32647de0072a00cd702edc9f0232e7b7406752ff044125eed74d78bbb55c74e5

max time kernel
150s
max time network
161s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2023, 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Youtube-logo.jpg
Size

77KB
MD5

6b2d7ac236aad36d98cab75a43ca11d8
SHA1

ed9ff85119d5ed1b510b350934989df0fd079996
SHA256

32647de0072a00cd702edc9f0232e7b7406752ff044125eed74d78bbb55c74e5
SHA512

28c991805820d839e962b37aea2cd4f67f1dffa00a500bc9e43c98ef95430058b5f70e2f5fd2d53aead4055153b7c224055c264d46b027ebb52bf5fd11c37937
SSDEEP

1536:aiq6CtiPrSAnFXZpCesWpnYVD9cPY3P/16l2RFiqBqu0M13+uG:apz8PrQqU+ileyyM1OuG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133410898007350440"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1894964180-3551943068-3090682958-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4964	firefox.exe
Token: SeDebugPrivilege	4964	firefox.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe
Token: SeShutdownPrivilege	4904	chrome.exe
Token: SeCreatePagefilePrivilege	4904	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe
4904	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4964	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 3708 wrote to memory of 4964	3708	firefox.exe	73
PID 4964 wrote to memory of 3352	4964	firefox.exe	74
PID 4964 wrote to memory of 3352	4964	firefox.exe	74
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 704	4964	firefox.exe	75
PID 4964 wrote to memory of 4972	4964	firefox.exe	76
PID 4964 wrote to memory of 4972	4964	firefox.exe	76
PID 4964 wrote to memory of 4972	4964	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Youtube-logo.jpg
1⤵
PID:4576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.0.104438676\115334844" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 20858 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f19cbe3-2c1b-41d0-a120-4c5fac303b25} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 1824 21a3b1d8b58 gpu
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.1.1046920640\925356757" -parentBuildID 20221007134813 -prefsHandle 2168 -prefMapHandle 2164 -prefsLen 20939 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30697ff8-15ad-419d-915e-ad993ed35aca} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 2180 21a2fd72e58 socket
    3⤵
    - Checks processor information in registry
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.2.804007331\83510057" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 2648 -prefsLen 20977 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa747209-27da-48c4-88a0-980920d19837} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 2960 21a3eeaf558 tab
    3⤵
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.3.500958432\196757809" -childID 2 -isForBrowser -prefsHandle 2808 -prefMapHandle 2908 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b0b0689-0e4c-4d1f-923a-305d8a7e46e3} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 3448 21a3fdf3f58 tab
    3⤵
    PID:1020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.4.1091182196\2091190043" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 26402 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be5f25b1-c281-405a-b46e-c45bc6f6690d} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 3708 21a3fdf4e58 tab
    3⤵
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.5.709757629\127366111" -childID 4 -isForBrowser -prefsHandle 4584 -prefMapHandle 4588 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42ede77c-59d6-45e9-bcbd-74b403414ad7} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4812 21a40a42658 tab
    3⤵
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.7.1541219100\1277069066" -childID 6 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d589d2aa-7776-41f1-a7a2-b06a58fd61de} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4812 21a40fc5958 tab
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.6.1960315121\882987398" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26461 -prefMapSize 232645 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd559848-7900-4abf-ab24-9e5f213cebce} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4572 21a40fc6258 tab
    3⤵
    PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffa5a529758,0x7ffa5a529768,0x7ffa5a529778
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:2
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5228 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4888 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3016 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3064 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3136 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5436 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5684 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 --field-trial-handle=1804,i,5306408081775080056,1556936252045056920,131072 /prefetch:8
  2⤵
  PID:924

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
40KB

MD5
7af63db34db605d8dd2c1c9a01b1e053

SHA1
0a78f5165c37eb51371afe2e9dde9ea1f70b8912

SHA256
b4f04e6c5f7e27398f72dceeb47a4711f6b4d475c4a2c8c23e8930d6718ce938

SHA512
78387a5038d814c1ac71a35bb44e0e1e9a49456e4b0da8e38766f3ca3f4ce9f973926697701bb1cfc47552dc11ccbb1326488e0a28f1b1f0cd96e60ace05a8b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
7f5cc836e3a6c78e3fa00565bc777046

SHA1
2b0070d3d7876ba6f0189ad7dfbb23116221ce4f

SHA256
820ecee21751d63e6173ceecad964cc8f054925edef459dcbf58d84f1d82e87c

SHA512
7a16a00a186dc4a00373b62a96944fa2243278c70ec6e21cdb4c58bf6d431b95448c8e7939c36a9e21ee46282b6783cc068696b4f3dce261a4a799339ff6905c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4b52953d052ec046d98b196df6a06550

SHA1
bc92e4bfaecf83c0664eec3caa120c54d3d91b11

SHA256
a2e44d3dc16ceb09967e4583e7cc5510c87c2bafc77e9231178b5f94a642acf4

SHA512
21f1ad0e18a4809729d184feae6cf26887aeda4c1fa017cfb2f81369aaba5b2e068bcf6f8e9ca57af32ee8a40ecce38dc972862c9fc749f7e77af3ac873ec160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
75d700115dd289413289a68c4ddbab12

SHA1
c2ffbf7b862a38dd09586d0166344f3300ac4e3e

SHA256
986cca3a708b88cd1aeb3ab0ee775f56423d9d7760d5066db3a09517160532dc

SHA512
e8c216bbffcbca4cd43fc840467beb1e456acd598abf521ad57191e659b818065a296ec7832b9c2b12225440de7ee52ad10a6d0078794a18b5682d042dc9d6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
a07627c2654949a14e810557c704518c

SHA1
ed83df86a37c5a661ba4506fddf03b14e356aad2

SHA256
93740132f956f68ca9f2fb30a522af0451b8ef85997a3c0c08c99ab2e7e68d20

SHA512
dfad7a00617aba0e14bb2a24e437614dbef471640f594cfb0cf3fd09f6dd9f0a3f037ad62e5dcf74add5d535e27fac1fc731c386a0b53cc75ee4dffe9f75fead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
ecabd70d3f953dd270db4c7020a949b7

SHA1
9eb8619b73ecf43f2d1255c99e86574e5be34f9f

SHA256
d3dab88732d034cd433e41a036aa23644fcd312b8d2478fd836b5bd67f8b45f3

SHA512
cb501868264289456d41e5c1494483d4a54a5a93b70b1ea5140729ca9bdaa76a358364aaeecb091c7162c8f463427b9ad3815ba458158f49dca606d67226d1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
6939aaa236af9ecf91992081f2e93f67

SHA1
e0e006e0f18dee2c5a60b203d154b52233445e88

SHA256
adfef509c6a84d6eefac9ebcaf7aac8e2dcf0ec19f3b47ed5192b2f5593e90ea

SHA512
a5c39e78f7fa0a91c29839b429f54e89b12161b823e5567edfec87479fd86bc2a4dd38af1180f95cccaa9a936f28441b877c4d4508970c251dbeaa51ee10caf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0ca7dc50e8578d171c8f246561714ce4

SHA1
b549a5520afabfbec1d6150b9d0dc22e4852c49f

SHA256
23ecc55c1eee21d750ee328436354adcf770632868c6f91dce084abf70efa762

SHA512
ae6d32aa253badfa1caeab9a703aaa1bf2d1eced4d4a0778b30deb7449286c81d673200d296ac3d9bdf2e7c7b1d24ee3819a42eeafbdad41203fe851027ce80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bc43a56927befef80ae612700f1bd513

SHA1
9a6cc812fa5c31e5f91b648adfb840c94cdcecd9

SHA256
c516752b5f96f58f8dc5f290b7235da5f5f610cd1637779b302b35adbd8ea4bc

SHA512
266ae453caf469114c4f084c31a044cd8d4bd7723d4b3dd6b77b76a16fdf867625a92262d7fb8bdf8a267f4aa7251e8b70b0fca9fecf8bc0cb4cda6c539000d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
83e675aa7883ca2d921de6fc05f3bd25

SHA1
e97d98c8c027e57a2033d0b3df88a7ce6424c9b5

SHA256
9c91c30b7966b97239469d31a1cad0d40ffab271192060e47f4134e37d795579

SHA512
c994cda1c9c3e65a6985b34cb2482645d00d62d80b17f7fc5c365cb5418034255c192ad04962184d73bc0066b10e0f74822b6808554dcd50057f814b5e47a179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56db29f2af40bd1563b1f09832dec710

SHA1
7e589fb5be3428006f0f3b2d7406b6dfda9c00ba

SHA256
183918d6e78110a4d2ed7821317edc4ad9aaa572d4df6ae3e6562f5d2a9a4c61

SHA512
a5ac8270434f8243a21dca0485a63288e8a670be6e7bd665c66a76a22850fc70e923d86b62c4a856784dcc14904e8428f3a8e19e3491a37c69974ab30ea47755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
878f1bb38719f8cb1e73713624248f15

SHA1
cee5b3746d53fd2ccb0ef4ee6c3b9f245279fb8b

SHA256
214b922af075f40dde025839ddd30fa2a8a1dbbd11c086b4b1a01c74ac078e67

SHA512
2d44320558eb8054ea9f720d93b0b707d1c810a7ab078c505e62ddc01f233237c9706e57d7cfa33b2b7019dbf95aaff89be697b0ee2dbedfc556e16d24d4f7cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
f8fa94658107cc56464107b0348fab1f

SHA1
fb22f077d55cba5214fd616871e1b746c86b546d

SHA256
dc55155bad10b2484c8865b42b54d3cd29d795e542970e61e4aeb3bd80b12131

SHA512
69b29fc80d78d213e4f2386d258e8170503611c8b4f9ca7f6dcc66029bd6e2164adee3755c3f9230515f03066d11920e9e27cb1df49a57d2a6d61e3163e3d293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
343ece22d0f741588e9e78cee6b72ab0

SHA1
b0a17af2399e0d595a3604302295e495c8e981d5

SHA256
a699ed061b9e28ac611320bc006b517c8562594faecf66372f1040defaf9d103

SHA512
cad0b97b540e91a50d2702b5016fd2b48e4d3c3b2efc59f5b20c45ff047b0fb606693bcc50c18629fa45d87d4cfbfecdab72e64abadf699b60d160e1ec88760d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
f6351bbed0b833e746f4702e4bbc5ddf

SHA1
e13ed2964e94086b29cd0d1b8eb4b1a09d82b14c

SHA256
24b2ccd13a502f3052d494df16c2462ef212182b2df5462cea313ce900544cab

SHA512
4f509ab5b96ce0fdb7e463e9010ee9c2cc537c8a4c7b4e7f56cecd636e706d882d83dc72a2110dbd0042681cfa279197fab818890c36e438b29a0e833082264b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
bc65f7256c7b781c864e10eb1f06f509

SHA1
ed399406ba33d186e9496eb73de7f3098a4c453b

SHA256
0e25b7b34352718185ebfef6cf890a0cc27a62b88548e8ba5f4d6da50c6c5d90

SHA512
af6bfab4bff20dd7b5bbd0049041ba9672c67fdbf582d7eff101e9068a5f179769f9d8e8375ca6275dfca927b89434358e3646bb4539e072d616738272c9fd76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
a04b848a8fe9786fe2c2d8d8867040dc

SHA1
92318306d4eb8ee4cba54b285abc63ed8c8ce150

SHA256
550170ed698cd54c04925116a3a46f4194d68ef95833108de460ff181a3d4df2

SHA512
b3baa2e1783239ef5e46cdc2d68146972fadc414cfcb110f03d53a7c56f6e4e02ad415c6f4cfe966be775292599a97dca74bc67000df10b5d14f52b99b9d45b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
66bdf85ce137736381897bb8a8e7d598

SHA1
7b2e790087945df25b51b989783974e5189df27d

SHA256
426d0a9315048b8e71919a0103670fd2d018366b45de4afec84ae21c84e3eb9f

SHA512
82cdfa7cd3f1b06a4a637af2d90f972ddd4dcc111a9f04428498d25221b93346a0cb4bb9fda8b585c923a5deb66e8716c9e5680fb8b7921d5236fc049a10b53d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
5ac915d942f41317f4928c5806e9d2d0

SHA1
69bba2fe7f16cbb2617a66e06654c96413a773e7

SHA256
ad1ab1db18af58e991ad51a6a6e0951f716f6c4198f2487b3564ddb83afe2b3c

SHA512
01baa114f9ce1daf4fe21548d220c5ca33655377e54ddf1a89a705478275ccc97ed7943e317cd3dbba3ffa3d093d265e2af9b2aaad30ad7f3f639e2432b8ea29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
dd7bc6ce9d1a6c6d5bf06bfffcd4dff3

SHA1
2ae2b83239bcfa2f478bbb361a274231f5045a1e

SHA256
bd5c23b952c2853c5ba3d9204677b37e6da7063f2c66de417ef5fb0c3d57baab

SHA512
f470fecc42aef642d5c6321aacf1c8cd5480783b3e93439d9c4c0f85bb0dc645bd0a074aae2e75343b064fd61ee81b298cf8202370a0c7019528c5c407261786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595a8a.TMP

Filesize
93KB

MD5
a69618153657f28d87906c124accf855

SHA1
dd5f918398889295194a29771b9734aabc2bbb75

SHA256
730a4875ae846b674105f057606a9da3567ae75515a97daec2f69b283cb253bf

SHA512
98adb4f1adb334c37452c050bc9390f01a2ebc88f4278e8934da82f5eb938f178c1b7a7b4605d97c26d28c890d34388b38f87a287889396a2137cbe0b7ccae14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4tubnn5x.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
ef5bd2cbb379d4189bccd8fbb71a0953

SHA1
2465cd20429f13c9a7d347d52c0a25aa018c0b45

SHA256
c344d61b5c3894a7b69a0780d59acb5894216aee155270f6789647f5acb949b5

SHA512
be651b4e6050f2bdee6deba6c5b8b804c4b470460b8094854d44e9aea611c39b9c4e7b3d0b7cdd50d1457d6316631ccc1fb17f60b75b9c3d926a9eaf526197eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4tubnn5x.default-release\prefs-1.js

Filesize
6KB

MD5
92d36d721624bc0b377964ca390a633f

SHA1
e62d29ae8a018a2901fda1f125bc313b05cc5a77

SHA256
31ae9d28318f1b2ccc2b48b04d020fb5516e5946776cd7a296f3c3d4ff95de26

SHA512
cfc4d422d5ce1b3a301b7717eceb4c5370b3365d0c4a102a29d4bd07818ef37caf7cc54b2666704adb5d7341350debedb92e5aa7157759d13b89bb5c4fa74136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4tubnn5x.default-release\sessionCheckpoints.json.tmp

Filesize
212B

MD5
29ce37dc02c78bbe2e5284d350fae004

SHA1
bab97d5908ea6592aef6b46cee1ded6f34693fa2

SHA256
1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693

SHA512
53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4tubnn5x.default-release\sessionstore.jsonlz4

Filesize
883B

MD5
d988c4eebe8ef36565284768171f4756

SHA1
c64cd1823e160236f9d55af4ffe50b85e879716b

SHA256
e8709714c6577384ba14b4c89637fbd1c0a729225b3772dfe2df0c3584c42b31

SHA512
b26ee60e9205b833cff2ee1a6ded747fd37dd918cff65dd3357e3d73b29cc9199c628fe8dfcf7833805a6689f0224c04da0f5d20f2638b0a164c7dcaaa32dc19

Download Submit