dcf7aa631d01072

SHA512
648f3a14ab26a494c0e1e13bd48fbd414da86d869d7c89c6387ee57cab854b43c96a46ebf2e1edc4cba5c7b9ac4b803a92c2af49a45e07a3f71f0cc02d70378c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
314bbd8081709343726c1c612ffa6f4b

SHA1
0057bea1778ed19eb41e1ee1212d2eaf27f7f652

SHA256
4dc2b4578645c9a21377c37afc200d327f5d4c7f4e5fbc070c1073b8f85528ce

SHA512
a69e9c59cb4d1b0041c4822556d111bdf17c8d8bc73f0c7eaca8bf9494c0b17cff53f48948b0669d0a66f72982c5e88b1960be52d16cfd05ec425c80175f0b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\4a0b0fda-6640-4135-9f74-0fcab17eb195.dmp

Filesize
4.5MB

MD5
06fa108d12ac257f6a807857dfd15ccc

SHA1
78d2582a174196e384b2413784a433e1ef1d9123

SHA256
d58f85f1762877ac87b1224890bb1450bb73c4c30171d4beff4cc1ce917e080c

SHA512
b877c0d13c5f7fece110654486fecad19d2bc02433bf763a4402030e6a8a21f526eaae9747ebefb709eda808179b4e6c16951bf9a8527d7f63e6002571b57edd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a978e2d7ac1c6fa97c5b202af6eb2bf

SHA1
ef42daaadfe24a312b7da0d976a350e68af13f05

SHA256
e0e7e42a99fd6c7a2d38a08dd08ebe66e6703fd6bd19a214ad5d7b6e784ffb06

SHA512
055b62c63805f0cfdd0af62e5727e24c2220056984f4a24505f981e95054dc370a4e767ac40d9da84cbb5849bbf8402e64bd5daffbbc098076901b1ab18400e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
531KB

MD5
03125c444a1b288fffa2eba4d838668d

SHA1
d3250b42e0f4b4566217d1621c061e617a210598

SHA256
4602cf49be3b5b383491973551b310a6f35595fa2bd892fff0324c71ba8fa0bf

SHA512
431cb31ef21a07b225f879a801ba7c8e4aedd6b5e0da815c3a761f17ced3faa0b9a34ed57a9c049438142ee9c375fb6dec3a8c7270a7a41fd217a55a0497517d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
fd3f5417d9a82f7a74eaae4f364a79ca

SHA1
beeae7de55c7310c8ab5e3ce143fd2600d3e0467

SHA256
e349c3b0bca39afbc5f8816602e09cc7598d752bf7da7f533e8c1dfa734e2585

SHA512
52d64e2fcc7e747c93e9672515d931e650acc55c2830b8931c3d4a538aaa144605401d261d5f8de5076513a100b984e8e78ac77cad9a44da8d3c5ae8fa628169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
449KB

MD5
73ba8a0c1fc1010e807366e9832ee136

SHA1
5858f176a4b52d747a98de18b27188580234a969

SHA256
af885682302db550a70354bc9b1f6fc534f977134fc7006f2346b3601e9bb2f5

SHA512
51076d612487f8664840dbee1b162a58d324708ff10022dfd6479115c909d65267b5a5787f22e077a83351da6b93171ff7bf74d013baee33f45e9d5e542c84eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
427dd0527f86f07d282150a39c2e8614

SHA1
31df1f80d06c9cc8350f29dda05f3add6cd888d3

SHA256
e66f9cd1cb3223138bcf53ecfd0b6e510178338f2e0e93c0b35c4b09f2d0d90f

SHA512
f7f3071840bb9c43b6c8596840fb8cb44573ef20e044d7e8c3f34deaefcba19f50fc735bb1294a378309d9e2b11b0103e24fc48d6c189b704e583ae7547d8e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
7a683a2d2ca4e33b88c70ed3f870f2c0

SHA1
0058a5b88d373ffd72030cec9bebd3315cbf9426

SHA256
2e13382222495cf9461fb7b34f513c9c4016153c952758d6f55d4d008db10105

SHA512
66f69bdd24d69a2ceda249ffbea5fce69eee7c69ba0d578e97572f37fff26e6eabf1801df32ca60edf00e59a32f4364bbc8108d588156057e2197ce871897117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
61f46c4ae9dfe304769a81bcdecc2cfb

SHA1
975f227bd6bd8f1491207b320e1e9fc3b3798abe

SHA256
c8874d4d19680b93b44119f2866b46864e9402f8f7956e60154d78af0fa185a5

SHA512
0f2ba61ed062ad99d425da683538c9ad8584ba4fb1f1b740689a370e6dce85b6fe4000a73c8a7d4f30086412f37ab54b0fc78decdb889d14f62cd6eb7b00695e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec3ede75244e0de144fd6e54aa7617c1

SHA1
e0d496495ff155cf7d6e711618f94c582bc9ddc0

SHA256
c59dd49b39dd8e0ef7cfa2e456097356af9d51eed897b5455a72bb3fac4b1d16

SHA512
18fbc525f8e280f83d6da27b16d07f48973d1b693dbddbbd2bc484b6d27d1d3b9af1007ee1852036d3e89c9b6ae2a65785030609aff2bf214d23af650f9ff6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d06417d0780c51187e5be2056ce9e49

SHA1
8ce34c39b4a2b14a3f36a6cdfc4f9dc0b1852099

SHA256
68cd309bb4afcb9694755e0180a1ba154434594cbab10e250302d0dca94c816c

SHA512
84bd5048df6d61791ab469115f13c4aaa1f74f8615b87ffddb5e436b3b830e37475c27b6910f11385a9547780d8cb3e3b279d0472bec76ebc766fb23ec50ebe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e44c13b12314c648e48a234ccc876903

SHA1
b4e3dc642d623861fdd49bbcb86ce7119f94eb2a

SHA256
d3f42ed4df54bead48a364508317e76c41908973533cd718954a56675ed5c019

SHA512
169b32d93825f6000f7b76ed71fa849278e17d9578181b259373575812565ff5ac7fccbe9305f2428a376911f1a9d0da6fac4a70fff6d0729904d0abd807bc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12f7a4fd177bf30a52d0980056f2575b

SHA1
3146ba305cce9d3fe5d83ab68f8907586c1e482e

SHA256
a1c443a558ad577214e407851b69d3c87a7b0f7ad60ea302cf7f930930d96605

SHA512
becf59804146a69c36634d6fe3458d1ca4ee037f32dab2b380f8dc9f585fc9812797469cf5e602d20d90bfd4a442e1190ff42e06c9abe1201968e626094e49b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f34eaa808bc565f985798fb68ab9f6ec

SHA1
44bf250c789ad75e5bbd41b4d4fbe496342cfa11

SHA256
5beabf19ad07f29fe7f262ebe22ef2c33edf033164de10b72e2a421501b0f0dc

SHA512
6ad30daf04a6467915333a4fac9bbe0205279fc5c3dd5d3744b87e86f48f47d6e43f35a958d4555655060eaf50b7fd63d6500f37f0f88f02e9a1a359df39ed1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
315df10b1317767c727c0b418a1f8ab6

SHA1
1a143d808e1492030426b3c060ac4abcbaf4244e

SHA256
0dad485705120779e5220fa89b3a5b82d068f81a5496f169b075ad03ab773bbe

SHA512
e67185a4b7a3ddae3d052ed77268c210022638870b00eff42ef5fe77a6f61594b5f39ea8e317f32792ddaf601b29b4b85c455fe462de5fc6b83a1f0f58f45852

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
3e39f4b18c6d157a43023b97dc880d70

SHA1
ed2bdd2a3b1e535fd87a36c8090941fc48b990ab

SHA256
daba705b2e613cc375dd9aca2433cdb34e33c379653f3ce3aed560076334c333

SHA512
72f185c04f26a3d39737a45bd0cdfa015700d90df2fbd4f0968cd8f7b154f51bd1030f1c065880949e880d3faecf55e0c155d3346f62a13fd5306959efdbedf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\48153b26-397e-4cf2-b342-c5933010c756.dmp

Filesize
393KB

MD5
aa5fbe9b89ef6e4fb8d780341c28c10e

SHA1
e7fcc56644f4f0371ff135f32ebede19841b3a2c

SHA256
9cd0002b4a2b26c725b298d5113977ace688c248c62bad1c3438ed5b04a48a23

SHA512
b06935bc3097e009548f47ab2bccbe0ae5eac0896c72a74ea6590e201d088611916f30e2ae95d6bc303ae0d55d6a4fa604fca4fd32f9cc656dc88126521ddf5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\48153b26-397e-4cf2-b342-c5933010c756.extra

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\48153b26-397e-4cf2-b342-c5933010c756.extra

Filesize
13KB

MD5
2622ba261faf3a82c82fa405abab538c

SHA1
92f90950a244a5c6c0b780113e786f74e36a5970

SHA256
db58780d20918f5c3e4906318d2eecf2c986c3d2f7235303f7c2da35d25fb05c

SHA512
2bb24ab692c48a81e87417eaa8bdc06a4948830020b0ed4fa3a360aa900bd5521dabf6deef208b144c35f641bd4b64deaacc37ca121b890ae3b3321096aa8cb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
8KB

MD5
ea1fc246c79eb66ce933fcf42705ee92

SHA1
0dd309794f9cc51fa7c2327018c5fdbd35c821d5

SHA256
f25b34b91e170d2adef583680fa486bda451135922c8f2d1c20f788dc5ab6172

SHA512
64931714865313baddee2f0161a2f3245fc9c4b31e4d01cf2ad71276816d98edb47d412c2b0db8478e5f13dcd806232baac214dcdfe868a4ba7a193e8aaf95f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\AlternateServices.bin

Filesize
15KB

MD5
70744f4e330811ca31eabd09d23c2715

SHA1
cbb09cd5428f39a4e41a56095a26e29d92488409

SHA256
5bf5c7feadf534e34ae2efe99208eecbc6ebf55d1c17bab63356526c095ded56

SHA512
1e087b75885e31a646f354228056024bfe6f9741a1c051dde07e6d347e3e39fadc512032f830685619d31875f9089be65233cc7dbe39ebcb13d2cc0744f97173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
34KB

MD5
1937f5cb81b6bdfaea2a468f53e06f22

SHA1
27275626ae95caa1052516b1666f021d50cbd531

SHA256
cba02390dd6ebb62b602e23396939b40290c3283ed341df8b624f973d1b09db3

SHA512
47d1966560262975ce6e25e589c51ed99f4d80b8a1a4c95991843e7c4713e66986ae3266cf09d9068bcda9831d0d2f6830315b25720d1441045e82e9e6698a57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
23ba3f544f1a073954cee7adf1dba5ca

SHA1
274e7e08457d32cad0890f59b7ecae6c1fe580ba

SHA256
cf0a3d78ca93828a53339aa990caf87334052dc97e9deac8f1a1c3ded2e6c22a

SHA512
d8e261307145a3102f967b7e7ece1c1fc6df37e0abb324806515b0e0f8a0902ee96b12a304f7cc6a399abc60fd471618dca4b44068f00799f3e7dba66435815b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
47949941ac1e90aeb31ac5a0480075ce

SHA1
1afb13035f791d46f737776adce909ed5d23d861

SHA256
6a58962bae4c7699d8703157368d8bfa6e56a3766b583417744c1c61046336ba

SHA512
79fb78fc17c69eef7cc4ab25501c86f1d3d0969ef3eacb8dc9d8a44b26ca970d254286ae60df75dbec54f8baaa3cfd58d2f13c00b35833ae8c7c0ee2616c1431

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0bdf4a826ab0697cbb3260f23313fd0f

SHA1
b03f024fb01ea42c3a1599951afe5e7713a6a082

SHA256
ae86198f0a3c8abc7388ccd43458ef51b1655bbde90dee8ef0228b9b002e24f6

SHA512
e6dc1970cee48f8135b2a63d0eb9375dd1f52d87162157b3267de172951d04a5a0188518ecb7b7ad98563173f6ab8ee518bd94c5beab38a0b0b8ebd27877e228

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\06f92e7e-3296-47f7-9e7d-0b2466a5890c

Filesize
26KB

MD5
677b9cffb6331e34496b9b52b4f244d2

SHA1
ecc1f15059c231fd2644778d2eb39074c762d046

SHA256
5fda8dd911efef2de1e60ba32f1fb9194cc99705f57f517b076244b359c31f4b

SHA512
1f4982fac7bf57a251f56e411068bddd65745b8e43673cfde43535d89816a3ddf72ce3a6e6dfc28ad61b9e7809d4c6ed28c2dd40a7966402ee360737de013306

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\0822a21b-e6da-4123-80fd-ab3d091ff868

Filesize
703B

MD5
ec718549560dbefa4cd2c977cd1f7664

SHA1
e3b7b71dd6decacd680d092e1b434cd49e0f6c5b

SHA256
2227e84c30ebb2361f37a0b558fd73ad80202cc1f2597ce652157025d9bff48f

SHA512
ff1a863bafd23c9aafb231daa49a13db7ff748fe1c3d73a0ee3561a6571b010c5e859b9f5ec801d96a9080063e775cd9c82c946dd35df61a53dbd7060ba0c3db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\30e0ec35-42bc-4848-8ef3-5f30945669c4

Filesize
774B

MD5
d90ed57c1af0784640aaeda399fedf9e

SHA1
c2e8af564511ec5b425471e2bb575badbaa23a1b

SHA256
850592e132290975d127891c1473c7270608d29fceee0c5cc53bb64aaf431f02

SHA512
4bb78a005e90f84c672f1ffa0e9352609a7006557c2dd1d98dfebacc88337c41fff5cd471acad75af1410f71d07d5193d489980ef3da7a0f055f82dc697d8bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\87d405b5-24c1-41aa-b191-be23cec69c9d

Filesize
982B

MD5
ab5b24c915216f5d043589718da213fb

SHA1
92e1e494526345d9c297dac4c7df5cb9680a6d10

SHA256
be8c48a6a2ce17f71c327512da7cc8fd1e952573d08d6cbb3ec4eede9dafbe08

SHA512
00fcb6bbb8516c98fbbac9aa2edb72c8dad6e72f4597c992fec8374b8bdd28be5ad3218aa7012ad613caf4de50976c6f101f5d456dde947159c7fe9fbcc04f08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\9e4948a8-fb20-4b19-af13-d9a711da08e1

Filesize
671B

MD5
bdae5d43aef95495bbdf2a716f0c38e8

SHA1
848c04eb2ab128c60e6fa4c2de2638bff8a48458

SHA256
8c3d7eb0a89f5b07814c556c5e5c9d7d533fa3872ea584617af0f21e7f937438

SHA512
f0646f06edfb1e6af99ae06bb861e702613073220e9e424a79a27d1dcd58c7baaf639e3a8dc4812f4187161f12a2e1ac4a18460090b0acd73306d50c536ccc8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
11KB

MD5
12b9acc0813973bd924dc4111b03ab09

SHA1
1610f2dc65bbe50cf739b6a7edb0bb968e09eddc

SHA256
1daad8f3ccc6003bb9bdaafc78dd81165a427f8cb4af2be08240cc70ed92ed75

SHA512
981ff18a05e332aa3ca8132b6ce19ea62e69be5d80b93a4805dd3ab5c5ca8a59df9b35ab2d37f8823fa9614fba5fd69055c3a49e89259da4c4ff819bd8dcd2f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js

Filesize
12KB

MD5
d43efb9aac67ada7a8485e340dc34b20

SHA1
b598e74bf06ebe6fe94c6846f4a9ff3f720175b2

SHA256
d83e39620e23d7964a3b0da0101b1fa210326f5d07bfc32d405cbfcffd0815eb

SHA512
7439523416bfeed38fc911dd36df5c63791a286e061941a948f8631fa2a83c14d6b810c4421cd28c9a282b61f56b4a5348d484b59b9effcf8e415e770e167e56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
11KB

MD5
9dad838ba7ceb302e424da4315f5f760

SHA1
84c1c202bf2b44d3f2ffad3b89d5af40f9ca160e

SHA256
5d7caa3a7e3a80ef1a4702f7086fe016ff7ed8356d7a46de3afd1f011bf35e62

SHA512
e7fd69060d71b2965de81bdae11779b3cc0527b591f881e33be25339289dc5d1ea15ba3e698b31eaba22cc121bbf4427cc1edf486ee3df022c2ff7b7f64fc712

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
541a27424cb0064a5551e3f1dea69fe5

SHA1
8b84d297631b329ba3652517b5302ef0c7f23809

SHA256
4a11a41c3d0abfd8ddae7eec6df0e383de5a140974b7196bcc52713013677724

SHA512
3ac7096db23117ff7f3a643d7efcd5c2958b2543b3ca2840aefcaa64913884bdff36e2d4a3780eb57af9eeda706fb6b02c045bbe0d98ab9e9a5b811819bfa5aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs.js

Filesize
10KB

MD5
64fd110c8d93fb51727102ac3cfa5fea

SHA1
0a0ee0c495d06049aeb7faedd3e0417193dfba7f

SHA256
51f5be9a27e5684f879bb62d6bf57bdaccd0cfccb2222f23e9fdb62b4b652010

SHA512
578d011f4e945dde71b0bdec5c65ecad526690127b2bbf4e36c66f0c4ada0dbab223649a6fa4ac38df96468f1f3ffbf04b0e1faec26a04aab018f4207da8b996

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
170f332e34338f8cb28cf4ca7027c4ec

SHA1
bffb81a52e5216306cc8973d7bce0e00fcd496a3

SHA256
b756bcdb35745c82ec9bf260b9a48256ceed2be698f017607786b36adcd74418

SHA512
466368f38aba9fdbe9c81f320e200f0b6488c48625fe80915f5356a2ac1e493029b7d413fc4c1a7df41a3e908d76dedecdfd75ae38b18a8a41280f2b27313cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
5f65a10db93a32148e98e651fa699b5e

SHA1
a4d2e0036c840f4b7a32d7918299d38a9ae82718

SHA256
cb9f25a5e2d1a1274e2dfcbf75b1a4519e6ae16bf5df173ed84771ac175d69a4

SHA512
93eaef58fad817204a8d578ce201a717be72b7bf8bc3f3c4d1ef5a26c6c63d21d5e4a71bcd38319d9f70a012d51f7bae9ce045e7283240ccd83947407942d555

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
d545a217818e78603d10a0a422649021

SHA1
834cafc804e3666168d2adf199c4824c0b87c505

SHA256
71d02d9b2a26a09d40588c12cfc914105651b5c4adad6db57c83632a2b147763

SHA512
fb86aa19992cb60213c16194a835f0e579eab72de658a75023e12774f4ea410fea655c629655679533c8f361b89a82dbfac73f0b0490b0c2eb229519ac20a56c

Download Submit
memory/3228-1064-0x00000178E61A0000-0x00000178E61B0000-memory.dmp

Filesize
64KB

Download