d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

max time kernel
329s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
09-02-2025 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
146	5052	Process not Found

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4360	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133835777483139566"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3932017190-1449707826-1445630-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3932017190-1449707826-1445630-1000\{E5D6D529-A553-4443-A937-939E0E6E18E6}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5016	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe
1712	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1712	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 3820	4224	chrome.exe	92
PID 4224 wrote to memory of 3820	4224	chrome.exe	92
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 3408	4224	chrome.exe	93
PID 4224 wrote to memory of 4732	4224	chrome.exe	94
PID 4224 wrote to memory of 4732	4224	chrome.exe	94
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95
PID 4224 wrote to memory of 2616	4224	chrome.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\test.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0x100,0x124,0x7ff947c7cc40,0x7ff947c7cc4c,0x7ff947c7cc58
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1728,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1584,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3356,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4408,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2424
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6f5924698,0x7ff6f59246a4,0x7ff6f59246b0
    3⤵
    - Drops file in Program Files directory
    PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4056,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4772,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5224,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5248,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5412,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3488,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5200,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3432,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5252,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5868,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4912,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5892,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5104,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6064,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4824,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5872,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3596,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5784,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4496,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=3212,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3040 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5560,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5896,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6204 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3572,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3700,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5992,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6220,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5672,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=5020,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5652,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5912,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6188,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6136,i,14238853667857660208,14611276432095098576,262144 --variations-seed-version=20250207-050113.109000 --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1588

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1092

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NjI5MTcxM0MtMjE0MS00NjI5LThFRjktNzI4MDkyREJGNkZEfSIgdXNlcmlkPSJ7RjE3OTk3NjktNDhGQy00RDQyLUE4RjctRjU0MUQwOTRCMEY2fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTJBRDU0QUQtODMyNi00QTA5LThFNjYtNzlDMkNCNjE1REFGfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY0MzMiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODc1OTU2NTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTg4MjEwODUzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2120
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1964 -prefMapHandle 1948 -prefsLen 27421 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d74a70-a992-4751-a015-7faba318c30a} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" gpu
    3⤵
    PID:376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2356 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 27299 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05d6240f-073e-4f31-98b5-3994721cd9d0} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" socket
    3⤵
    - Checks processor information in registry
    PID:2576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2852 -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2876 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a321df12-7ba5-4e2d-b2b8-19e3c0043b28} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4128 -childID 2 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 32673 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8ece2ba-6986-4a72-8079-6dd4f0468abc} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" tab
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4736 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4776 -prefsLen 32673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {373126e0-915d-45bd-830b-9180c05ce7d3} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" utility
    3⤵
    - Checks processor information in registry
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1676 -childID 3 -isForBrowser -prefsHandle 1668 -prefMapHandle 1456 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cab7275f-9422-444b-ac30-e2e894fa4e20} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" tab
    3⤵
    PID:5176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 4 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cf7a6db-a1cc-4e66-961b-12c2d86c3245} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" tab
    3⤵
    PID:5200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5696 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fda5b68-fd7a-4e38-abe2-7d87a8ed12e5} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3292 -childID 6 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d61772d-1c69-4e74-b681-93272c0aed54} 1712 "\\.\pipe\gecko-crash-server-pipe.1712" tab
    3⤵
    PID:5668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\SetupMetrics\20250209122910.pma

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8a323769a0268648f8fad540896cf350

SHA1
3e11a8679d260f1369bd28314379e829be88834f

SHA256
65b576536931dcffc03bdc05ab8499f82cf7b9206b45370bc4653e3ee7ea275b

SHA512
cab744f501febdb1cd285093213e56c831712115bfa2bf983172ad4797d2f51af1b48b1ce5aa075629d9b647d834add8970b54a448601365f151e47f5521fd0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
623b3e270133c6459836b812a30b66da

SHA1
66db1fd27cbf517504c70bcb334cb03b1e0c8f7f

SHA256
8ed1c8e101a84490b4827f10931095f0a7d4be26704a2448d53eba79877ba170

SHA512
6348e14fd526a8f5771a20cc400e83d258b55a40bbdf0acdfa516761fcc4e3c33220121a93f25e4343fcc9bc73311309b3c5ace49b6aeb3702499e5f5496cea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1e743b67adfb2088654585c76ad22479

SHA1
23a4a50b4eabdd23495900a4c616fd23ca283068

SHA256
180d80df9d0f9da98be9ce5b606fd4b78e950718d4c5a9680e151babeed0234e

SHA512
afeb05bba038da5cad1aa5145cf0f4bc855ccfb2fde369d6e0f75115dc59517527d37788e015635707fa3844d1a132b10c61d4b47122e779024837bea9ba411a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\18327f5f-3df0-43ff-ae5d-d0b9fac47266.tmp

Filesize
356B

MD5
21879ae9bd2af65ad4b27d27cc6b5ba6

SHA1
9775e95b278816da7abed879f71a6f0eba144a96

SHA256
c2beebd1cb07e77442cb40f4e327acb5edef60f6551b0baae970a659b839956e

SHA512
702e902af711272f5fae904b2b6c09593990a2d4a79f232974c34891c97c30dc8effd8338b3141b47dc15dd22ed5a04e7fdddfaf6f014d47295b4429cf060529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
e4a91b19e57f5b2516491cb71267f61c

SHA1
2d284516f949b7766cc2d12ac7b3b9d2e3e1971b

SHA256
a0b1fb76db06a16c1a7761f55fe8fa65bc6c8677278ca4a6757f37b678992748

SHA512
8c6de641f89266c7e0c95c76be1c1e69a352d193f1d3a5bc301288b0986d15a3c67ab01f49ccf5d663c6d696f578faffece0955b303d7d89b57ea1116c27d1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
8c2a87c10c5614f0b120f4ae94fe5e83

SHA1
e28cbb3d964ac68f3a2214c488639fb5ee7453ec

SHA256
ba7d1b1aacf06c5203b382c29f6557f6123ed4ba2096b6e919721b471f39ddd5

SHA512
7000468e2d19a37770bf43140c576e30d07cb49b7dd472f7a5d8f6dce63c869801b297f4471a72d7ee684f199d265476f569f7266a7ec7a30554c8e206c1dec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
536fdef3cb28bb4ee5f0165818fadc43

SHA1
9381c0e552427dd3a7a3e5a404361fc6c3f99591

SHA256
1b497c99205d78b6329be051c75aea9882d695cd6670ed65c166c7854f0694ed

SHA512
25ee5a515a6ded1baf0ce801f2c1cf0a95d02856c7ed93e9fa2ec981ab1b8907a763f6f146aae7138baae98d70ebd90d6053578209bf7ab94286b47a353ea11a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
abb3c4e0d3c8a393c342efdce802d2fa

SHA1
50a64843718108c38e4cade428fec2c3723683e7

SHA256
1d3fcc1e570e269ea97bb0cbce9bcc629524478ec63eb2c15bb8bcd29a2ab045

SHA512
63054bc9254c8a7cd094ee0fe00db49a2f31e5d8d6af1d5fb568751465dda5d3a3369708064e0300ee37be2983d2a8589840c1ca5ea4d040bbcec34fe5ae6fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
674153557c1446342995b0a7a78a9a9c

SHA1
ef5ab12e6eb4a1e1d170178980f254fed7473de6

SHA256
5636635c7b6d821a40b68212dd601b28adf42ebcee13eeef027af2642cf86172

SHA512
83c1a8e2333fae349f888c50e8ed91591743e4226ae9d6104a001f15c18ca7d4268cd5f93a69f59807d678718aabbba673bb905a8fafd6925b18d7fa4c353517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ff29174b762699dff4b5969c7a2ef0e8

SHA1
ee2e42a1a9dfb0cca31bb67e0061699846d005ab

SHA256
f925c8169e60e82c32c3d8a9cf6c7bf577bb6861424999d6889a8f9ed8954205

SHA512
bc9c84be12357d2a8c3c933adf8139831d46eea5731fc0c492aee606aa1aca84de3e3c5f6df8e112d14546e6cfa004707ec45fb99e31170c19a37c087ed2fa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e447ef302ad32e96fa9c71e188db47d5

SHA1
99124327dfc1ebbdee1ed4de79a256ddfc6d7e9e

SHA256
dd80ebb81b2b42a4b101732032b2b1846598645cdce5af541143af26294826fa

SHA512
c4e686fd804f04669d216d8e19139858dec7d816a450479b2d2750ddddc995a316dc78477ec0d2f79df63b1ef1be752af1438a394b7d31d4304c41a0b7432c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
aa102dc143271ec73da037a0f869ac4a

SHA1
39871e45cacba1c533ee156a38fcf9a9fcbfed42

SHA256
55dad9fe28779c09709beb8ba35a0de9478efebc6dfb9a2e9e8eba4c342ddc81

SHA512
469610851f2715a0dbc151e453208600414cfd97076f0fae919ce3e3c871b274d747a0b3ef17d4387f779537cee959db471497ad45f5b4fb867acac150f29020

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7540f4e3066f6df76a8fe7a2761117f9

SHA1
7f46ae975960dc45983644c12e72919826f8ab07

SHA256
038a787b7400db7133a315f866012fb11e5cbca1dae3d981a81e8ff8a89856e7

SHA512
65ea2154d7f0e22ad2be244bf18f9b1e5b4489ac54b1932a7c6b49805ade2cf51c0bb6cb63679c924ce43c72b84648efd0b90c1605ea288304bcb899d382c1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7ebfdf93a7b91bb98e8d70e01e4c53da

SHA1
e066e1ea38f29c569cf3938f8304f30c255e67eb

SHA256
a7136d286e583e088e0ef22e42419d096704936dcb0d8d7cdbf482c0c2c12131

SHA512
9fdd8061cfa20b0c75efcb7beb00a4d113b3d9b8546df7385de93254592b8bc940d4c6ec41aa2769763de7aece6e1063aa741830e3e25c58a6343834de19e544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
6e11de486fd81f781c97d436ae3d12dc

SHA1
f1eee5b746ee633c3156d1df02d6720ce3cffced

SHA256
d5b25014f46567a4434d05e5cc43b830ee2b28ed028416d1fced183bdbd00161

SHA512
ebfe34335abd0561b98befdf05096d12398aac3c4cd73e1d6bae7f244edbb0bd4d0bef6f842348af023139d6adc9e26b4e48cd9f48ef56ae4498dac01d68a0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4303667b7ef773bfa72717fd379dfeee

SHA1
3ea84b78d395d07dc7541aa182445092669efb3b

SHA256
2248bbb341c2a3c4403c0f116598608ca994d7a7cf97d7d291bc38dd20f018ca

SHA512
ed50a084db613eeed605f9e113f3e500dc09f73553fedea30bcdb9ea1dd64c873d0c6e521a38392a56dfc8c66c63de690626dc29658e22f6b6f01022293560ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e1ad1f77be08807a7a910de3e5635a2

SHA1
44a120fc1294e58b5194a08a6cfd4fe87120548d

SHA256
6cbeec35a36c8b02d6622babd61213fb44bf5d3e89a67d7f2a3d0d0d60f46545

SHA512
2edcb593a04a82433f48f82d1ecad2cd50e79a8876b1ef0d21891fb061fbc913576595fc6d819882d47769c2c6bfcd6d94ddaf7e11440c2e1fc1ea1e102d819e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2ff20c87af11506a0c54977d0bc64953

SHA1
4c6154f0c767b61f3c9653eb23f0152b1df8fc7c

SHA256
7bcd54d0577ef60e5996f91af65607d78c4bb98b667dd8b0cbce6244b5a505f8

SHA512
3be87954f39e4aa25418740c36b1dc4ff7f90f597cbc044b2b9d1d8fc615ffe95cb14240219f421d130cb6aa9bd99ebecebdc532269d4e70e0f9b3a16e8606b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
11a1f17601f9be0d70e272af48b4aba9

SHA1
0bcd1c0ebf927e0c4309f6823f0e5258d940db42

SHA256
64d16001bd4f44c2b1e80ce6383f012cc3ef85596e8b4026b02689e3d6b9df23

SHA512
d28b4275739fe09d541eaf8b0da7308cc0085ad83e5ebd9fe4580b06ae79f2fbcb58808c6ad3985e4ac4e758b2b454d6fd2a59df0f417f316fb2f7cb5914ae4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3de8d149fdadfb2f8b3f698eea0b2bd8

SHA1
f553b64f85f9c75f43242656150bbf16c67acbe1

SHA256
74cc367d402f85b340f77e507d9413e7dfed6a7dbb8ae605ec76280aa0fb41c4

SHA512
e2bb84dba1ab17cd323fda6b420214408e8a53f5b7b613eed3b18d19d6e0281f2b8cc5c128320ea21e120ab2b4491b469616aa88e9ba683b8c53ea0447fbe294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
590f2ad1048a1b3056720d56bc4f406e

SHA1
8740dcae88d6b5e189447d9a0874e9e9aa0ade8e

SHA256
fefbb34a4fdb054534d09d8498aff0093af167cd3836c71b988ee1125bdee466

SHA512
dfe9fca67d44de631e80e52552774cd0ce6858443baba7eb3c191ed544041fa7177b764ed1c3bb9fb23e5eb4e8e14a73f6cd7046417eadc8b2d370f3c6d3b1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f73bdb172aa8db4be5023cf429cb4ebc

SHA1
06e3b5aeadf5f1f4ebe66d5d7c38d75e3c55ded5

SHA256
22649b783b714916072188b0645a9abfe70960415631f44796d33f90983972f3

SHA512
156ed738a575687f300527f89702dfc01c3cb27ed93fe31bc38a307669357b33310aba6c5f0a59d48ccca78f1446f63c0cf49e7a8eb4889934e8c168f17a26ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ce99547f4bef852b18a9ab0091d4eb5

SHA1
a0ec560bb27c07ee59a374bb17a12fd79b875092

SHA256
5ba4e3be7e192c30709cfd2225d2b86d1cdc1ff1a78f84a9ac15e4030039b30e

SHA512
4b3ce547c857c7a612dd949dd97c92648a5ce4d486817a6be44567a5ffec10a70155182c4d62aaa2bf1473e57810012cbf6080dab0ac4c63925f98e53094b77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b53abe519b181c30581992cdb3b9aba2

SHA1
f5f847a4f6697b2b790a7b42265b56000f4f40e8

SHA256
b3dcebed082c2db2d05815eb4d04eedb494e5360e467ca133d97a238ef53ee61

SHA512
338f2e7f2132e0738e276d0803b6990499f1aff29ecda3d48b3a0097e6c329d155474963ce64aa533c3cb9b3790b425249d9ee0b1906a3c76f6a5fdfbe52c478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cf4c3c30e771d16343b3651b3eebff4

SHA1
316d53f5d5eadc72cc28b8fa3eef2eaaa6bdb068

SHA256
52f838547899ceedd2f16d7ed64859700e12181c8c50c4c32273d066beed4545

SHA512
45977f0e6593879734e7020c2a4d67d3c9cb85fc4b27529860542e178bc07e3caa6f19cf37251feaa7a98d957ac60c98480238a1c3f80df1e11b2e3d9885d6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
14887d76e377e689b16b3ef387554080

SHA1
858a90a8e5fcc3e2cb0e5f91ae0feb651c943273

SHA256
e7cffaf987e7076ac10d4db37bec8a1098f854388271aba69a9ab65cf1b40ebc

SHA512
fb38d027075c45f804273901e1cfa10a68bf2fa97b89a328b97ce0702444639c3b4530dff0824d8a1e47525cfcf18ea54b3b234a810ceb1ec6537a38fd5c4962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
972879eb2b92f69efa6bacd741e4182a

SHA1
ba21ed973890d60f4594b722580e3d74f82278a1

SHA256
643a9358815ab848f4893462e83959c1d07aa997e6f364008afa10e2293b0af6

SHA512
f9bdc6e3e47428eafeed5bb2ef3540958e7b03e0c2b3139c273f04ebb36de31f10ee50e5ee5bcfc50515ee5775511efa7866a7ed235e74f8c435f4a3ee525d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1a82d850ab1cbecd42293a13fee7600f

SHA1
68922ee04e2b64e09334eb03fd13905e10e213dd

SHA256
f4433832fe05e2de7a4fbbc449b7e26d8e0a2f29d3ef8d04d53d13158ceacf41

SHA512
0d55a867c604ffae2e683828818d1089b51dbcc0cf67a0a4266b0d3b425a795ad31fd7838ded038d6234511ed8f7db2bc8662e821de0bfa6a07b2a8e24c782e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8482925518800eb8603f19851c6365f2

SHA1
34d3c8c4c195ae5b414a7ba817a7c95b397a6f24

SHA256
ce7629d569f271ed38be7184580d50123350301ff10e2f6f1951b1ab7fac13ff

SHA512
15d5cae4968473a7c07bf3a73947dbdb0f1e8f52f7b86ac21db81d0c41eb00c03a7413607fd7c895e314c2210fa899e206c32bf3322dbfd490fa951629ac12f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
289853c6eca8e934b23cbeb2c6018742

SHA1
cbded12b62d551c3cb9b8cd274bdc144e16a3a01

SHA256
6c84687ce6c34e6cd5e469b0cd0e8880f1f830f5de8941e40698900120b50066

SHA512
101e4f6022d096daf92b53fd4eef127c98de31d6be0c538beed48e48b455feb87c7602df096cb4f94928291c7710402239668ae8b2f6e8d12a8d41b16e08d103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b5b17fc707df418bf799784d7b6a432a

SHA1
2fda00a3612605341d20936a3d6986edc429d058

SHA256
090ecbe78fe2b70c1e0e26a357dd68c7ad69c7ede02f6ee4620444048baf2f88

SHA512
601d20f18f3998554de2e437ba58c243f8c6e972b9dd92b85fca04a6a96ce6dd86d0d3bbc0a51ffde6b477ec19901bf87f2cb6644336738eb4e41c600f8fd7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
32058724eb1f0d508c5b7a339a09788d

SHA1
355da1829871f6c7cf140997164f292c803536ac

SHA256
bf31fd8ad60c5d2f01fd6807390462c9dd83dc6c84e4ccd347054848bfc0285b

SHA512
06ecb35bd85e00e4f83e0583c8832e153e5518a768d2b66235bdf223fe9727b2803c7f5d112d983ad748a42720473c42be7ef8c9fa0030101206f72494141152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eca0e0efbcab5c2530a5bb2482e5b6eb

SHA1
e33a0e5b2225ed18ce026bb0f32668876a5cca29

SHA256
2fb150d88d8d93c0ba597377bf0fdb7a163d2638f027fcdfef2d91a52c8bf6f7

SHA512
8008523ea3033fe205f710d3e1624e68173b49838114320617e8e267d9ce367d284b9305e0a6194e0319c3766cbee1b495f2b1b67086ba7399a8ac3abb5ab173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0005d35f0d0982ffa3ebfd49bda9d4f4

SHA1
fe26ad11512a7539c4b0b9edaa3def39c2aa14fc

SHA256
8024986eac5751f99442745b8831f2059296f92e0eccfc8c2811c6a020cd66dd

SHA512
57b084e6835b8c075e2611dea7215cb4746b4a1fa1d2ce8436042358f707984c7e5c74be6bb35442851a487c8811a979628cca9cfc5d1c8503c4a88e98e4e832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
676993df4bf7a600ce3caaef2fc1f463

SHA1
01a072c8d8abd18015770fed2dc7485748c12e75

SHA256
f30117c4ee14df3be16e1c881ddfbf2603f8398925b2e2273cbe9a0e5177d9fe

SHA512
0204824a8600c9180f03ebbfd3d784638870aecdd0ddeb4d1444d2001b2421a323a37186470e5394791e2c8994ebae5144f0dd7055e5945b158f55253e530211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ded012c8d076a33dd7e90f73a25e6f8f

SHA1
ca5525648a7d8d250ceaebb689b0597203fe042a

SHA256
3cc3f4cafe56b44f4fc4eda306d89549a45eadf5f41e85dc370e792629b6f08d

SHA512
7df572c89c94adeee1e9078655a82628e86bd93f5a03d2649097e698d37c30df4325f10e6dfb129312f9a0676e9ed4aa499124e9fcf3041c82930b1866ff30ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
439c68d2da806958423f293dca986554

SHA1
9b34c18f70102737c8b8e7071a4d84b025d59fdc

SHA256
e83e7d52eb6b086e2934d2bb163ea29db84c6aee251ff9c8dd40afd753d476b2

SHA512
4125f19e94f2630adfe9889d9e3965901dae06321c0eaaa775ac4a81715f873667dcab108ff9130a08c9f148007b256fab87c1e67de508d343e23cb2ba0be92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0e420eaaee5f57fbe9c3c6488a82cf08

SHA1
0ff94fea350e58f9f44e58df8123979f4aa4746d

SHA256
06237f5b3828bb954b6ff69a13b0a51e34b87807532ecb16de245d278683f167

SHA512
5d2814de90e3685b4472b783ec76f4b2bedf82b0123db22a5568935b672b7627b0fe6c6e10550971a949d35129d17ca1cc70f9bdda81e227de599e007c089bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eec09b0f1dffa88b22a5b83d11aec587

SHA1
8a8cbc827fce8be0f7a9bb3fdfa588f613cad860

SHA256
71530749b5f4dde210c610ee908dcc6ee9fc45074d01fff0b64afd1700dc4ee0

SHA512
32829a2abc50c7d31a399fcaf7c678f691dc27f378d5d3027a8722b5254c31aabb952b87959dc407de519430927c912e955819123151e2bb412dce6759a98b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
db5b0612322e84a192314d89e11d26f7

SHA1
5b55f2a56cb45e6ab7a18d114b5213fc6e24c9ca

SHA256
34aea53df553e34656d656ee026e1b78d53f30d7f1df161928b13a57cf3e746a

SHA512
d40db8c985111348c33f44973b455bb51f3f5afaa41cf1011163b9292cc4e6142a5ece81cc64eaddb8f5dd33d9cd6107d21ce0b682bd3e193e5d7883a270819f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cdae821a66773589b3f7bca269e5f85f

SHA1
fd980f0f344619bb8428b11cdd3407927590c024

SHA256
fbd9a7cc3b01071611b5fb3d3033ab858736932ee92d9a732306acba095bf1c0

SHA512
b5372afb3ab8cf6171972db5fe4a9919d72d0a0c5558884977878faa0577444d8c0e9600af96f3d469024e0a56c0c28263fe7dce84240695e8c8eb0cea51335d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
969a6fcdbbe515e93e5c13a3889fcc17

SHA1
90bed1ad96cc6074dfd32076393ba70d2ea8271e

SHA256
f2cc94c111d772e74ad4ae89a2c20e3c5c175cee5bc042204253ce761f4f09fa

SHA512
624d64e56a21a66ebe278b2b1b369e1851a754398b786e28e576d2a8711eb7c3c22da8d1a988a721917364ae1b786a91c3a18592cd197efe23b0b78f97543027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0b3b9caa8f0cae3beeecda1721513e56

SHA1
0ce67e20bdcd0d4efa07394d9596102674945eea

SHA256
61dffb8b2bd06c4931a42320a7bbcf859b4ffe7dede6f56a5f5675ac177ac5ec

SHA512
d99434fdce7330097393c7d2cbda66cff01325621f631205d08ef284d80657a2ae2147b7301ad30c1ce2385623dd3c33ac7fe33b89b6333b70b8928d722f5d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
96B

MD5
0b7b97c0fcc172c10da6050c8707db99

SHA1
52d2dde98a1ec03620831d47c9ac8cc332d0bc8d

SHA256
575bc176eb575e6999c81bf126220a93d44244662b15d3960152dec12438aa77

SHA512
afb5398acc3bb971f6b775ef85598b0e21a144813ec2702218487ca677429c7ee89dbd6e22f65903058baac09dbb2496f0778632df82ef97f206313da7d6c2a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
81bd7ee2452ac84b6f905a7f63c540c4

SHA1
b0c92ddb7cac27e832de2f097d2021a47b493f66

SHA256
79a4d04258765f9ec1d220a892572159f1adb23772f0305c1fcecea41c9141a6

SHA512
0473ec5d5efde9f6efd6f479e3b9bcdbdd6110140d1b29c401a4dd3855b66743ebd74b3ac08460888e919f3768f1f48142e967ef9f14f83b2ed78d763ba9cdd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
d8786b4388d3cd25cb0d85920ada7ba9

SHA1
ceadae4b8b50c11d490902dc90982d491058a7c9

SHA256
2c8d062533ea264ad71ad2e6d93a6fd5203170e6cc48fec390cb6fdb4ec255d2

SHA512
449b185baad33d406eeb8cb0fcc35a77a32059767dad8e9e7075e8d24c04c31ffc2e5ec7ee1faf5afcb7027a508c083dfae59324fa4f4a699c4e9bd99c016fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
f1811d599b134de99fb5636518f1d6d5

SHA1
a9644974c63ca857925e9c73c8dc7715175996f1

SHA256
c889450794beb7a260545c4db0d2982ed4f83ba4772f987f6824c6f73d575048

SHA512
a3ec87886857f9fd5932ba563005529089934d67a6f81011288399727341e6486a1a569b2a53c28e46ea5a7ef2c9e29c9e8165f1b9a97b401b84cf441170a61b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
3e204533e3fc42eafe4f2b8a9eeac3f7

SHA1
6d117ee7c586150ae155fa33530845b73b363854

SHA256
331d6a3e8cdd89f5ab8b31569ca7611cff61881ad44868fecd3a2a768c30c0b5

SHA512
77ed348693c77cdacba329b9170a0d6d86f9e7415a3a0ed6cf3f9d5e437206aa2b2273677aeef8e7abbfe4533219caa98bcd988328dcc793d385d29f43bdf620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
28497925cbe99979d37ae8db6216b95a

SHA1
bfebaa266b5e10b83e84e5aec4a8d186e3c79b3e

SHA256
bd9a983f5e5c84d04fc08a1e92467064fa55e5739ef33537fee255266cccd3c6

SHA512
6d7ff86e48657bf6bfa9f6edfbf73a9bfa75b211ab10e97e7a51c0c96dda9759ab073029acb17f772506c3846292fc7bb449c002b8d9b47f6240d35dbcb82e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
126KB

MD5
6860d3b64171993a876ab825f0a01e16

SHA1
3fff05af990c40af9dcee4064b04d202c3bb8df6

SHA256
bdb69f92e504b5fcb935d1478a40a5a6f719e2f247a53b47e8b4d5e367f933f1

SHA512
bd0a626048ed8b2913c67517c8f293fe93fbb55ff28fe95e1e95877cd1d52b874deee1e3dced5df24667229194473659aa270005ec0ebeb02e1a791b01d40637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
ae8099112dd2ab5294a9f71818f13e59

SHA1
1a638f810c9a6fbf7ec7bdd7973071ec49929734

SHA256
a7bc7ddd2fcc59893ef39ded753506357999a07f0666a3af99caa845d56c0686

SHA512
bd2b6e52f8ff3be56ad9cc64461a09118f69f5788329d093292fe29f8ac57deeb966433232547fa0f3a5f643a8d4d9496752be1b535c7102b1a24e1ccad8aad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
366KB

MD5
ecf1257112e49809efe5347be2f0319f

SHA1
6b10c6a31688ebe1427aa2f849ef6c1f8a7e3d4c

SHA256
4721354ad693da4c00a03368140373927d9316e8c5a6c7dde6019bad57768baf

SHA512
a7d89a6f589aff0adcf86ca9435093ea21bcf7f7ad554c8d28ed3c8494669531e96d9a9973f513adfc7945dc1ff14b85a560573c0d548c4bc22a031a7219a90b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
b6499502584f38274076732d3585e7b2

SHA1
9f04a5c16417f66a9c79a0eb04e38199800da3e9

SHA256
571fbb2ee4640892e96bacfaa7414a666f5de6f51e8a9ba3cece20c51dfa78de

SHA512
a71ef99fcd77606f53d9413be73bc37006c8fc521fcdd8e21ea89bd1b37078d34eddaee25f8dedd2a42e9c6015afbe0e3c23ec124d0d9e473b0576d5070b9c5f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\z4pcagzk.default-release\activity-stream.discovery_stream.json.tmp

Filesize
28KB

MD5
1974869efaa064d011ef0544331ebbc2

SHA1
6a6cc67096b8c94cd60ab4b6f0a5442e289ea37a

SHA256
ff1a0fe79f5f1078e89695f88d2dc40931ec5c7d5439a50010d34162a292c802

SHA512
91705450c9a8fc2cc7a09e98b29f9c6b284bb6562cda2e00302b65d41f9c242f1cdd3f376afe880bf2d1306c9b5644c9fdf738e7bea0c51b24fd5b0db9f3615b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
154a2f693a93598983f8d4ae125a65d7

SHA1
3f1901d5e1f57e2dc3c0d26553e5571bcc581547

SHA256
7cdfb84111770b2fdce7ed67a824a8ac32b4d913c5eea9e3e261ead91e6da64e

SHA512
f3e3918fed4112989594cfb6adc2c05ecdb7d9e4b0409977616f4f91913124c0f3342fc42dab861437e23dce758ad088c873d8d357565cf5bfe0eea0005680d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
19bc8550d20d91882e8e318486c25e80

SHA1
4ad1180adab75bbb4c5a23c7d38189653a143a62

SHA256
7948d8a3ee34367a4e6cd71accd66380d2a1d38995e7565ec9bc33ee999d2db3

SHA512
0bc0851451a48bc5cff9de96f841f2b0ec80a2de6729399cb1cdb34fa35c0c839d013e279251b022fde19579fad191fbaff6da2f6d794566ac1051a5ee932633

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
101e11daba2655b48534ad609933382d

SHA1
d9fdc051ea70017cc5e835d0024d0c8ff9530c68

SHA256
b0d9313316b4598a79987823e692f86b72ea8c604a776392f6b04c502a0e39e5

SHA512
da0b45fc4d769201b350af9436ca3608ffa27d53a05bf5e49a1ab7b9343fc4b8c7bdcd1b8cf93b090be6112d88560a33397393961964f6c484c75e2ee5b3d077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\19e1552e-f255-4e30-824c-0c27d163cb07

Filesize
671B

MD5
2649284e14b3b613ebf8eeb540d886aa

SHA1
9c867d166d2c72e8b81ab85ce1b3a476b879252f

SHA256
3b56b0baa03fc707aab1a1cae209da5d817601783d0b04bce53b72d656b6253e

SHA512
80018d223a238f54d2cf31abaf8efdedf3e441116a50c7c365c3f3e16d7e0e58a3a7976ed58533a537ef6ccbf5a319a17a998aa8450d72989330d9fe085036a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\3549dae5-7196-465d-af5c-c3096e6660fd

Filesize
982B

MD5
a8721dae78f18f612501c1c980d57279

SHA1
40bd8aac6de84dd9aeb9333e23de40d1851a2061

SHA256
8f1c20c4d529614a0e9befb0757d88771a40d9c13c10b205a454be7e0adb2fc0

SHA512
d7ad4dff539b6eb60beb4fd16f82d018b244d823a89a9ce6622ebfe6c98c792df8fd59022133baf0674bd69b3fa86cac9e2b41dba8d4bbaf77b14e02f8bbd00e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\4c322822-384d-45dc-82bd-3731780f5df8

Filesize
28KB

MD5
a372743f0af46fc5fc2a39383be2c6f4

SHA1
130152bc48f61f933fd0cdb8d5a18f4f88e3892b

SHA256
d2d76db65244bb0451e9024bccc03d47fc017c02efbbbf10ab7e0505b566a7dd

SHA512
8898ec08287fe841853fe83b81e977bbf67d035293f01494ed2d88a69f6e43b48c740039a38af9efdfa127b68a4e93e83f510d26a4c2a99b4515a7e9a4eca2ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\datareporting\glean\pending_pings\8c903295-910f-4b2c-9170-f08ecfba72df

Filesize
2KB

MD5
1b27e3d1eace7e31e8e6b2ba9e568cd1

SHA1
9badb4b95c6fcf5a2e1d83e6898ebab15c618189

SHA256
cda7df2fffc59c69bd96728ad2a133bc899b17e2c56fab1f1c2f99954c2ba641

SHA512
060021dbe8220419dd1bd0e0752c7dda7fbd782909d05906f59c665530c02de95736865938ab5e4ce7f102e7bc3208ebf10af5ee5c2cab9427093e27cbae936a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js

Filesize
9KB

MD5
912a56765308c7287854ec8b8d61b302

SHA1
fe7c1bcedb92b11778693b75e8873f28f99a41f0

SHA256
629e618dc578db3a6bc4d5ee4f192ad7cbe96126ae51bc84afad88bb2ca2b24d

SHA512
9957078ad1df184394afb13cc5b6b787762a2244f23d5cd65864091ef2155ed5890605a87fbefc2d55f4a109ca1b9d13c0d3ae90112acb4997a2cb4c3f1974a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs-1.js

Filesize
9KB

MD5
7b0d1aa900b3645adf5450d19b850075

SHA1
f83ebbf989ab9d25e935a44949438aa837d4fb0e

SHA256
ebbc9f5be3bbf23d3a6531e4c7c831756a06330a23f89aff745827f09120967e

SHA512
0807ccf0fcc777a3136bef518f881f48c9bc082ee77ef9bf466f64a1d87caf7f66071e911b2ee2c8e75794b6ccf0c1777c43e2162b12f3b11b0bd4b5cb6fd3b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\z4pcagzk.default-release\prefs.js

Filesize
9KB

MD5
afb3380dd8dc8c13014af06d8f2bd49e

SHA1
34fa8546d3dd0b930308a21a479b914c4670ce57

SHA256
88810a7523e72f013c53b417ecd6124033933cbafdd369997e84b9dd4ca9ec8d

SHA512
e48a47c0b94ce0fc8a0f4875449a74decce6f2e7852aa5a995b897d0f5c9bb5242cd6b76c9e498dc2557f4c12cb31fee3af88da58a5fc02c0789f9d63fc9f1bd

Download Submit