d9814c90272db1c79539450920f6ce99faf865e0092f54beecea3944983be667

Analysis

max time kernel
726s
max time network
732s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250410-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250410-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
10/04/2025, 20:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tfwksit.png
Size

269KB
MD5

d6c42db5839899c6f1e7246b7905644c
SHA1

632c2261709e9ca6584b909aa4ff8193942075e5
SHA256

d9814c90272db1c79539450920f6ce99faf865e0092f54beecea3944983be667
SHA512

748f2234b561113fff92b363c9263dbe1d6608e6a0a217f783ef22b7a0bf6ec941d4c717ae22adbe6d43fff9301ab1376f5a1bde337b39928e0b827a92ae8f56
SSDEEP

6144:9wCrnrJmUkyaqJFpzjWiybeS4AKxMAH7LHOdyrhNuU4TFO1L9+:9Prn8oFdGqx7HHHOMr94T894

Score

8^/10

microsoft discovery phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
60	5476	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
6104	ShibaGT Genesis CRACKED NO KEY.exe
3332	ShibaGT Genesis CRACKED NO KEY.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
39	api.gofile.io
41	api.gofile.io
160	api.gofile.io

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
286	1904	chrome.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000001500000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000060aeb28a1daadb01971ecc4d26aadb01cf777dfb57aadb0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "5"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000010000000300000002000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3457531954-2054407110-1019940402-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
8104	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5332	mspaint.exe
5332	mspaint.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
60	chrome.exe
60	chrome.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe
5972	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe
6596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe
Token: SeShutdownPrivilege	1968	chrome.exe
Token: SeCreatePagefilePrivilege	1968	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5276	chrome.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5108	firefox.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe
5820	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
5332	mspaint.exe
5332	mspaint.exe
5332	mspaint.exe
5332	mspaint.exe
1556	SecHealthUI.exe
3340	chrome.exe
5108	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2916	1968	chrome.exe	86
PID 1968 wrote to memory of 2916	1968	chrome.exe	86
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 4876	1968	chrome.exe	87
PID 1968 wrote to memory of 5476	1968	chrome.exe	88
PID 1968 wrote to memory of 5476	1968	chrome.exe	88
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89
PID 1968 wrote to memory of 4832	1968	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\tfwksit.png"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:64

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffb3c21dcf8,0x7ffb3c21dd04,0x7ffb3c21dd10
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2008,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1660,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2332,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4080,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4104 /prefetch:2
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4692,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5448,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5524,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5568,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3324,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5836,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=504,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4136,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5832,i,3834112100698409613,2796101472038266619,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:2544

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:396

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:736

C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\SecurityHealthHost.exe {E041C90B-68BA-42C9-991E-477B73A75C90} -Embedding
1⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb3c21dcf8,0x7ffb3c21dd04,0x7ffb3c21dd10
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2228,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5384,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5320,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5736,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4664,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=500,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4760,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5496,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3952,i,1684456902406637638,243284841825935692,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1964 -prefsLen 27100 -prefMapHandle 1968 -prefMapSize 270331 -ipcHandle 2056 -initialChannelId {583c1c58-ae49-4260-8e72-c23e047dcd04} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2416 -prefsLen 27136 -prefMapHandle 2420 -prefMapSize 270331 -ipcHandle 2444 -initialChannelId {ef063340-dd2a-429b-9c43-2072d7363501} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3712 -prefsLen 27277 -prefMapHandle 3716 -prefMapSize 270331 -jsInitHandle 3720 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3728 -initialChannelId {5e7f7998-3fbf-4d9a-b7fa-3560582c210c} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    PID:3340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3888 -prefsLen 27277 -prefMapHandle 3892 -prefMapSize 270331 -ipcHandle 3848 -initialChannelId {c2eaad28-df13-445b-b3a6-c36213f1de58} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4504 -prefsLen 34776 -prefMapHandle 4508 -prefMapSize 270331 -jsInitHandle 4512 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4520 -initialChannelId {849a1916-84e5-4f4b-944a-0c543794350e} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:3372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5096 -prefsLen 35013 -prefMapHandle 5132 -prefMapSize 270331 -ipcHandle 5144 -initialChannelId {891b79ee-d041-4705-84cd-1796f6d752b7} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:1904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5352 -prefsLen 32952 -prefMapHandle 5356 -prefMapSize 270331 -jsInitHandle 5360 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5368 -initialChannelId {73451c32-a61c-4c53-b92c-bb742d7ba556} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    PID:5860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5396 -prefsLen 32952 -prefMapHandle 5384 -prefMapSize 270331 -jsInitHandle 5484 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5560 -initialChannelId {1959cb37-cf1d-4587-845d-ea07d6e845f1} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5728 -prefsLen 32952 -prefMapHandle 5732 -prefMapSize 270331 -jsInitHandle 5736 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5744 -initialChannelId {26a74618-c928-4656-a1b4-8a91e7bbe840} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4672 -prefsLen 32952 -prefMapHandle 5380 -prefMapSize 270331 -jsInitHandle 5392 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5556 -initialChannelId {62b42e10-e21f-4af8-afd5-60f4dca53032} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2348 -prefsLen 32952 -prefMapHandle 4784 -prefMapSize 270331 -jsInitHandle 4376 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5880 -initialChannelId {8dc9904d-4ca0-422c-bef5-b24556514a08} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:4420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5620 -prefsLen 32952 -prefMapHandle 5604 -prefMapSize 270331 -jsInitHandle 5608 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5728 -initialChannelId {002be9b0-163e-4b27-a0dd-c882a68029a1} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    - Checks processor information in registry
    PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5744 -prefsLen 32952 -prefMapHandle 5428 -prefMapSize 270331 -jsInitHandle 5412 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5400 -initialChannelId {6786933e-357d-4d42-b1be-f436c559f3a2} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    - Checks processor information in registry
    PID:2568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3940 -prefsLen 32952 -prefMapHandle 4112 -prefMapSize 270331 -jsInitHandle 3180 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2352 -initialChannelId {bc2a71a3-f7ff-4fc2-8f69-acd5cfd23922} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:5964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6124 -prefsLen 32952 -prefMapHandle 6128 -prefMapSize 270331 -jsInitHandle 6132 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6140 -initialChannelId {923b6ba7-d021-4640-b80f-e8eb8f29c728} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 15 tab
    3⤵
    - Checks processor information in registry
    PID:4656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6332 -prefsLen 32952 -prefMapHandle 6336 -prefMapSize 270331 -jsInitHandle 6340 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6348 -initialChannelId {477181aa-fb25-4c73-aac9-00a545b38291} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 16 tab
    3⤵
    - Checks processor information in registry
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6424 -prefsLen 32952 -prefMapHandle 6428 -prefMapSize 270331 -jsInitHandle 6432 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6440 -initialChannelId {388e0f5e-8282-4dee-8884-ffcd0fc13725} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 17 tab
    3⤵
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6612 -prefsLen 32952 -prefMapHandle 6616 -prefMapSize 270331 -jsInitHandle 6620 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6628 -initialChannelId {89fddcb8-210a-430f-9bf7-9021c0f78ec6} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 18 tab
    3⤵
    - Checks processor information in registry
    PID:100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6800 -prefsLen 32952 -prefMapHandle 6804 -prefMapSize 270331 -jsInitHandle 6808 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6816 -initialChannelId {9037a2fc-4765-4792-8516-9c3090f773d2} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 19 tab
    3⤵
    - Checks processor information in registry
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6988 -prefsLen 32952 -prefMapHandle 6992 -prefMapSize 270331 -jsInitHandle 6996 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7004 -initialChannelId {d3fbdc47-6006-4c42-bb32-729563c007b5} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 20 tab
    3⤵
    PID:2508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7180 -prefsLen 32952 -prefMapHandle 7184 -prefMapSize 270331 -jsInitHandle 7188 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7196 -initialChannelId {a18ad6b2-ec36-400f-8c5b-b6dfffdc17dd} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 21 tab
    3⤵
    - Checks processor information in registry
    PID:3328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7340 -prefsLen 32952 -prefMapHandle 7344 -prefMapSize 270331 -jsInitHandle 7348 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7356 -initialChannelId {aca55b95-4979-40ff-aa8c-2549de7cbb86} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 22 tab
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7528 -prefsLen 32952 -prefMapHandle 7532 -prefMapSize 270331 -jsInitHandle 7536 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7544 -initialChannelId {0fa1a638-c2a2-4496-af27-ad92feb238dd} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 23 tab
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7716 -prefsLen 32952 -prefMapHandle 7720 -prefMapSize 270331 -jsInitHandle 7724 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7732 -initialChannelId {a1b57c42-a78e-4f9c-b16b-532936049c98} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 24 tab
    3⤵
    - Checks processor information in registry
    PID:5092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7904 -prefsLen 32952 -prefMapHandle 7908 -prefMapSize 270331 -jsInitHandle 7912 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7920 -initialChannelId {0afca078-9492-463e-b9d9-342e8fe940bc} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 25 tab
    3⤵
    PID:5312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8092 -prefsLen 32952 -prefMapHandle 8096 -prefMapSize 270331 -jsInitHandle 8100 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8108 -initialChannelId {5887a45d-b766-4306-b719-8edfbe17b387} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 26 tab
    3⤵
    - Checks processor information in registry
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8220 -prefsLen 32952 -prefMapHandle 8224 -prefMapSize 270331 -jsInitHandle 8228 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8236 -initialChannelId {a113c9b9-ab5a-49f2-a2a1-f6e29d8623f5} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 27 tab
    3⤵
    - Checks processor information in registry
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8408 -prefsLen 32952 -prefMapHandle 8412 -prefMapSize 270331 -jsInitHandle 8416 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8424 -initialChannelId {136a958d-c634-4005-81ea-4dbc2a6d4aa4} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 28 tab
    3⤵
    PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8596 -prefsLen 32952 -prefMapHandle 8600 -prefMapSize 270331 -jsInitHandle 8604 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8612 -initialChannelId {3f67e854-c65c-422a-af04-3306f259ebfa} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 29 tab
    3⤵
    - Checks processor information in registry
    PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8784 -prefsLen 32952 -prefMapHandle 8788 -prefMapSize 270331 -jsInitHandle 8792 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8800 -initialChannelId {cff44674-9d23-44f1-bee1-804b161f06ba} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 30 tab
    3⤵
    - Checks processor information in registry
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9032 -prefsLen 32952 -prefMapHandle 9036 -prefMapSize 270331 -jsInitHandle 9040 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9068 -initialChannelId {babbf107-6809-4e17-817b-c37a24f70d31} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 31 tab
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9244 -prefsLen 32952 -prefMapHandle 9248 -prefMapSize 270331 -jsInitHandle 9252 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9260 -initialChannelId {d334de48-5809-42d5-b7b5-6cf6761af964} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 32 tab
    3⤵
    - Checks processor information in registry
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9432 -prefsLen 32952 -prefMapHandle 9436 -prefMapSize 270331 -jsInitHandle 9440 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9448 -initialChannelId {12b0f2d7-92c3-497a-8300-254b8d4f5ab1} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 33 tab
    3⤵
    - Checks processor information in registry
    PID:3904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9640 -prefsLen 32952 -prefMapHandle 9644 -prefMapSize 270331 -jsInitHandle 9648 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9656 -initialChannelId {2a5968de-8165-4d2d-9dd5-474369633e03} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 34 tab
    3⤵
    - Checks processor information in registry
    PID:3424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9828 -prefsLen 32952 -prefMapHandle 9832 -prefMapSize 270331 -jsInitHandle 9836 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9844 -initialChannelId {e1d57cc1-64e7-447f-b1a2-46ab28a9d899} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 35 tab
    3⤵
    - Checks processor information in registry
    PID:5180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10036 -prefsLen 32952 -prefMapHandle 10040 -prefMapSize 270331 -jsInitHandle 10044 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10052 -initialChannelId {f169649e-e0a5-4ae8-9d03-b9d9058553dc} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 36 tab
    3⤵
    - Checks processor information in registry
    PID:5744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10224 -prefsLen 32952 -prefMapHandle 10228 -prefMapSize 270331 -jsInitHandle 10232 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10244 -initialChannelId {02e1e5a9-fb62-4a78-a713-98bae4152dd8} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 37 tab
    3⤵
    - Checks processor information in registry
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10456 -prefsLen 32952 -prefMapHandle 10460 -prefMapSize 270331 -jsInitHandle 10464 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10472 -initialChannelId {bcf69c6a-db5f-4974-a16f-0c878780a90f} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 38 tab
    3⤵
    - Checks processor information in registry
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10644 -prefsLen 32952 -prefMapHandle 10648 -prefMapSize 270331 -jsInitHandle 10652 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10660 -initialChannelId {ec4d98ca-ea26-4959-88ab-c222c101b994} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 39 tab
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10856 -prefsLen 32952 -prefMapHandle 10860 -prefMapSize 270331 -jsInitHandle 10864 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10872 -initialChannelId {948dff29-c151-47ae-9db9-28258ba4f1fe} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 40 tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11044 -prefsLen 32952 -prefMapHandle 11048 -prefMapSize 270331 -jsInitHandle 11052 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11056 -initialChannelId {620e4464-cc5e-4c86-9079-fe89eb046acb} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 41 tab
    3⤵
    - Checks processor information in registry
    PID:1112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11232 -prefsLen 32952 -prefMapHandle 11236 -prefMapSize 270331 -jsInitHandle 11240 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11244 -initialChannelId {bdf4d3ed-5517-416a-89a5-98281d293276} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 42 tab
    3⤵
    - Checks processor information in registry
    PID:568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7032 -prefsLen 32952 -prefMapHandle 6988 -prefMapSize 270331 -jsInitHandle 6996 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6944 -initialChannelId {872a5497-2e5b-4799-812c-d54248ab9ca7} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 43 tab
    3⤵
    PID:5436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6960 -prefsLen 32952 -prefMapHandle 6956 -prefMapSize 270331 -jsInitHandle 6952 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6936 -initialChannelId {7d396e01-1e10-4a74-a5f5-cc8af78d9585} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 44 tab
    3⤵
    - Checks processor information in registry
    PID:5944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6088 -prefsLen 32952 -prefMapHandle 6084 -prefMapSize 270331 -jsInitHandle 6080 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11504 -initialChannelId {bf4d2da9-d3ce-4cd4-b4e1-f51e8ad4f9f9} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 45 tab
    3⤵
    - Checks processor information in registry
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3688 -prefsLen 32952 -prefMapHandle 4768 -prefMapSize 270331 -jsInitHandle 3940 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11512 -initialChannelId {906aa1d4-11f6-4d3b-b989-f38e656cbada} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 46 tab
    3⤵
    - Checks processor information in registry
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11844 -prefsLen 32952 -prefMapHandle 11848 -prefMapSize 270331 -jsInitHandle 11852 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11868 -initialChannelId {9e86642e-8591-4bfd-91a2-828ea74a1737} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 47 tab
    3⤵
    - Checks processor information in registry
    PID:2228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11876 -prefsLen 32952 -prefMapHandle 11880 -prefMapSize 270331 -jsInitHandle 11884 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11892 -initialChannelId {9d3130ee-61d3-4854-8f24-a2dd0f40f586} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 48 tab
    3⤵
    PID:4808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7860 -prefsLen 32952 -prefMapHandle 7852 -prefMapSize 270331 -jsInitHandle 7872 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7868 -initialChannelId {55902320-d91a-4b80-85ce-89ffdf0bc6fe} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 49 tab
    3⤵
    - Checks processor information in registry
    PID:3300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7748 -prefsLen 32952 -prefMapHandle 7760 -prefMapSize 270331 -jsInitHandle 7720 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7708 -initialChannelId {dd98e874-4f90-44a8-8c18-39c789491496} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 50 tab
    3⤵
    - Checks processor information in registry
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12548 -prefsLen 32952 -prefMapHandle 12552 -prefMapSize 270331 -jsInitHandle 12556 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8068 -initialChannelId {531c1a93-6f2d-4254-bcda-86422dc508c8} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 51 tab
    3⤵
    - Checks processor information in registry
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12572 -prefsLen 32952 -prefMapHandle 12576 -prefMapSize 270331 -jsInitHandle 12580 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8060 -initialChannelId {575007c0-7283-46b9-8954-f5b56b1e01db} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 52 tab
    3⤵
    - Checks processor information in registry
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8264 -prefsLen 32952 -prefMapHandle 8252 -prefMapSize 270331 -jsInitHandle 8352 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8376 -initialChannelId {390c8968-1a10-4bba-8f9d-6efb5fc5c6e1} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 53 tab
    3⤵
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8364 -prefsLen 32952 -prefMapHandle 8356 -prefMapSize 270331 -jsInitHandle 8220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8228 -initialChannelId {777c0a93-58a6-4041-8e56-301238292c31} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 54 tab
    3⤵
    - Checks processor information in registry
    PID:4324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8440 -prefsLen 32952 -prefMapHandle 8452 -prefMapSize 270331 -jsInitHandle 8408 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13092 -initialChannelId {65b59780-4a7a-472a-8909-e7f206594541} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 55 tab
    3⤵
    - Checks processor information in registry
    PID:5828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12868 -prefsLen 32952 -prefMapHandle 12968 -prefMapSize 270331 -jsInitHandle 12972 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13100 -initialChannelId {5dfbb45f-f6ef-40da-acdc-9afc960372ba} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 56 tab
    3⤵
    - Checks processor information in registry
    PID:5008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13236 -prefsLen 32952 -prefMapHandle 13240 -prefMapSize 270331 -jsInitHandle 13244 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13256 -initialChannelId {dc733151-5145-40cb-b10c-e06ce032ebb7} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 57 tab
    3⤵
    - Checks processor information in registry
    PID:1732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13268 -prefsLen 32952 -prefMapHandle 13272 -prefMapSize 270331 -jsInitHandle 13276 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13284 -initialChannelId {cf63f325-ac4c-4dcc-ad77-131efaee94c6} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 58 tab
    3⤵
    - Checks processor information in registry
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13552 -prefsLen 32952 -prefMapHandle 13556 -prefMapSize 270331 -jsInitHandle 13560 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13592 -initialChannelId {72d5f2bb-5ea1-44bd-8ed2-2a1e4fd61e43} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 59 tab
    3⤵
    - Checks processor information in registry
    PID:1752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13576 -prefsLen 32952 -prefMapHandle 13580 -prefMapSize 270331 -jsInitHandle 13584 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13600 -initialChannelId {fd5f259f-3955-4e97-8999-d0118b79f833} -parentPid 5108 -crashReporter "\\.\pipe\gecko-crash-server-pipe.5108" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 60 tab
    3⤵
    - Checks processor information in registry
    PID:6132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb3c21dcf8,0x7ffb3c21dd04,0x7ffb3c21dd10
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2580,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2552 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=632,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2648 /prefetch:3
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2072,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5216,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:7084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5232,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5252,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5512,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:7264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=500,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3232 /prefetch:8
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3368,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:6260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3360,i,6070809573539199870,2362625533785909952,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  PID:6532

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6696

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:4452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7716

C:\Users\Admin\Downloads\ShibaGT Genesis CRACKED NO KEY.exe
"C:\Users\Admin\Downloads\ShibaGT Genesis CRACKED NO KEY.exe"
1⤵
- Executes dropped EXE
PID:6104

C:\Users\Admin\Downloads\ShibaGT Genesis CRACKED NO KEY.exe
"C:\Users\Admin\Downloads\ShibaGT Genesis CRACKED NO KEY.exe"
1⤵
- Executes dropped EXE
PID:3332

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:8104
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Options_RunDLL 0
  2⤵
  PID:8072

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:6728

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:5972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb3c21dcf8,0x7ffb3c21dd04,0x7ffb3c21dd10
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1948,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2204,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand MICROSOFT.
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5180,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5512,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3448,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:7228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3216,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3400,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3260,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5208,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6056,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:8076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5868,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5656,i,6937293966217504982,13856519921353607214,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5680

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4276

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0c6ee63ae5f1f90fd9e136ea9f5a1c38

SHA1
2cbfa835b4069dca69a8c80e1ce618fa960d576a

SHA256
ef967acc918a10ac2314d2e4fc29578ba69ecb671a9aa5586c45f75cf42cd6f2

SHA512
bc84d81802c9342e1158095b7d93fd7c3ceb170beec1ae1d3da81d41b1c40d8e03640fcc286686714a1232f19a625372d34090ecf0fadf5ee5c26b29959aa30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\69dbbd92-ad8f-4a68-8370-78bfc9f45bc6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
a360ac62548e63bd286226efa9ddefa8

SHA1
2b8254d9ee490b3abd09e3700382c0cd9fb418da

SHA256
be494c861d682da38cf73732c0be1d8484f5c221cad4bc7a6d0f534d33e5172b

SHA512
58db7b7ebc4accf5557ed2d1a1be7c4316feebfb3984e12a6c60a329900c44170807888ed45a0b6cc24a06637a6177ab3930607c93b6677dc26c2455f9ebd9ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c4cd4631a95e2469445da5c993a07368

SHA1
2d95f077d81e827ace4835f71a5e8b1480dbe4a2

SHA256
c860698ce6d9e9f7a350f7750196cfb09cb37415b2fcbb1884962253c1b96cc5

SHA512
c4f8adb4ca407da7096ec866df5b61b66f5fc3aa635a64e08fde27186d9b442eec16925ae66bfbac59111025cd2e50c10377246f606b15f9c2193c0b6ca26c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
57d9e7a2f62fe14a82accc9d48ab298d

SHA1
98869bbc2947d44a99251af4650b701f0a6c761a

SHA256
87a5a2d3335cf4291b6366b5e625be8bcd586fbb0edf7ffc252864ebc606e766

SHA512
8ae315645d587d59dfc88a1c9ebebcab1b1bf7e17136a714b4f9c186fc45a4b90533195fe32c020f5c0a292613dc83d847fd83a67e363f71641681c362715e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
4fbd24af91933a58c02a197215b58a46

SHA1
351d44d4987c05745a959f621467c89c6eb2bd72

SHA256
75916ac4d5cb428842977e3be95db7767af0f82e87195d3ff8c107f0571c63e4

SHA512
345250c7f8c30569907c8f444734d27f1170167b0b1ddd2e7b1313feb1c723b5509fde32669e5d54dc43d6565cebcc49e3b58d9d2dc7175db1aeeecf7f73c71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
79a77ccf02fdc1bc9d7cdc3866def355

SHA1
8ed5ae2fea0c3d9b2cd420267489c47d9ea3ef8f

SHA256
031641c511eaae5ea4f190e25cf1ab0f0dc80d5bc1bd6608d7d6f0af5a4060a7

SHA512
8bcb9b27d2906f1863de542eabfe902a41deadb3512230ad478ccb19ddc532588ba27b364e280255204e96a8082f600dd13e136731a147f0d0961d91a84b1058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
26KB

MD5
3db01f3289b7517e321aac642a91c7f3

SHA1
4d54518f6f94dbe3e4e0cd7cc0d13698272d197f

SHA256
45c8217bf1571647763788b5472b9621330f6b065ea3107e2c6340a60ccb73a1

SHA512
69e7726636a206b910a971c00bb9a2a79835e5f98bc588158f62484ae77cfed138f8741e68b6d69ce77830420bb87df46762c51862a80f01d04112a3561673cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
75KB

MD5
e5df099f26fa217e79383ba8dc3b11cd

SHA1
d10541fea783487aa56ec7d01ced7694a144f448

SHA256
5d9adfc9c986d7f7614fe8903c001a146b2ffdbf9ba44a765648c46c52a7a320

SHA512
de4615cfb9d484ed7149c39970535dc4a5f182a94cf8da1cd5f726a87031ea1ed44da3fababc448070d2d4e8e451514df0a481251eafe2f681f81b2a5c12fbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
153KB

MD5
237f4a0afbdb652fb2330ee7e1567dd3

SHA1
69335cd6a6ac82253ea5545899cccde35af39131

SHA256
1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020

SHA512
27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
115KB

MD5
715d593456fa02fe72a008a72398f5be

SHA1
e948290773216dc1b50c2121314a8cf918c22b54

SHA256
c411f11975d26eb04cd2aa3c071181d4b18e489f1fb97060d4176a3531dfb36e

SHA512
1f63209c93a462c2690442c9cf1c3e5a67f2df7a67dfcda2cb81292a2dbb90641aa0ab81c25323a1f2d9f0fa09b3421d136ae5228c47e581c51912ba284de46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d7c74c1352f37913fc5a35ad83705a9f

SHA1
161f195d1b00bf8810ba5b3ed251caab653970c8

SHA256
6598c5e7f96aa4cae23d3865f75e19c5a4a8c4d43936f9fc620610097f55ccad

SHA512
ce771d0f89b9d38446b4feccbe99e9ecc251faece50a074d141f03f24334b49674a92dba5da0f53413cc7d258dafff8848f3405047b6b7d3eed6d5dc3b32c4eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
75463e5c16361217ba11fe7c3d457400

SHA1
0c8183d6ed5d0d50e99e52f935d64afe7ca71bef

SHA256
35e7a967a1518b9b0eb5838c89ff615e70285bc5a5fdf134505dc0d487457f05

SHA512
d3a06802f53e60e96ee80ca5c746fae0c507bb85d6190d46feec79cfd070c6ab8076a7c63b1a11764b8752eb8bf6441bfbf289adf64c954765bf1760a6da89a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
ac36124e8f4f93a3ffd2c09ba2368ab1

SHA1
1938ad613b4598f1a0f887f8010cf3b433337eb5

SHA256
27b9c7922e6c2e89c8eae96c085eab074a3f87bd6c2554325266284d93a75f3b

SHA512
30419503a78b5c3567018814b0a230fc8a88944b3d76ca01f666db36a34f3e7e5bba0bd72d4394ba10f682ca393c033987a2a66ecabc20dc9cbe17d65ee3cd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
42c05c0ead0264018e264354969355b3

SHA1
0c674b31def7e6f0e5ad1bf550e6e058b3ada441

SHA256
7ce0273c77d0f50a4078d01acc0f2597ae2b37e3ff3698babe221846f0fd3d8d

SHA512
e3ea228a07d0dad545a62ad21588c250e21b9f1c3c9f18bd9701fe70c8df842357827e7ba7ae5ef86ac65bcd6e8437a85430a47705c6d3f8749d684ba3394250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe6258f8.TMP

Filesize
1KB

MD5
b4f3f7f929c2f297b64bad11c8e7d159

SHA1
62d8cfc4eb130ab6c0cb7a59a2a53e8e527a7fbd

SHA256
48814790ef7a99ed67de377f9f6ec4058c482503594e062fd907b91e8a458137

SHA512
6e5914b86639911170bc11265db4c9855170affacb281f211597dc7c32a7c3789721f24bfc3ae11ec3ea91bb798925fae1e9634c94c1f0a1a8fc267ddb8ee658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f5a88ffe0bfec14020f83b5b1c5326b0

SHA1
33a8980cd40acd2302bd7982ebfe2067a7a33283

SHA256
62edacc27f2bf255f5fbd6d5bacc534df941242eaa13a2796a0595ec0a4723cb

SHA512
45d181bf99fa896c803480d5e5b5389d08129ae939034e6cb53cd72b7a80e54282ff86d3e63532a7c6a75dfcb4af0d6161f2301e8f6799631c9b2c6b075cc378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
be9d8fb6cf943f527e7745385591aec2

SHA1
43b9dcb8868b6874f2346077e7ac82f31a19a115

SHA256
f0675c9e432f988ac7524d4f3d28c7119b84a590cc040acb6a33d9b0e479ccde

SHA512
3d19badae6523c47989866ce15626d5c2e393bc22aff3090032ad2568d4083b055d3433d01f66168ad2a399cd97d73d50e0a077291178336821dc99e384941e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
4114a4f2f61cc64936d9a32c39f6fe38

SHA1
fc4da0cc51562b884918ade69e712e4dd4bfa080

SHA256
7cf5bf964913a82316a93dc22e26f534a68b9385594803640d258eb78a9198e1

SHA512
c8b9855cab1f5da178958bbf84797e055aa0c1a524c3df0a7a1f0be30a2b0c63f788491239d7441fe9a015b6eccb5327c5f50175e9fd056b3af3c2949c9c77cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
0f0d900858e596fd7e33122a4ae4b9dc

SHA1
fabf4bb6cedb97429622d754e8e0ca20065f99eb

SHA256
187ab7cdb4926733a79798f7e7f4e38b0515d53101fa88fae682f10115b3c2e8

SHA512
1f5650b092e3678160e3bd77775097b0a2f77dcf2f497688734f9904078707f0ed4f7724bd038d70d6700c6f8ff4c3ce2ef3df84f822496dbcbcb68741094f66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
cfb62af708fc6a525ccfae152d7814bf

SHA1
c4d683cac48abae85fca785b1f1e3f6be21bcab8

SHA256
bf33fe4d3288e7e311183620ee2d9aadc3022baa51111d4879d544e1f0f6d885

SHA512
bba7a5170ccb3c0b6c2070d3eed40e8ac0b91665aff47a4c6f80b967e2549f908e177b657603900ba64af6c8fce034b1d155b2ad19c2fae495d3b87777378310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
e02e62c53238bff4778968c7450132a0

SHA1
672cc3ccd495be37861d2c5ced34251968c3581c

SHA256
674e585022c5593d7721584941c0981a20f80ad15f5cfdbe4a8e8ba8573a303c

SHA512
7ac4e73363e6a3b4b4f0070163f60edd6db873d97b07a18e3640ebf94411eb711e1c6fb70df7a9e26fa467a40afa217c80760578d6610b1a1fdc88385831575c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0b1171cf82707f699c2a325127fa7c12

SHA1
22c17902e277c703c37bd81a3ba5025f494b4e7a

SHA256
33af89661f0f974985795e744f8b576abd70f50f9c930b8f7f0e801666b0aa9d

SHA512
f7502e63d9f5f5c66e13e5ac00b6143ba9fdf792343eea609f2324d45f76af3af157c459fc558849fe91fcc2ccbce5b1217cc6e991e465c6bc9be5dec9d05a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
677dd4f7be7cb7e16aee3b84331ea585

SHA1
7c57fc01e3f9d8556eeb62470231eb0f508bdc34

SHA256
81faeb3659a0897579aae11a6f575990e43013a81388677db816c10df60d14b9

SHA512
1049c65ff8f0198cf60761e9276882f92e281e91a098a9560c0d48247eced1e8f5dc8b3de33c0532c301a09b8a7678171c71dff0e0c47a87ba3a0eba29288c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
49ab50a332206848b824c4f5b185fb89

SHA1
42dc6d16af10cd8f3e703a54af5791a31498ae89

SHA256
ebeca77d41ecd855c9a3b8443552c0f6dea4d7239bbf9d612e92cefcc4da4563

SHA512
a6bfc4473c119fd79d072ad27ab3047be185a2c4ccba520ce5329f43184a6991e4a86baefe523599222a77aff085868dae45f677920e969141963644944bfdde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b5f05c65a845f468d4fdd30bc538e4a4

SHA1
049661cca77b67ab33266f78060438d945ad6257

SHA256
a19b0f1d4e67b71fd3ca52b87691a9bff23762f03e3a7d5148cd9b32050eb8c5

SHA512
28bb46a4d07308e2873025d2cc30de3a889271d2787afcf1207432fbe48a8c98ae3eae9b64c3ccb7e7bebcc6083b116a074efcc165755ba36e0130b7b61ca1c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
7b98bf8cd5eaacdc934f1f8c3596455d

SHA1
25ec1e573522af6fb2c708f24cf64150039eaa13

SHA256
78d869b5b5343f1bcaa4eaad898d99aaf85ed24d77622dce129c86646f9a19c4

SHA512
5ec038deb39db1cfd6dcdfe809e025969468d4aecbb7cc11657b76bf8b562adb021819efc6dea4839245f49ae0c606c0d3f3134b683c05e2b98767cefe6e24fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c1867f507b5506866a8835536b42abee

SHA1
e6eec3e5eaaf21f536f30f44775a788de59005fe

SHA256
2dcdae42fd158c8473c3f58eca1e339eb0a3c93d26e0eb539d98964968009035

SHA512
3b7e40da3d4f128f9ba6ad5655288e0cef617de62f558900695fc6faf5e7316ca695ce2c288ef8200d1e6eeda87acab3a11d2b69765dc3469f359d11115cd128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e3b9f999df59804b23b9a2f42456122a

SHA1
50c33beb1d7874864c6331fdf1d208ef4357be85

SHA256
637ddb27044fee2d0f7b85eba4e06f3b7a1c3b56d4f8b6fafc5de7ce879afaeb

SHA512
41c57f0e3938be3e88884a1f59b5b10a6c21e8fbe944921a6af8c3045411349585823fe052b45e9ea4489b4b6b222b4d1127706d590478cdc1039ff5a3c53e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
d0fc6a2152d8255c82f74e6b44933ecb

SHA1
6e9e41921263a2868cde5bed32471c06b31c6f7b

SHA256
853de1c2dee161b853ea20531fa65c25d9a01383b13d0cebd1d153d632dff5eb

SHA512
04e430a4255577bef05c926f5118f6582d8401a088e578ea077bd0253c8db5ebf9891558e4138d5db2149e51590071182d3fb28e9c33064c00166a10f3c48a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
488feb719984ac50eb37e81aa57de641

SHA1
ec3051f3261436cfac74021ebf844357fdab5583

SHA256
090b6f89e4b56af5ec24ebd631e8e45bcd6af8d07e39fdebe8a6faf4ed3229d3

SHA512
525f2faf5b67453087dbe18a5a9b97782cc9d57f4ca5bf90b696e2bebe0f138fbee7a626624bdcb220211c0b5930382ef3734f50a20d9a6043146b49e20ddd9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9f158f6a494ee561875a393a05c58b2f

SHA1
35de6217ab098bd071370bd2d976e9d8df7baa08

SHA256
7ce370c941ef9d9d4756a42b91928a131eb33f5d3165ea7f9341d76470507c53

SHA512
2787e4fb7e0c7f7e0b6f1b387580d821150544b67998ba4c51a77c84aee3af4763625024cf04121f17b646080a9913ee3afabab7998a4298579083126ee1f82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
f688aefe7a171f9863bad795c3b1592d

SHA1
fd51c548750797e1d9c3c72a7671f0f648259bdc

SHA256
66ae4b7e9ef0d44c999f0cace01627d2b1b0bc33b827dbafb58bc0cf94ce8aa4

SHA512
8fea449d16958607dbacea4611b195d05a500460f197c616de50a531f35701eb78fcfda396662f4a38e24c3de130710799d007f55b7d3bd0e02334fd4b056510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
534d645ad166953a6b4d46f25c9812a6

SHA1
f2b2dd3f2fff7e4f6f3d2a43262f6e0cdcf9291a

SHA256
145ab8eba6c0768bae8a16583b2b6d31d32240120e71b4f7617f13858e3cc530

SHA512
12ec92f13e3b895ddf1905ffdc176b6a97a1dd9b7f7e5293d9da4311d20240b2bdac53d8c3981730d8c26d7ca1a9d0397371afa98a42e436a2a302ef68bb3b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
904af0fb695c3a94f59a452b09128d9e

SHA1
32c72477992b3464f31bab2749e7aaadeb5974ce

SHA256
1590b260717a08c0516e7dd3e28b992270c84d091a5a7eae6603ac9ade4747ed

SHA512
abe4d2f9b24396ba6d344e68561e805510909dba410631a84eaedff760c58b4d183af5cdc3fb4db278910a5465bb871cb0381845bf81fbd7b8e2c0d5cd940e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f165f052fc59ad2e6beb4797dbcaa397

SHA1
cad44e6c402cd7cfa918c2463ae8d83a56f1dcb1

SHA256
77ede6c37cf3f6d4d99f421bf6b64daff84834f5aa64dfcabc1a182aa475e498

SHA512
468153884cc0ff86e62469b5fd0e0e88536e37cf407a9b38bc42738eea24422c8a68e30d487e13b35d1282900c1bc671995dbda6124441098b9ba2aa45ba2c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bd5b9b6f8dba3504ea281cfd40ddb3d

SHA1
dac8bd3a8ead3697a7275bf01a7aa0d81f16c793

SHA256
a43dbb7697dfd75a8e63805534334bbe52c1e31ca88bda07472fa5dcf2510b44

SHA512
37844c2fbf6167ce76c1a5e2484aa892608f29f6960da01d2546ed6b34547e0fa4142e5a3d56877253b0466c3d9e2fbdc045247f989e35fdb009bc03a981b65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8e99f5aae9b6a8991c6b3aa2c47ee248

SHA1
755ea67a19ec8f48e8bd45ec0f3e2d8f986d8100

SHA256
33c7d207844442c3dc1e363b77961a513e98df73509bfc727d5b6c7e792d659f

SHA512
9bac1c2e4783cdabf935fc6fcd0c2ecbe5b0d5fffa41f897e224545e1a0594b4e789e4495bf45e230663258326e946d6fb2ec894708f616754ca766543c51b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
db9c6fd124a247a7d518b4ab770a32a7

SHA1
4f7962363db0299cb03bc24a0b5f8f75dc1737f8

SHA256
3d83d1f004a5989b45d129b58f5ea780b73b7c112c230ed13c381e719dfed4ca

SHA512
ad4eb41034eeffa09dbf432df61b4394efe6654a051ef95a830d36ad5a38fdfa0dcf89a0cef48f7ebc5e6dced0bab341e8d88b16a83094792bae82f0247a8da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6860ea9224d7d28e7cd153e1c22e5846

SHA1
bfffeb2409e4c106c7a4f060f21b9960ab3fbf75

SHA256
dc05a7ef9964e0366e3de4b3a234bf1b6be35cad2877dff478fe3d622135e954

SHA512
21512a3db692975d5f67b53dcbd323ada5b4e6f723bac7f774a522cec72ed561c8a4f821b89002459da2c6dbdd1b15ab88628992136e5018baa510cd65a16d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
55b591d81754e86ed6868ed202dc2eff

SHA1
e2b3c632e4fda227144733f5f6897b2ca260603b

SHA256
46fcb9ba54ecf6f1c4c5ddbec6f503776d779013111becbe5f79ccccf37e9af4

SHA512
6f200d73793a78dac02f993c74a2a4d551a27518b6f22a6e707cea98959413caad511b73a57eb16a5c8042aaebe1e2b3906de4899ccf5b415873dbddf58c0702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
3621a0a3c1e13c2c1b154cc9bdcd98c7

SHA1
c6812da834f065693195c376cc30651b9a9caf07

SHA256
56e430e42495bf748715065eb05ec1405ddaaca818fc859e6a4ed12904b9caca

SHA512
b9e2ff1574c5296cc07a39be1faad1f6c4b72798fa38e203c6b4ac0f5fff9727adcfb4e4090efbee6bff3f6acfa6f0a31d453032816f1902dc21ac83f5252278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
95a2a7a02c9ce63f7539f3dacf66a9c4

SHA1
ff1603937ded45ecc3dd0c1fc0bc7db77c26850b

SHA256
91722133661389c5186dd8890b37b5d88461026cd49cf7a39195b3559d26d840

SHA512
e45df18059b83662aa7c07be42470888fa359213c6586f54af87b3f55de58e6bc1104edb36c48d49ea318167250dabc6dae02e18cbcb2245f8617bcaaa9c0b98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cc05cada927a7cf237ffde23f9c4a68d

SHA1
93445e54496c82480e43b8ab2e691e66643395fb

SHA256
2fab0d5bce1176b90723bb7aa3503e335f0a840b7bcae8296db9dd873b9026d2

SHA512
32eb3adfd7d1066362f4518b1e1c7d6da1710acafbefdb17cf5f87d1f7c9deb6f84ea05e81b5c4e42afe92798661a89bdb9adfdee2dd13cfecbaeb69bbccdd1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0d49068cc4fe86588633077b145d8f51

SHA1
258aaacc38a8cf34e05a17003227dae688a731f6

SHA256
212e238ef8168015f61c84fe9ca25556983bf144e138d51f575c11702922ddfc

SHA512
ce42538b909980022536718e760f51118100c56ab3949c5e11136382256547a23de4b5d9f5c8e700892f4aa23d4e787769f712a93e11b641d9fcd18b0a8e1392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6f568a88fcc9e9128e60d7751f829680

SHA1
09d69fc9008518e65a80ff8b5ee2f291931acf81

SHA256
dd87c208b9fdcde68ca6623cdeecc9470065848ec467f89718a92232e714e0e9

SHA512
45f1a2093c8b709f5c6a3f65f69cd03f75c3a492fa433312e97ab2a2598749543b1a301091506bad88a5ddbc598d49b06b695bc47f379751497655a90f846e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c6be6846b7845c7382ee2734d9254447

SHA1
575b6f5a0fa76d1939580720e30527f234fc1f65

SHA256
7bd3bf6bdb6cfdac71480dd69759ccf3d3279bf3ff57aee546854c5890a6f0f6

SHA512
aa32c7f887f0084c7919f4f74eebf604ba172b881f97cf8b2924a566787bcffd18bb9bc6289d7af269396cb187b0f87e47325fbd0d21bd4d0a4d36b01fb9fe7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a314fa4b3d2f41f7c6562a4a72185dfa

SHA1
021e31950a0a4f790a8a189ac34e369980fb3661

SHA256
f6a754202dec57b4688caead9b53662003af10e1868bb585d2e7d100ee7a46e6

SHA512
a1714272ca420842d34f0abcf2f0dd6cf6e5c8e999910602a18f6ae5c1d1e897796a8b7bc512858ea997ffb55e334bb73708c077fde9df92429f3d51e8e37634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c6537fb09a46da19fbbe6deb1b939d5a

SHA1
061a12c867113978ca6f2fae7537b1edb9c99f39

SHA256
1e62a5fb5f8fe9057fc52e2b89a15a00dfe6aa583ec9ad2dd7c9877433003a67

SHA512
605dfe00e112e01125a4397909ed82d9e6517b79f60fdf09e6fde26c5ccd99ebc9442e783156e030289d6535ab21559e1796043767f89d59f3c317d3b9e4d426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ba31c98870dd9504444bbe8c112fac1b

SHA1
5215f5125e3be6d100cc92467415b59a389e366c

SHA256
56c7b5403590e529608b7ef0c785ed97e280f7d354e307170f62a716c85783e7

SHA512
722ee2b43990e7036589b82645089d1eceffe7b81ab9950a0025718554dd6b905ff7538e8e2abb8d14434df64900f77a20ec558414b6f4b7c7746be9a859ec96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5ccc20f99c6483d0f35bef60e68e57eb

SHA1
e805c6975a31a4764c80e306659b2dd5347fec5a

SHA256
6bce1b4223ba038e3df2e126c4825a0ada7b22303244cb4a75188efafe77ede5

SHA512
ece9ef5dc7aba1c8d3db2c65da16ea99d20f97515d77626465054414ab290a7e18defc0e2f793b69b7002e0a2996a041a667ee777219990170e887a4a91bcaa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3e952868850b0962b0a301607fad3cc9

SHA1
bb0f536ba5868bd052cefaf6be309f43302b4a92

SHA256
f790dc9a3cd560598dc09d762f9d68247e813eea8719f52ac779cc801fa0ac11

SHA512
fde6d42e2bdf68f52b917d243782a8b0122b2301bf63cbf80c8c2ee1459b66d929f21684ba41797a9b9ea98c212b68c0263022de8027009d542fc5f5b520c1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
930d7642f045c6fdd867fa82aa2e3a6d

SHA1
d74f509a5aaf2585daba2e4796a11f2b60fbed5d

SHA256
84d70543411d1b31285a1893fd384ead8cebc24a82f951ff2c876a2d7b860004

SHA512
8685ec430932500007cdda86adec2aca4c88c4c40fff3375a474014770c140b9373be751aa4d5386e700d0120b93de3b80b400c4e89da94a330a650556f71408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
ebc806bb7e78b38c78cf069456fef1f3

SHA1
d96d419212fff8e23216f3ed878cada55eaf9463

SHA256
2c5949a61d26f06b7ac3675b34700158a407de80cb650411bd6fd07081f42b13

SHA512
32595f2f941700b6fda4b6bb9fcd4db5f98b28f71357ff9b12da5fdcb58dbf8fbbd788299a05cf2333c64cd0c7022a9ef20acbe4b732c832472d9a8d12c00328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ba47f265d8e0a93b756771a5bf9f61f4

SHA1
7c0bb584f80b188e1120429de8ae26eba7f7251e

SHA256
fe92c992927d030694df34e67159004e25f4b288b790182ab9c2a2dc1d5ee623

SHA512
3f25a1c4485093d5822d2fadc3a4067e9420ea57957f86945c19399dc9bb0678a65320ec5ccd2e3dc50b4e276c39dde46e52d7f490ed84ce90bef5117f24618f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4feb007b9d85d7d31040ad912baffb50

SHA1
dba7be609f8473717c017989c78cee756942b9a2

SHA256
fa16aa6dac5cc0fe431899fef29cf8a736e66cf74709a9fcc1a75001ea79fe9b

SHA512
12d8399547f99397e80683b03d7c88224435daa8f28150f0ca61ae2641462f4d7ac6642799b08756a3c7f79178dafbb6c6491d018d6e184dd3942d4752b9c124

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585b98.TMP

Filesize
48B

MD5
5982c238353e857b62b3055bb6c67400

SHA1
da8af644d40cdf299ed19794f9a3429a6229d004

SHA256
d3fd9eeee8f2fc86becf67a7bd9b4a740462990c0c73eb7688fde37bc10bdb75

SHA512
db5226d75ec543d4371f1ef2056f64a615f6fa6114eea2249e97131bab5a8de2bb1981abefb7f89519c6b07cc788b2ecfbef7b08db7de53cf9dc50ebe1808eb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13388790780959367

Filesize
3KB

MD5
08427dc1126844998cda99e3eb3f3b6b

SHA1
c75d1d211e845177b740a9859d4c66e38184bf87

SHA256
00f9664a545325274de731e56bbb6b3ceca8f10eebb690aa32805eb159a243bb

SHA512
809b8aee83ceb6de1e6ea5b08d1938f2714300f08c16232005ea8c208f74a98eb650949869540c94bd40e658da3b252331a17107e88566b7fcb1a43881a3ec48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
6eca12d4261423ce58a530bb51f2ee94

SHA1
4a41224520591a9c2eaab4721f22d3d16862a606

SHA256
9a1b23d8048fbbfeaabf7839a0b77cede7cfdce9dfc712caf6c07dda799a0837

SHA512
63ca835fbebca87fa96e70fa6ad12da1eb58f3409ff8356886b8a2753dab192551518865cff52b5ee7a29595ba8ccc898fd0b1e60b281fa5e5c11240aa40fda6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
dcac4437a952eb806c49c46950fccd71

SHA1
8dfa3a4ac7228559e2a3bf412757039051237a71

SHA256
e543a82417f3419ac2fd07b3d7ff5fc194924a46c1f94da9653107989690b447

SHA512
60640e8fd8569d9a7b71e9a7dbb3754cd62209d7683f1e1cae12bb75d26579099e90b30101500cecc8a6cd669f67c1e6a6863cd73cefc1e5b8cba6e0fe2257a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
0e2d11fe3785e456b54937a94aa2e2bd

SHA1
f181a1c02ea0c8d138c80b764f871dc44ad95050

SHA256
a6d9801140604d0d956e4d2af2c84928d5bad23eaa38cc4b936a827cb47b6213

SHA512
d8541615b51f038d13e316f38d5b8c70b86fe7dedbe8cccfcd1c7de03e06164b0b440fea539d60cfaf2161ab4bfb5c7fe4babfba0b1e5a7143502dd9be1fccec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
5251372caa9263e79cac6f9f096fa51f

SHA1
da3a31cbb3bce840bf6190dcaa9a4667a87ccc53

SHA256
442afab78f4ef88106a117684d22141e0a86b2cbe561b876f407c5199cb107e7

SHA512
1862ea276d76a805a81d66f08a1dbc33d5c0b02e9b633f6a4e58819df4256725a5e412137acb05bd46e2c52cf2c301b68749bcfb06c6b46c1e587b5cf1a3c706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
2198e5437a53565ffe6a6ddbbc49fcdc

SHA1
449ca283e456fc78ee907a7d2de7003c3e3000b7

SHA256
d74234666747b42cacbda95541fbed99d40d22136b3999d4cc7a36a153854382

SHA512
527df78f017e305e097d99e6f31bdfaaea3cb6fd0f81eb7dc1353ef1c579b6b3ec62bac17c69ab14a01c39841fc83241ac7b75d3db1c08b802be8e8b0a144a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
9fe5eca8b792807a97f44ce746429e5f

SHA1
1eef0ef77d51ee84dec91fa12a5ee9b167de3cb7

SHA256
88f3c98bc1a62bcc21e239322a71e4b3a24d205d453ca6e642a4e6f1e9a8b283

SHA512
6139354926a3ce3c884f5fceab2b9f969bf03af455f531ff073b3ea3884ddc34a9c84e3cfa7959df76f3e7f52c62339e463d358c13a9805efdd646d932f6c081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cfc0ada2-df5b-48cc-9137-c5c356eb1bb0.tmp

Filesize
12KB

MD5
c5c3ebfe87f18c464aadd9f5a03e4504

SHA1
0672105ac464dea43adc6655d3461b0eee7c6915

SHA256
f9c75b5ac6236816f2a720d9ba883a1639d3ca43912ccf217a913eeae2f9aac5

SHA512
2b91ea209dce6eac7021905cee10a097e45320ccac3390065db193f00fff9314cd521251abfb481d107f125b06def4f48c82a2d42d6143a6d9e31f4561efa36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
86087d056d18fc2638ceac2c1912426f

SHA1
b993c0c19205e238d005403c6d2d6eb767b342b7

SHA256
e6fa5279ae6d29f43acef521b3455ed0c940800c7f04f62689ccf83fc4049d44

SHA512
22ca17369b144146d39f88477d819b916abb772bfa2f910d3ba1f7e2149e6e0e535e3030de71393211de02f2178418ed8ca4113f0f50bf72692fd1f036755a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
bd3fd929685b9778d9ee86063fc25347

SHA1
e997c90a34c4e7fa651261f6fe76bb5005408d44

SHA256
182038e7a27ecfd8958ce77defe093799ef4563387fb57b3c1ad5ffc86f07fd5

SHA512
0c9a3b8e50c51677f00633e50d0c8319098ca8c8dd5282aae5be71e6a3e14f2cbf02fe87aabaef0401e93e9be00c708938eaa6926e933fb22582fdb1975fbfe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
1e8e4063e7b71906fedebdae0ce1f654

SHA1
78d20d2a64b113c6ee61aa5b8acce740e7fd2c39

SHA256
6a272b870a999bc3bfe58239a79f59fd9f29d23279ce06d9f234b89a009fe75c

SHA512
206fd19031399a2c315001e8cf42c2c0c7146a7b7586ec61199e5b91ff11cbfd6b0334361fed4b812a2b492fe90011c6552d29939f353f625ab53cb7cca4256b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
164KB

MD5
fd3822c9f0a9123ac7cf90393f73d5b3

SHA1
70d822208a0ce8b68277091fccccda9882184e01

SHA256
cd1d27f1105c944e80972acb243e8ee653be299bd11fd544e8165a2014003496

SHA512
992dc181d0daaba92ba8cedde2378734ea95a98e515da016eccd7cee5e9372fa0290b2c153aaaa45b6a99b91aa076be9dbfa6305e39494c2b0175c87c62ab2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
c08fa99e87aa54c569281db43170b260

SHA1
f7d461b93527b4a22a25e38df1c1d165aa5caec9

SHA256
3520669a87754c6de82387489d06c4678c468584d145b4d9b80c783be306a5e2

SHA512
1f743c46871fe605654260e3f7602ea284ce7c061487efde2ec88f7eda83e81365f2c460e5d96c6a6eca44d00ea07f07eff46ab7bb11ceac0e44abe12a1e482c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
86KB

MD5
14785ab2843492b42ce9446b84a54245

SHA1
4a98bcaf602ff54364e38c6513cbe770978c17f1

SHA256
6fd891b4a7a5a9dd23bdb915b1deffdd786c0efe6f96c9d092ca51e135586d60

SHA512
82a294bfcbeca09c434656c4cb4aa11f35ccef6b5fc40acf21dbc4da6848c48b228c26064bd985401916b189f63db20706eb6994195f5f1cf799f2a5b6d2441d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
bb46aca3594b185ccf8c6108f0711585

SHA1
5dc12de029173747c52143eb85919a937e92f56e

SHA256
ba62d8e0deace0f400fc48fada68679fc414eb6eb1479fe8fa6ab68171cd0d0a

SHA512
4615cda7eee8681274992858de3d054a43a3b65aa4bb416c0a3dc98519456f33fc982db46111c509ae39d95228a93dd769b3c54bc174c4d6bf2212b5fb36ce71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
067380c4a100997c268f4bfdbb48fdfe

SHA1
beef4bdc8f662d68e3e16bca1ae72c68976343e6

SHA256
d22e193f116af354ad6d50898d2c197398fee6285bf696898b473745fa845a4d

SHA512
1443cbc7ecf9a28b3313eee3ba8e682826cd4b6a0107361e0d356990ca017d7c80b53f65e44cca1a5c397e0c616187bd8c4773b04b0cfc77e06b6040fc16f175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
234d04a05f21d2e4fb95491c981ad979

SHA1
8de02815dce3c2759f681499d1fd5f9c524cbb9f

SHA256
2f4c3e7624741152136d3815bf011b73ee17b923025334a67b6374acfdd128e5

SHA512
3280a7b72a1fc4636d6d9554f3d43fc1fc1a83d42154c578d9093691201470d3d877941db97d5923a09bcaab8809e07d56b25bcd8698ab9e0684a8010db49344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
90KB

MD5
e37058b2b39f649bd86e6e86d8b2c941

SHA1
855da2749e19e2fcccf3e2bf2cbc655ab5f17796

SHA256
ecbb8d64ce985d2cbe4d40ad26773fe90cfbd84abd90f995d867b9da52ca0c2f

SHA512
86c2fbeec574a3ee10a1fdf60d624150a7a16247039e7647106c4c9581302358941478063d981208ff76cab493cf6edc34e14a7bc254fc7bd23aaa04a1f7869d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
61b43332f3925be73da71844fee7e4ff

SHA1
1b42bf614de557ef7105a556476462b8c6a50521

SHA256
c16b1caf7e3e8bb2895d80659d138a6b5a1606764af5c1f11d639044dc1d2d30

SHA512
837c97859b281f5570326c90ee39e07cc301fc6ac9870300aaf5b496ff3815a47b8756c48b21c12a4e5314959e2b561bfc909978f9149154de352a2614973b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
93KB

MD5
66ae165c4121b0f7c116d895b4e2c7b1

SHA1
ecb97802cecaafdd01e05f3ff9492d0923c11873

SHA256
e7fbe04ef3e1170a9b8bef786c76dd003417a76dd39e19b42a0a11d44ff8ace2

SHA512
441714f0a5e81f13e893a6fa7bc58e7352f3da6d6a86cecd0475377c41f671af9cb823dddcb34ac52297be2327b8dd0067d048f47fec87d7202c8833c10a0503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

Filesize
44KB

MD5
681941fa5f3c9feea205ea59a2f64e9f

SHA1
cee18f523359108b82f7fa9bddecd1b1fd9b8889

SHA256
e76dc382f4b315f451b56bedd2c670777a037c4c5645cb6030218d3fd6ccceb2

SHA512
42fbae4ab6a3d469ecacfbc7419ff5d26182cd75a749d982d247d292188f6bbf469242ed4d4d2ad6d3e5d8edc6122000e04c52d488087e5e4ed21c89c7506cd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
594d3503015d951b54088c814d5bfb88

SHA1
23729a49af03d6a14c2ab7e290b4e67bce8f8d05

SHA256
3034df0ea51a72d053ee72c2430893baad7e372d9277f9b78b1848c25f23e3ba

SHA512
2dab67e24f3ad79f77e478ac21cbf89beb18873c0a4804d067dde1b420ca976158c9774b926a70c5eb6eb90c4c548d5f68b2ae85885717369b7d8c40e28588a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ee69c743f8af7607f0bc7141348a44ee

SHA1
ce5381926774385c653e0b569ecd0c385c33bb42

SHA256
e073cb5040811c3b3126dfcc3745e6b4f4f5c6c3de0149c93d6f0ec749b15b41

SHA512
b845ce142786eaa08fb2f91207d57932d688e7030f885785d1c0397e3a3f7415ea1b04560916f193917e7e847066806709a4e2bc67db8ebeb0ead14351e39709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

Filesize
1.0MB

MD5
1974cad1a8da3c0d8dafc74cc7ebb6b5

SHA1
d4c81812e26bb8b3a40677e99bc2f0425ae9ed54

SHA256
d49f3d18fe9c7c373cdeedcd9b777f3216ca5ae39259f2f338bb867ec2070778

SHA512
2b7fe7295e35e673bcbb90a568a361ad5497121658dfec8e07a1e3e70a018804825989fc86375ef838f6bddde53bd8114a2edad96b37d8295b44ded38083f902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\aabf5f6e-18d2-48a4-8c34-297f4adfcffb.tmp

Filesize
78KB

MD5
815f0004c71bd7aef1e22ebf1fe159ef

SHA1
4050ce30f9754ec082fc03460c09723a6df3723c

SHA256
1947d94086e1b3f74596ef7d2cf62817319921b5c43b01488be72eb4af0896f2

SHA512
0f4e7ec5260bb116f47b3e4e1ccae80cf222ed1c1650a27f3889df01171fb4a03a43067889093dd047a5219b688c260fa0c2befe7543090b8d17fedcb94c78a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
112KB

MD5
3fc5e52ad9416885af849b04ac88ae85

SHA1
d8349ad5fdba0c2064b311d6d67c2ba65979b57d

SHA256
6be58d3e4c3c45397fa39a367870af82cd57351036244c5910157b0f403a3032

SHA512
e719c7898e64a27184a712d3e7093d631c419b9c98cb4b24955b26cc9befa8e860b8a8d8189e4ab2ce772ba83ff7ef900c83ec150d2a4d242dc6ac90e23ebeb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
d7f43250516650e55800add576f769d2

SHA1
9ef2ef5d4ea7747ee02c3cf5bd5710fc574be422

SHA256
ffa0cbd5749e884a06c998d76cd0fa87f5e8029d2215962c65dfdca91994d25c

SHA512
42696237c51aace50d8df520118d166694a19d6bee94b7753dbb60acc8e2542464d075c5e4df754f3ccffce2cecce48cdec027f8d525086c289b57175790a738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
d5847efa301ecd73cb271ceeb36fbacb

SHA1
5de0d50536d0f1c86e488727c3f56593dfa2a4ba

SHA256
0d820dfdcec315eb51da81b447dab5f32c4fb3baaead827c68991f31401a2a83

SHA512
182be191c1463cd9a44f555dd730cb4ed66d08c2fc073fd57867bbcfa9d5f0a4ac892ce0f3d3970720e52e0906da47740660d9eef7a12f94b5a46e7d4e390362

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
28KB

MD5
2a7e7ea46ad7df1953db7db11ef5a355

SHA1
fd69a79b3700e596fb82fbe773267f6b75d19c97

SHA256
9bfb4fa9727186d12aa05e7fbc39c7d4f1f51f89d28272846c1d38a145367a53

SHA512
4ef7ffa9943789713f9e555b9e91556aa39ee83f52190cc6b4bfbc56ed1df258ea538ab88eea78e6a676ec20fe70caf07b2d8929dca3e007fdf325dea47574af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
0ec3c4e37121f7b874a4a924eec49bb7

SHA1
99368baa9f03f741b65c563fd01765fee4016dd0

SHA256
1d49d919aa10b4fec0434d79bc1f3174d12edab444d48b614f475ca8b58e9a96

SHA512
cb7f88f3908a545825077fba4e8516f5ff172e5c4e0d6f4988723dfa03258e1127cd1d63d5717028f593bbe4aca05ad836dd9fe86981ed2dc48f4d492dccc1cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
6f296c9034537c1b860adf2ce2f42661

SHA1
f89578a87cd2eb9607de3376cabdc1464a7695fe

SHA256
244141aff332e8ed3137feeb1cddf2c2763906652d7a34a6f49f140a43a5830f

SHA512
86df5b40044f4835e396298ede41db43643bb85395ec9fe92137d9942e692a5735faeb54e2f0e5cf8b1fb9f5a1b6d4046ea6bfc3aefd960b321b67edf821beb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\pending_pings\226b1190-fb04-4d2c-a208-c54b4af2b7b2

Filesize
235B

MD5
b1fd98e0db77c11f39d720c996ca9a2c

SHA1
53ddd4ed4841ebeaaf1b0367e7e27e9714d573ef

SHA256
b34fce847b9a61870cbf86609dc84a5369ffc0f4417afbccd0aa7c0a269e272e

SHA512
54faa1a0121954864f314bdb68564b6d30d6288063fb927009d89c33eb4bfb4724fa1bd02708bea3319e3a10e0dc18c8179d5d07a3ace8198ecf9528eaef96a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\pending_pings\38db47e8-1324-430d-99b7-84fdc8abd6d0

Filesize
235B

MD5
031e0453d91bd25a267496c6f87cad63

SHA1
9728bbaca590c23fac0d139581786dc5a3a25087

SHA256
2b2974cae88df2fd3a29cc7b3f408c888136c9cf6424ee8593da6aec68a3009f

SHA512
e6cea460cc70ed8945d2dc632ccb26a163f91c2853cc6502a45fd7bbacb6207e074c13e108a20fba540904ea5ec0e22ec2e604c369d5a41316a5e3104042b32e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\pending_pings\67d48da9-1d45-45d8-a301-c05355801334

Filesize
871B

MD5
0dda6f55d59b3aa101be9f415f824778

SHA1
9a70f1ce14f6816dc4cc10b339a922738562d589

SHA256
426dd3ec8f48b7f32fd1dbcdd7d803e464075b4f035c05f62ce56fc9f2d3ae31

SHA512
d2b3e867e6b7100b4333a29f9e065c348eaa7f9f0c008f9ebd167df156ac28dcb04cacd5c3b02ea28e29e64323d0fc8f8910d5ae848ff6cd81bb2b933a18c3f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\pending_pings\81a1db69-e658-45fe-a683-3000f2891e91

Filesize
2KB

MD5
4479373f215ec8ebce0406c42593b875

SHA1
6beab7ce39166804fcb87b4709f3a90c3805ea79

SHA256
e0b499ecab4fcd18a02e2fec28211610d058234202c6bea8315de11aadceae3d

SHA512
8633aa8e5d57f76c006097cf68b8078f3c6186bb471bc7e4433b90363251cce22b16d506e44c9f434f9872068caf71bf28bd46eb3450b8a601ee72a5afd5305d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\datareporting\glean\pending_pings\e7d157f4-df49-41fc-a200-026d5a8802d1

Filesize
886B

MD5
222b9f006f2e9e73e0fcd800743caf3d

SHA1
5a5e45259d0a4cd71892c06386876812014ba1ed

SHA256
5b59297d9111fd6e0dd4c2808e75259792cbf0adab0febe570ae5ba491bdc4b0

SHA512
812ffd8f79778d8ca28b22b06d56d827fa48161e50c1abcf1c84039606e463b6c39763217ac93993bfde007367f249031de6b40fc74620c79752d9400586a3c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\prefs-1.js

Filesize
6KB

MD5
0216258092e5a3c5e3926a9cf9308651

SHA1
a4a9b5166eb1cc39d16215c2497c368cf73cc089

SHA256
f157d6416e8bda6889c3a675c8e95829804c4c1083223dae03789a328298f7dd

SHA512
2672ab2ed7dd2f842f0b0cd17cc827748f6e140c17787711aff833622df3937eb59d70a0b0dd58ffb05f4ffa1015f33813d5522d31447c2b63bcedd0ed55124b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\prefs.js

Filesize
6KB

MD5
6521baa8734a604a9360d54f90916cbd

SHA1
192d5518d9254fa32e565cccfa7e28203e5d0aa1

SHA256
599c1052c0c25e228c367578bb67e76b172f51307df1041ee29e15355b74e65f

SHA512
bb9058e32072c65f128b73c0e5a4dce2432b41d07e39d2642daa6c560c2bc99d62a5d429cc7f37cd44f58b31e95dc3a89d3dcd30d8dbcc6e883c2d1512105809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sivj1aq0.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 113951.crdownload

Filesize
6.2MB

MD5
1070848b12085ef27ff6348aa12ed1a3

SHA1
5e1c0855a02d56c852a146bfaee258d5c584227c

SHA256
f04c60667122ed8976546ec00278566371cdc17b15b34556654bf7248967a36f

SHA512
8bbd7d35e1e201b1e4d8efc12317a207921a17e0eab59f8a8bc3b4ae4b12d7bad4821b5a85704668347928cb19a3370a6e23bb307da2f6007eb2953a3a4307b8

Download Submit
memory/5972-1451-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1449-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1445-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1444-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1450-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1452-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1453-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1454-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1455-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/5972-1443-0x000002722C300000-0x000002722C301000-memory.dmp

Filesize
4KB

Download
memory/6104-1439-0x0000000000BC0000-0x00000000011FA000-memory.dmp

Filesize
6.2MB

Download