hxxp://www[.]gameforcode[.]com

Analysis

max time kernel
196s
max time network
197s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
23-02-2024 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.gameforcode.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531216984498897"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1990815831-2007029909-3877453929-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
2256	firefox.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2256	firefox.exe
4308	osk.exe
4308	osk.exe
4308	osk.exe
4308	osk.exe
4308	osk.exe
4308	osk.exe
4308	osk.exe
2256	firefox.exe
4308	osk.exe
2256	firefox.exe
5156	DllHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 2324	3960	chrome.exe	74
PID 3960 wrote to memory of 2324	3960	chrome.exe	74
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 3252	3960	chrome.exe	77
PID 3960 wrote to memory of 4600	3960	chrome.exe	76
PID 3960 wrote to memory of 4600	3960	chrome.exe	76
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78
PID 3960 wrote to memory of 1368	3960	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.gameforcode.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc726c9758,0x7ffc726c9768,0x7ffc726c9778
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:2
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2632 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2624 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4584 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5416 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4380 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4592 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3152 --field-trial-handle=1660,i,2486474104305425013,9847006048258519381,131072 /prefetch:1
  2⤵
  PID:1916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:68
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.0.9594185\1679024528" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ab54b0e-0032-47fb-b38c-ec9c06849815} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 1796 26e33e0a758 gpu
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.1.2012496012\185979973" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fc5e349-45e8-400f-8c17-3648555ead84} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2152 26e32afb258 socket
    3⤵
    - Checks processor information in registry
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.2.695535165\2073078774" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 3040 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c6fc4d-01b4-4c15-be2c-46714023a29d} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2828 26e32b5ee58 tab
    3⤵
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.3.1076532690\765028771" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d520dd50-1aca-4b41-9509-a0cb2ccc8d60} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 3476 26e37c39158 tab
    3⤵
    PID:436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.4.2000934993\437328213" -childID 3 -isForBrowser -prefsHandle 3484 -prefMapHandle 3956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab66e314-c78a-438b-9fdf-d79a03224aa8} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 3972 26e37ddb558 tab
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.7.1639192798\893278348" -childID 6 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88f7d30c-a771-4061-a06d-6a345960b7c1} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 5204 26e394add58 tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.6.1420446315\265177983" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {207bac17-ed5e-4d8d-9ba3-0dfa5449aa6e} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 5004 26e394ad458 tab
    3⤵
    PID:68
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.5.1680992499\938625837" -childID 4 -isForBrowser -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cd071b3-a83f-4eda-977b-d2b991b89484} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 4884 26e394afe58 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2256.8.1802981759\2011157156" -childID 7 -isForBrowser -prefsHandle 2752 -prefMapHandle 3172 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f493cf6-4082-474b-ae38-cfd8385615bf} 2256 "\\.\pipe\gecko-crash-server-pipe.2256" 2584 26e3a55a958 tab
    3⤵
    PID:5452

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4308

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- Suspicious use of SetWindowsHookEx
PID:5156

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c4
1⤵
PID:5216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc726c9758,0x7ffc726c9768,0x7ffc726c9778
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=512 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:2
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:8
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4912 --field-trial-handle=1732,i,9784411772662753109,17511809120929726973,131072 /prefetch:1
  2⤵
  PID:4236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7e040e0108380239aee8c630910fa104

SHA1
88b3c774709870b7854a747072c417ccd0eec089

SHA256
6e2997705f2585039b27a2d92ca679df3f222b7dc22e918ed044bd07e1816c60

SHA512
c58b6c53b5850f9290d49cdf8ba35f210d3181a2800ba8a85867c2ff4f932f04ae7436822fabccbf6094bfb6c4b4889635faf50e4f3a33506011e6a94f74a410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
553f0649b6b314c4834cc0d76c92ed2d

SHA1
523652af0b542bf993e83f89ab08f19117236f7a

SHA256
a6a68912e395144a354189e60174aa35fb2640281c3a3f274d86838bc5e3096b

SHA512
8a263354ecca1ae7da24506e96d06e10cc33b60bea2df9113490c2e85ebf46a3c9fce988f284a270832db0c501e15697fd114e9c4b1020ffbf0c4cce956c3479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
1688d1a6c1a93db1093bcd588fadc29f

SHA1
08a9746456b8d14c4d516db4951054562d47ca71

SHA256
c4de65dc2cf83c9ad3ba4c3f9b1e1fb063dfbe0c69f1661f7f312ed8f4ecb68a

SHA512
2bcc18308c406f4830d49862c06bfac049eb038ac70e3a26d710aa7215765ab6f9d0594cb5bd990b733caa59adf3d4a16b9a50b78597c6be45e8dd293f1db2bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
593f668539a5ffe8d0aa2edb389d4ae2

SHA1
e769f3aba8e05419f944f25b41c2c6499118430c

SHA256
b89c3782bac0c56d0a97b39d35bdddc614e2f5e8779e360e79f9275a38b2ef41

SHA512
41776a56d1c59b6ea686930277cf998086c9137c6ca678fb5e9dfde42fdc4f7ea367a376b29b80a6a9c0c03ea62e1f00838522312d07d95908905f0796e85bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
83ada94361e178155be62ef308b951db

SHA1
3375f92fa993c599a56b6411457e367907f8531b

SHA256
b6182a100929c2992c3b8a4ea42cacba2a96417ff3bccd794151e99a1d11ca69

SHA512
2f33b0726d2bc9a5f0b95cb84a5cdd1849dc8bae8a40f245d0e3017d8303e51f144ed0a9ea2e338e77e6c8c39359b883fe53c9546beeff126c9c11e7cb22ac29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9aadc42f46fd0dc9aea19a7998dd265f

SHA1
9d6250cd7f0e77209cf4171e15f9b606810f98e8

SHA256
c03773ec6192e613009ae918f65637e5f5d3d09426448d254af45d43cb0d01cf

SHA512
4b5bd63f044471d921590efd7783153c88406bb6fa382816ba2a04e8897a318091da1fdea3b8c13461dce179efd4c46a5f5c71f6dbc41c343d1362490a8825bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6bc0302dc803312c920d8a50d6f80bae

SHA1
c8221b5af78ced95da261459b4804075cd864df9

SHA256
c2b7fcd740c2ae08349e1d05d3c99563b652bbedc685b2d9e4c2b750305c46ea

SHA512
b0168051a40ae9d7639fb64f52654b0ecc126d59ad6dcec479f1e262e1fd9a790d1fe74c85d297cbd6bdaf2c6582cb0c1d91c50191bd4ea2bb5bf0592c97d483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a2f394905057d22920798327d720b61a

SHA1
245d419f75ba2ef69a39a26824fde7c1fe995b55

SHA256
460138536033880566818fd1c39ac4d43f229e5f64520c59b6e18394420b7de9

SHA512
fe207c81037dbd3fca6cd561b5235196963f51d202592d50e90c61743edc10f884be202b5d38ac7d71b256082c8595367db8b68d09155dd12a6580996781ddb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e03e50ccc680e74624a8509dc3d31b13

SHA1
ce11c3085166c2744ae081c3c5fcb65d38701356

SHA256
e48b767c600ede3e47a842b4cfa1307bb959d0b667b943a714ffe6711ac3da25

SHA512
123def3b49af4c268ae4357921285b622e82637077dcb6573605fac979b7453443a9028be735b2982d048f2896de885e31a35c5d9823362eb6582eab7aa3aedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
7b12ce38e3e755245f3287135aead8d9

SHA1
d158ad516133d930a68ee00c41d631e5414aa571

SHA256
5ed2a3d47165ee759627b38f751ea3ee5e9ae0803c1cd9d9591b2efd8bd896e6

SHA512
fa0d162881939190fde729a746eebe55f00b67f7c95eca81f2277dca19777d175e4eb9de93fb5047ec72cd91f4e9070eb18d9f1a85880664905c1f5f13e97159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
514ab44a4d3b667ee0788833b6c4c2d1

SHA1
16044453c80641011909c6df1e5c2331c781e31f

SHA256
cb4465bb4b6ddc11f6c9c3a55fb015d638c493438ed485c36b2c6f9200f4a8f4

SHA512
00c5978f3e3cc5281175860af019c78a2deab4e6b83ed480c82ad7af2054478733ab1aa3d7a96c9192119fc091c8d7e97ac834ef8096a711c68800a498d7e1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
4bca41d74af60db8f5996ec14501c070

SHA1
d22c23953eb2fd187542f5e74e67af82e8f44fbb

SHA256
0bba0389cc836e9f68613a16469f218a38888f6b3ca918d4a33aa246e8a1c640

SHA512
f22ba9bd31f8ab8204d0da370ae86b84b17dc88271a5bcec919f13397c4d7b28813c68e2fb27d62dc4f6e62d6fdff10713ccf0557a91cae8bcf1ae708354bb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
338B

MD5
96a8497ca1141185708e807cee73132f

SHA1
2ef28e1a9249100b7b29d8dc2054c4898f12afbb

SHA256
d0776244c225352488c6d70b4856590087a178d725b6950c5c393bebbfec891d

SHA512
aad9f01152cc444ea9a5e7d5f62cc8f394fb23b093a91e35e02764bac28b386333728d0b97233c7da452b5c99bdf62fa9e7b1c209cb87393f667095bf5008f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
9906a716516f69a3d6fd208c815ba6f3

SHA1
6c37c60fe16f02eec986c5f5284b738afad6ef95

SHA256
cfa2a643babb361a575c1be732a4f4ee91299fb98e516f59f9ddd450c0f2d50b

SHA512
f47324e5bf8bad7793c5e374bcb1bf2f24bdb8804698bceee9e67ff65953a7e4455d70a61f2e417693d2e1431de6eec400a7f08f266f33ca9bf8eb68e1cc0ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
65418452a9cb3420ed845d33d70dee06

SHA1
f3ac50256a8e7ae86c30ca71b2d620b2082beb3a

SHA256
5ab7d98b5f6345265f778c09ecd62962e25696f1182c4f8e08a5dbe4d68a703c

SHA512
cf1419b71d3bb8ac13dfa0602c425ddebe84183b770921f5393965ca1bd2e389be0df129638b29f7a1668bf396b04ca820345e54b98dda45c7477edb77814a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7a698439b248022e68a903a956d883e3

SHA1
aee7818cac376fb3960374ef4a65c5186d3a70c5

SHA256
09416aa76d4c7499d2749a92fb34d95115b7029382a5ac53a2c59d87ddcfd831

SHA512
7625859223a5db04b316a675bf06c987fbe4126b8755f7fee66e63b150b33797703130f1f8ddf088160351e1a6250e20a8dc822f635c830e4c34d4f6da41729b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4e53b8a093aff6b684d9974c756533b2

SHA1
af61c8ce41938f357e57f9c8d3471c80d3679691

SHA256
51d7736a84256dcf891d0ead3f8265303776c52e028d6d44c4c8e2ce581dc368

SHA512
f554aa3d1ae7093610bd94b8aad92684ab118ac1ea06fc0953d7609a1383ca335c40a872082eca0b0df8022f37e2d165f70ec5a6fac04b43ac963aacd9190b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0a1557c001659ba34558622920b0bba4

SHA1
4a50e29c140cc4e6c33c8e15b471e1fc79241195

SHA256
a6277cebd1f912b76f048ac96517905093b114da1d974ebd4905f0cc85481ed4

SHA512
acb7ead1fd580f10345c9922a68bdaf1b12536d287a8ea8f8bd95efc9fe35fcd0e3d98d5acb0688f3300c5e08308391fd4dd957dcdd4252ff69eafa6a3085fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
256a8eb6ed9ad71ae91a306e43e802a9

SHA1
a3f724934861970274bf2d24e167c3eaee698cd8

SHA256
de079cf2e3528f67aa955be54823ae2e84197fd6f1e395efd13569f40d07fe55

SHA512
e2c509d178c7fead6e162ed6114b6c1f62b7ab352db7bc6806affa94ffbef767b0afc306cc58f05223f7d52b771af505692750e1f382f85522ae50e787fbba68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd58d8eeb505d7929d801702e661bf8c

SHA1
ccd9796343083f32d0544c94c36264edd81dd7b7

SHA256
13525fea295c11d3b900959295e00f830f5c6da813efe6140cab1664e19827aa

SHA512
7632da0a20d74882f8915e49a94893c99434ee343753798b2bf839d8c8e72402cc10dfd76b9f4ed71076918ef8efcaafe805329287c75f4a25ad127b8e04d33e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
86d4135b742707b41e45d8bf98eedfc9

SHA1
17f7d8b682ec3a9314a83d509a8e5ef492e95da1

SHA256
448352c9fff99c2d7a723047d26e7a5a3c067b424ec90f925926b4a1f7ad7158

SHA512
830dbc74316777253e38e2455baafbccc20c15d413155e362a95e0cd38025ff9f9f5056798c63e88fbad9f82d6a206ed993138ec8caca212363a7215eb4cd3b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
766def3445ec835a8370eeeb6bac7a1a

SHA1
4c655cb3ae0ffe0dc64f4d6db4577c9cad624a8a

SHA256
66b829e8d09dd38c877274b55bf1f759284e4f6fefde11f416b5f652a3e02670

SHA512
71404098ea6020ce44a2b85c20a718e59eb5ee29599af9a7d1cd192471134d9ba7c310cb009cbed7e3df875848afb143c4862108c6a498134451bc9f631abb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ac567f212f14b48be52247261b2e9bf

SHA1
8f2a51ea34516d8b675a54accf5ac7dd4a9cb412

SHA256
40930504948f49a33622ef12cbbb27306b6fdc3c9ba56ed77b8f45946f51bfc1

SHA512
bf2363e81c24da8216200813622bf7d8c9921591a2a42a3552ef02f3d1cc389e9f9c6b037dc255e1dca54cab4187cc30a19e1873b953015f19134a16f2cb409a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
07546daf31903ab43b0b71575195e366

SHA1
ca1e105ffe19a00b9a6dfe61e3d7adebba0443d5

SHA256
29f03d9bd1c08a05fef578d7d9b46672f7afefeb5eaea36148b8762bc38fba7b

SHA512
cb342068655b6ef35ec2cadb26e5d96df5332130636a90e9bcd531f5c36dfe4a9f7d79be4348d76d54028f8b6b2b37f78d88c56070a39c404a904c4b17192f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
dbc3aaa3e3f649f1c9bf44ee3d265745

SHA1
a2560ff672a6e88f7465f3f62e58a7f568b54b0e

SHA256
f3c8ddfb722e7cddd3a89dad249f90ca8e93888bd26bb967639b9b3df5390cd4

SHA512
67f006dc503a928d40864bbf86e431e9419366541eb8891632a96d83e04c8274a5a5feade734846233f1a813edbf1f987c9e8d310d84b9607257301e06f982c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
3c2cae53e6b2422f9e427510859ed018

SHA1
47a0083df7974c89b07aa32b4604bd582758d6ec

SHA256
782877d0b53564b6991557174eeaad603ddd7c22c1c3b59b366797fe694461c9

SHA512
3a68e67e9411b80d924d05feb8cfba36605d1f124eea1724c1829b1df4a3a63a5f08d59a5afcaa3bf81f35eb97d0fa1898b6c4335960faee397942d8e667e5cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13353121734247238

Filesize
6KB

MD5
bbd0e71a9696b9eaa5e7b44cddc9e10c

SHA1
e1259ea066e5f1598b53a5f86432642fa332971f

SHA256
0a58d9966fcc11150cd177174684e00f29b93bf350d22eb586b37d00d9ddf9aa

SHA512
29a86a62286ea7d336c8e8820a72680676d49f233ee6038901dc90d25830a0af3a44efc5d51b68e104d93261baa66b58e835e21dce7260d656116e95c66133c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
cd0b25244d63a4660556cecfa8cb5935

SHA1
bb83ca58041206dc3e58b6a5858aaae18514434e

SHA256
f26cf8679a285bbbe0c9b250ebaa43ea0d8629981cc3fe3a96be26ccdb459374

SHA512
a9dd25843ff5e36f5a011335702e54c6218e6e28069d1bb57fb56fef34558eec6cc74601122a9be86f320704e2a91e0af96a53816da09a252ac17cb1b7ad6814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
ff714c8cdca8fe78df213602539ec3b3

SHA1
7ae00419261eda1e91f75342fdf1d4b8d6c442be

SHA256
470ee10cf3fb554851633f8d850e3543c5dde34e9f150c9a3b3461c4f91b5269

SHA512
48c324456692e0887e12259928df990493ee1601fd95a2ac245d4cc0fa08d33a2d879318c311da1ec39e905768c3a5a720a45dd5aec215012d2d4578ade89e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
f5290938df5ff2dcaba2aecc9bbb5a43

SHA1
0b097047c8e49f306fa55b69e7aa23f72f614898

SHA256
c7fb899577e41849895aa9ad06aaf0ce727862c7653c9aec5a2c76549006f6f5

SHA512
c75ceee6b58a438b09a6b25cc871d56ec11e59f71c671713d973414e5f1a0f133ca8d6b411e1cbe856d93fb565ebd1a31fb9f0a373144e69da93a9f6940e511d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
4b5761b603c53160e211568ff1c5676e

SHA1
74eccea950874552ea4f27dfd47a34aea56f1e7c

SHA256
6cfc003a2ab4a041263410496babeefb32a1e9bf38d53d231178240abfda42b4

SHA512
fa04c8c8e6fc603a9bf34a8c363cd001f33f0c16c2ef5c8c401669039f4c2d5ec621a698925c01fc147d881918569e128a1db047d2bc4d12fa0e57f4a5fc74c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
ed60480abe462c8ba8c2ed32ef3c3a43

SHA1
06338d593b4152dae6ce5a26c6bc13aba7f99e75

SHA256
6af9cdc1f4a866446d1cbed0d544308273b4d13dbdde9d2aee0f602ad79e969e

SHA512
3fc6f0569802ba13e53cfe84b1b27238153caa4dd456ad68afe0ae31fd66d457ac065c950ec7a29c0ccc6e41955c28c5760b0dea62375051b1158e64ed9c41df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
cd946acad421a1b2c9d6d06c5486a7bd

SHA1
75ed41cfa604ab3a51ad14eb0e39fca62e250023

SHA256
496fc0e79404623262b5deb64922452812e2e82424dfa356ae7dbf2a74cf2150

SHA512
982563fd8d1ca4a284a669056bdc7722a2a6d041eb186cb0ac7929fef2e79df7e7cff3ecf0e6593cc9ba741bcf2c89ce3aba8e9fcc74cce1cfc7fbdff0f9fbc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
d2f313beb06af2a878e2e20e87d5e809

SHA1
d8631fa73dc4c03265b647c726c28ea556e28536

SHA256
d0cc9294f5dfa5124fc49250c93fc36f853c6ea1bc61744ff31a29fe9ad2d9b7

SHA512
b5db0d21ae157c36ed5d8844984d873e89e91986c18f325c076ba24f24f4b803227bcbeb35a08a88af480fb888445a6c9c216427933244ad7518280e57e38ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
093587b231946b443c9af9c440ec4c3f

SHA1
44cfd12fd7733b2fd3c33a892cb7f9351448c085

SHA256
9063fae2650cc6ab84bd7f70b5b7dbc71d383eb9b00f7e488d80bf041d393b38

SHA512
513eb913f8a2cacb9c6fd4e20b805656dc927270447c5774034e34f298977d66c3288e4a20b3a28bf829f5910e2f5c2bc59ff62a1fcbea1f70acf6415d1a2ee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
11379a47a48ee6f33ee8880811fd8d8c

SHA1
0f5070b74aaa845744a23c37330684e6f99b0ef8

SHA256
cbb3c60584f1073363cab327fea6ae5d00bf80c52baecef603bed612e081020c

SHA512
7514d146c1f47febac9b6f286f3bb7a3e52b139ebd3f1f25666762bd70de5d42a47bc5b269b5d226503b975777c5b5d9b53146078b45b56e55106ab0b0e67bad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
6da82eb7b3934e0779b22f6b97ae6875

SHA1
9efb4d1098cf276daa42b49511f15e87bb065b9b

SHA256
644f5d1f79b317763730c3d2f1869355ee6706400b6c12b9d11cab526e773168

SHA512
9efc9a5055e4265e7bc15e8114780b807a9d89fe3f2618064b48c38a4aecd0e403ca787c181fc926ff7d7d6f6773f4f07df664072448f7d1b8fac4fd26ab4399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
c1c9a550534539ae657fcfe694309c06

SHA1
9d586d7efa020488ddb4abdd7137bbebbdb70499

SHA256
d4627317810c3f72cc471f4ec398d9df7617c38e3a8ba3814a524ff5e7438bfe

SHA512
202fabf8611a20c65fce48221fc6a7016a7877b2c8da9dde68e18dd8b602dd57aee0407b7f320ccecf6fb9db6f07f7d9d1abe919c64a409595080f7ce4b826ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fd2b84f17bb54ac85192de0988da8580

SHA1
04bb412c19e9329766903e17d00e9523df33e4f0

SHA256
94995fa6266bb9d54999e0e750039b02896b35f9e3f62d48b42d855581b78f68

SHA512
dc8edcebecbd5641a7a3637e7137548dfb9f660b0817d65f5dbf29302b00d814ffac090927672692ff2610fb656cde8b1774a4de8b0649996d1ec08d519f7412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
c1422148c290e74aea1782f4fee89349

SHA1
069e03ef1b7cdc6ad332dfa4bf164f5c69e5a4a7

SHA256
9a8f39b81491bfbb95d5537096c32537f73faeb078522598fd5b6015a2e1c925

SHA512
d66b882a80a3b97646d6bc377304f18e618967e630caf73c8e12ba800d3fb768f982d6e7eff80c26da046db9f397c476d814f4f83e9a19998cee13209d93e5db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002

Filesize
16KB

MD5
9c0c44e2ee080645d5bf3dea5da18ef6

SHA1
2cd3a5461a6af78a325ba54b09e29123eb620e82

SHA256
ab88e0da1ae884f124207141f6eea40e1e7d8af64c4d2cbd4a032849954ef21f

SHA512
764d604906d0b30a273ac6972d19079189b448e5b962c023770afe7620b905822eebd701e79d36976482c730d8c7005dcd32841cfbacbd841e24e940b4edee11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5cf7cf854d41cd88793111c300263ab6

SHA1
d80ac540cef3288e497c47157b13fffcb32fdc55

SHA256
927c8bb3fdef436fc59490d9195009a7fae2209783c12275112538ad7263ce46

SHA512
6a9963f35fec71cd85f80ad5af653c57d5e9c10bd8de2b9382074b24622481e99e5021c145710ce0cf06b9ed8613f76c5cf283d8732f052f9d036f1e1b001dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
7d0487dd40b183ce1612a6afeb285356

SHA1
e1eed7cea1667b69ba97e4410ec1131d05ad7eae

SHA256
85405cee1586e3d2a1c70eb6c1daa8a036d9fe88050273bc6cfb233688e09119

SHA512
315db8b4dc1ed0368fad545d910a1cc77d70c84aa81e0252a65c36340e4f64014c89a5bf654f1aa7ecbac6e57b1ee875c1e5dd0d0fa8981065e203d11d2f093d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
4412d994a9f3ae976b2f5d7941e73b60

SHA1
c1bdf5197dcbd9ca45859f236399a14f3132cca5

SHA256
47e4db22c85f8bedcd193b1f9a7e3e159774140d6e01a48eeaa65e0bf8781967

SHA512
3878a438d4b4e20306c7ff642be087e2598e35223fd4f677ad312cbca07af03ef791ca128dcc3bc9d5dec36895ee43e8e3cf154e00beab73de765f8111673452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
6aac9035f49d7f3a813440659d7c5112

SHA1
8199f833c1ead6d71fde3ec51fef3b387d1e0216

SHA256
75afcf29a32452303e17f1f506a7c6a58d52dc55c42119500f0290006a2b1fc1

SHA512
6e8835ba5cf0f7261b8d2868f8cf78067f032aa847020adabe9b02bb80374f676526c15f12166eed6e5bd2f22861bc6481f4a761ee56b23a65cf603441337a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c1e33bdc4260dbde8a98409cfe2ad120

SHA1
9d54f2fb31a14310f0445dc7f42b9ea463ba7855

SHA256
b36ccd6e1b4e872368ecac8b111c92b44f159667c12644fdb57db357e02261e5

SHA512
2a008654303c6dc85cee28962f5396bb7bb09954d305f4fea4fdbe7e31d446e9d89ad670beac841e32cc391bcec104303c0384626d4732619d90df1e2fb9c5cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\cache2\entries\166F2232D21D568AF4700252B7B75E876BF9C981

Filesize
57KB

MD5
6298353bda76411330a1f7551df1adfe

SHA1
aac2c9b4e58da7c53b2c18ea1dca1119c9817ffb

SHA256
491b7d60fabab38d5e41000928fe916c51b515107e6ce3bc8eef5f6199d2e530

SHA512
cbe992a341cb9584259ecb3cdfb8392310cdeac0dacf95f69df91f39454b1f2c783b268c023ed6352abdef09dc88e80b7cb2b4a4761ce0e0247222d11a4a6605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
869ef15fc42cba7be6fcb5cd21a2b2a1

SHA1
9db87f3afa7f31106301df0c6fdb1a105a755772

SHA256
1a2100c16ff39b16c02b50dcae1f0d2ab542d83fa7ddfa33591f618fbb236ec6

SHA512
ab9e5c7e2ec7c8da204b24f1e7518f82d3203272fd854b391a894a01b26491e7ae53782ae5fdf5bc1ef3f442b741b8e3b7e0ebe4c415b284948bc833f7247089

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\datareporting\glean\pending_pings\c7db9d08-06e2-4974-b0e1-8235ee088689

Filesize
734B

MD5
224f03bd4db8a8283805a796a022ffba

SHA1
b5951d6c38813058897725b7786d73a5331d6187

SHA256
d2a6a318d50b904fc277004b567a54915596b1285d6c7da131a59ff845fdfc3c

SHA512
41eefef8c97b1df437533354db0efcfc694f53c2611a9c144e13e7fec89ecfd0a8b700d1bc99a05d0d9d837c97e709ec2e7b9ef525340289558eca392e2f28b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\prefs-1.js

Filesize
6KB

MD5
a7bdec6a04a3784753effff250f40d75

SHA1
4ac751ef78daf728c727e1e784c2289de5ce661b

SHA256
f4d62832db6a9600964a7c81e025c3cbbcef9a9dfa8741dfdaa3117d8ebc46af

SHA512
2efc1b603b1dc07dd4d6206118862f0228940e9f5a285fd784cc38a96de97c1e872719c3e137020213063991616799948c120522f949d3236c92264f46d00d06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\prefs-1.js

Filesize
6KB

MD5
15b870a9bb787dac85c7fa6f0eef91a4

SHA1
6c32a3a3eac48543bf8731f7fecddffe16d7ad58

SHA256
f621be454a48c4dcad7d55ae61e76a2919e900d3a7ea5162cc0317b975f47478

SHA512
dd39afb424820afb8d328e59e9d3ec63e3df2c99c852d62854497d3bdac3dd312ec543ab0b6ef5876eb02d9e287d337352c258ba0cd40a70bee38ae03bac2a5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
473be3b1d2b6f48d85f2c777b0c3ce06

SHA1
85ece138ce46293786e2e95853f91861282a0046

SHA256
e83f208960096e57da16866ddb5a9b48537e8a75764f8bb749a2e4dc9dcb69d3

SHA512
9e4608be6a2d87484acaa5513a2b274082271a6b7712aed69f8874cdba2f09623b88f4705cd1312c6700aa2c8ff612e8e18624892d5fdbe1c2ada0190ca077c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4ba7359004f9b251a91f99d75fc76f5b

SHA1
fb6e3708a4f9c67086e61fd9a03da8fab40d2009

SHA256
417a00543079f20413dd67d3b17400906fef68d1d9f44ae0c8c9859f4b6e3f7d

SHA512
a6de3ca560ae7bafe3474b4b3d1a7cd883ed9733a8c33f3de5a8e10ba6f463c8ec49344069ba5ea5d0c140d29b66e7c8c05e7cb813b91eb8a4b617288aa8ee34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
bc0a52c65f9e71b7c45153cb8c98f434

SHA1
82c1e145b2bf7bab341196359d69b62252e1fde5

SHA256
6ebf09317096c066f72915c9b7abffe88b0463a2cd3cb5c48181d77716ed42c9

SHA512
41e74c293c7b700ee06531e8e00c79e72422c0a6e87c334e807ed61cf879916aedafab04bf35832e988106f1f8981c725387ea2d1e45b8f269beb64d0d55f5fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f085b721dc93927e12060b1dc705b898

SHA1
f50503d15bc72be721369d7355e27710de99f71c

SHA256
bfb3f55cbb3d8e59621352853b298b99f8bd7a4a5a2d9f100b04d46ff6fee212

SHA512
0be53eb306d54496f7757102e42232575a66f13499be20f554677d9fa40eeab8e8d51c6a5de7cfe17f4382319508f02641da71e735bab990aaa77f756d5f1487

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wsv9rfx0.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
f87ffe306e7b62d37f7cfb37fa25afec

SHA1
699251a574caf68b8c015c7e0e70cbef89b665f7

SHA256
e5120fabdb4d8cdc06e9d56c9f51d7a4be58fa1e045d1d8cc7bc5affa2c4469e

SHA512
2856454003b74463464fab1b65ff6fb2f296dbbad8a05dce39f917069f6b0ca05421cefd00cfce82630f57d3b2e0a51f07ac66fd2acdeb6afc1ba90856e17aa8

Download Submit