060f3f02a4b6acb763c8811cd8edf1216ee63e64a3e6fd233fc7a914a93a0424

Analysis

max time kernel
299s
max time network
302s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
10/07/2024, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

лысому.txt
Size

68B
MD5

73d740966f50dbacc22f6c9cb5b0c7af
SHA1

ade86ed3952482ab238d52a962129054ea04cb03
SHA256

060f3f02a4b6acb763c8811cd8edf1216ee63e64a3e6fd233fc7a914a93a0424
SHA512

97e3d6a27970c0aac4e7023f2aedfe332d12c72dd4c04c1cda40a82e60a8c0e14827bddcfad0fe9d001fe7ceae5eec8e1b755ee1c21aa03d71368171715729b2

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651071318756672"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4412	firefox.exe
Token: SeDebugPrivilege	4412	firefox.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
4412	firefox.exe
4412	firefox.exe
4412	firefox.exe
4412	firefox.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4412	firefox.exe
4412	firefox.exe
4412	firefox.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4412	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 2100 wrote to memory of 4412	2100	firefox.exe	75
PID 4412 wrote to memory of 4264	4412	firefox.exe	76
PID 4412 wrote to memory of 4264	4412	firefox.exe	76
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4588	4412	firefox.exe	77
PID 4412 wrote to memory of 4620	4412	firefox.exe	78
PID 4412 wrote to memory of 4620	4412	firefox.exe	78
PID 4412 wrote to memory of 4620	4412	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\лысому.txt
1⤵
PID:2312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.0.1195670197\761517852" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {059b97d5-3857-4bc3-9d91-23740daa4c3e} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 1812 265110d7d58 gpu
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.1.641371574\1088992178" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bf71277-7d18-471f-ab05-18cc63fc88bd} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 2164 26511003558 socket
    3⤵
    - Checks processor information in registry
    PID:4588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.2.380267947\749251058" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 2656 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9ada5c1-c57e-424e-8781-67d7f11c2976} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 2648 265152b4858 tab
    3⤵
    PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.3.2080665517\192559724" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {491a956e-9a17-44dd-9f9b-f4a0e5b3f38c} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 3496 26516115e58 tab
    3⤵
    PID:4172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.4.197901772\851567986" -childID 3 -isForBrowser -prefsHandle 4132 -prefMapHandle 4144 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b37bd95-1293-4de9-8ce6-896e6dad9d62} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 3640 2651662e258 tab
    3⤵
    PID:2556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.5.1389727548\234588448" -childID 4 -isForBrowser -prefsHandle 4844 -prefMapHandle 4856 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {230a2898-a207-4583-9f71-69781f6f4d95} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 4872 2651662fa58 tab
    3⤵
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.6.1279213573\664888240" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5024 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14bc9e6b-2025-46a2-bc86-e3b38b74aab9} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 4896 2657835b258 tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.7.1307608834\2081187622" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {942f564e-718a-41bf-bc62-6b4246ba379c} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 5200 26518487958 tab
    3⤵
    PID:3444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4412.8.1528924150\635369718" -childID 7 -isForBrowser -prefsHandle 5576 -prefMapHandle 5568 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80544367-78f6-4a01-b06a-52a5c8b29025} 4412 "\\.\pipe\gecko-crash-server-pipe.4412" 5608 2651901aa58 tab
    3⤵
    PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa70599758,0x7ffa70599768,0x7ffa70599778
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:2
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:8
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5180 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5340 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3940 --field-trial-handle=1864,i,14583657082549535426,9128068130145736794,131072 /prefetch:2
  2⤵
  PID:5016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
36KB

MD5
200cd59ecd27d6747d525cf933aae56c

SHA1
8f955527e5a43b96861b9d5d450de693e92e8b40

SHA256
da0f26a52f95585a84691188652b1529705fd7996913d07035e28313ae9d715c

SHA512
b7f7022c9de36743b7fe0d855d52def6b152860cc442f50ffca7f7142749c88661710456c26783219e08fc65711dee66775d792cdd929ee6fe6a048e1630c8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
11fc07fe51c7124e5f93c9a3b8fd61a3

SHA1
d81a2db422e5c3543a3658119dfccb992bc0124e

SHA256
0390a803b33952a229ce9ad9bf9e203ae28072ac0c34ba01bb9dac310b5e8ab7

SHA512
aba6d7d0eeebcd769eac7cd8a9fa790c534b3e7e649f14278f048a8a22e1bd9acc056c589a2e5e8bf5003085ac002db89c7b0414cc3de9fc37fea7bb9c238504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8021b911f6cade746bf8a48fa59778b8

SHA1
4ec72b47623dbf13e3073043ac4271d79e377ceb

SHA256
77bcab52fd6a39925416f27df1d0af26382edc254ffb93b04f59f1433e7903c0

SHA512
753684e632ee24f764b1d163b9f1cb974aedc9b6d1d3fc15d3f7ca776d392cdc6fb49ca56d0a815a32e3e0dd4fd103f32120da46247dd5b4617c46d92f3062d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fad6d62ab57b561311de6993ad55bbcb

SHA1
3e403ab05a92d1bb7bc6bd8c5d7846fe1ecdfc01

SHA256
32ef6c615973b542b21b4dce91204dba15eee9e8225c7d36860ef7f6bbd41239

SHA512
3bc9a8a4404dca9e997060e25c1a0da07216603a12e0d2d2fae362b509bd3701de64d3765a923f20a2220c7aca30f589077c882b3a803cf2f1b5be0af1bb6590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
f071f8c80baea36eeb409cac5b7d8334

SHA1
3933c94c7668456a7011a04df5dbe96f3d68a1a9

SHA256
33e14632e4267d2346812482a164eb13350a95f7ae47cbaec5b9b30291c5aa7e

SHA512
2e0b88811d4b23c27e13a0595ac93462aed651cfc3fef924a7e69734782a91bdfc42a9c9cb3b04ef973730c28bca24870bacf46ad9339c1499c4cc84f6bb2399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b0d0fcd89d74692808d607be3718e70b

SHA1
ff35bfb5932a515432ef6bd055994e42bb5c8d32

SHA256
92c272090a29998f75ea162db2dfbb9a399891d536512902aab8c184cce555a2

SHA512
ce20a42f760256bd54ce574a51bdfc754cbdd298602d38881aab7ccc3dd0816a73c05d23c15091ffcb14d77c9063f49a40cd2c2859729897f85c5301e778a388

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
fbb64fb349f77e73247886c60f82cb64

SHA1
c085cf565282c32491518579b6b4d2a4e632186b

SHA256
30ad9d027f6e7fb1ea97a845a4ffe107f23efe1c710d0aef044adc92f582c5aa

SHA512
2c1fa75823d02ece2c55b13147aba92c9d036e7d1cd3a77383c249c2a064f9d3ff72201364f27dfe2fdad5fd3a8953871419519652324759c64fd1786e5d675b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dd11a45d123d39778a258061cb82f6eb

SHA1
342da87dd38c29479b9ef2901f2a3bc7834f23d0

SHA256
fae413f96ba5a51738ea2b67e95b59570eca984f536aad622ce23927f3903201

SHA512
a4276239996d04be092ca24cb5a958e6268d32b27c702fd14d581aebf776336ea7cadd5e8e591d5cf5c9aa56007dacfb0329b893d8b9f27bb20117c62765d27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
f65ca9343746d5b745554db117bf2b2a

SHA1
659e8bd908664b34196e7f1bb6c180223174e575

SHA256
46388de2bfcc25ea8eb31b69768dce3b5445c9ebf8359f0e13ab07f7df5c52a7

SHA512
c8dca15748755661350f7e027232813b5e56310c292ff65834a57db03bb8f74fd2bdaedb861641d31218bc5584ff1598f507ec50e932cf7a698dc4651a0bd526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
85f6c784ceb59627850170136187e2d7

SHA1
fbc33c54574006db9349658ac0a1af18eb9100ef

SHA256
9fb6bf71ed993a26314db8b9599979ceccbc328e10dad386c0b4d29a62bbbad3

SHA512
daa0b1eaa10ab09c8d272897670b18448638f4d2e5adb29bfd16d0625988d761c0425a911dc1ffcf3068f4881877b32033b37b7ef90c901e1d44e9dbc96095f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
dd45133ee0f6684f5dcf2e42abecb0a4

SHA1
1ae1baf39009e875e91f994f5c16cc82ba38dda4

SHA256
6522987028e61c95550fe48f11be620566d03e67bd4353e468794d5bdd3b8f53

SHA512
faf046534156573fce864684b97b0bd3f84417f227b90fe44906842506fa7854d4cf4a26f6d06104238ce90080770a4cd26962e9c12d01776fb81509a175b3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
3dd0ce61bdaf55dac1befed1de63d7ea

SHA1
85d45a74f4cb7f32d311129e0211366a252f854c

SHA256
3bb25b3136e016117ce1443af4954651a8fab51f27ebe1b40662dab7cb4af7a9

SHA512
5f056ccf57ff1ae691e79ac8ce57dad89305200846ade58a0e1ff7a2ec85a413158a9b959fab13a3b1282c0053585a1759002fb70a9045b996f3ae2658b0e9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
b20a39d9ae26ee50379280e351d7c8f0

SHA1
ab264a91903bbc575b5517129956a8d5aa1d4729

SHA256
04167e8b308e4daf495d5ccee15406191e6c0e83a95f0f3d4b187d5cb497fdb3

SHA512
379065fd420cae99c21bde7ab81c98296564db139fa44cc4ec0acb8b1611a1adc8b0bd1afc694947943dcacbeb43bafc3fbc2ec12a2ce1e9a7cf7c85caf3549c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
6c24a40f4fe0763eef70942a3cb3aa10

SHA1
70b2233a44240c7f0da51ced4f687ee32c990458

SHA256
4721cf5fc024dc25197817ef939c4d56fb95ec81ee14091c50fe08b93dbaea5c

SHA512
3a331004cf72b2712130b86d84ee47e5ea57e0dc30ab491ab5837477d19306e04c59705c36e4abc11a8434b10fca5d5a1225d5d61974aa6a61b6bb301196891f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
1be065aacdfd7312b240b3651de33cc3

SHA1
adb224190ee7c18d533c9bb437e1d54aaa7e42d6

SHA256
9050b781fc437910ca55e7fe13fd6a7d16f7af660cb85f7e509bdedf11e22ea5

SHA512
f9244e68439a0f0b5ccaf16bdd85ffdc0749a25a6f075bf2007f6b090ba23eb05745751fb598d0cc1ef405e1812120ae7f17c2ed0d3b51acae79c945d93551b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
d9f4a60fdbe1da81f2cc164ec2adebea

SHA1
abb6c622c709ae32baa7e1724a563cd55fe635cf

SHA256
cdd147e066727ede520188aa2c945b7ce19a6edffb93acd035b64aadc993a90a

SHA512
34b19c206d23a7bf118f45624b1fbc2e7302248be66c83227dbdc7940bcb9f60bda6549eb7b0a8ba3ecae685cb8e2bcf631a726126a088816b77eec9152b28b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\aab33269-0728-4f9f-9906-0b4d78827974.tmp

Filesize
2KB

MD5
d39f7d988ad3af56cefb3067aa8a48ce

SHA1
3480e18092c04cd7a397bf6692423d58f613891d

SHA256
11c1f6e89a88a8888f3f33ccdb1f73ef72bface1b46fd377a981ad746d6d2415

SHA512
77b64ed43cdd3f383db1c74c43100054fb0d923078f60b6cae5ed6938d6cfae6e5f6379e8b0d3916971da7c92ae590f7a2dabf58f7d656a3425475856b636e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5200aab001ebd7396bc441206d5b5042

SHA1
ceaa9d36940d9fc88a5390e31960e18a1a20c39d

SHA256
4fbeec16b64bf67409b716dd6e18309ad52a4ce1d4aadec505405d4a4fbc6989

SHA512
9dcb148e45d9c7c3b8e2484cd9742c3f51c68d27fa406f1632f2c0da6f64a7c24704f515fd0a6949baabf44307e0a526694f1b2b25d899b74ddb25859b2fc2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df7cad9df8e1d9501293d462028cf7c2

SHA1
9f11b80b94483cd2792d7c9257ac2274a759aade

SHA256
9df18e2b5c8fa0a718e416214e8050300190dc8f5a3684c2c2f30c0431d1679d

SHA512
f5b88040db06b222ae988540c5bc3a3b8de10a3e74268e6559ee0b9209bc8648073cf53df10c61128a87fdaa0f5b2a17134dd5d7e409c464ebaa99e58e585e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c297af9f61822f2c3e90338c66affdd

SHA1
abca65355ffde392f05f5ecef8aa5fa2df8533ec

SHA256
d1af562f45b520b9d7a1ae69c1826c3ad18ed9a55154538bacf718fe9bca0c23

SHA512
4bd176c5c824423b34eff193c3ab50e3454e229a9b4213bb6639c9523c853ded5e0c32216fbe56372396fcf2db000b7e582edd41ecd4d3c4d62b5d170843edea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5a6d34c1025109e86d8e0387a707ca8

SHA1
fc54bccc12b1c98b03867c9fa6dd5c42f39cacc8

SHA256
c5ce3e734ba588c6b22cd5022d88ce6206a19b290465713782da62fed012bd77

SHA512
2dd1f743db6bd0e78846f8fc63a34fad39fc074a61653be8b35912e56d412d46338f9d07396a0e3858c435e34c5eeeb2f629ad1d2efe36b3bbfca36855ca5b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a9fe3d967f8654226683df50e4ef2ae2

SHA1
5790191f932da64b104bcbd5b9743a9d35bd91fc

SHA256
cb5ac998952ecc6ecc8bb73f6b72440d539e7065d11877120e64a372fcc879e7

SHA512
c23c8fbdcbbd9fe0e75bd68a39975a68acd59f1c3bddc90deb6d0809ea33de0de177f36eb2b1dba7d2db71cc7092a020123cef3bdd7bc1212e38bbb20661d1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
c371a766ede1884253f722a0f9d38eec

SHA1
83ed8846438bf7935ad7c65c85edcc80ba66cd4b

SHA256
a38889ebb80fe9b1804d70c91b7f175108bfd781c46d0fd1c1910376a6555881

SHA512
4cfd5f58e529dfc184de0382c9033c6989c875c6d365f03e7ce7d952cd65a2073088fc5953ea65dd9d3b2373eda49278f422bae1068a8a114eb521adfef5ff55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
286KB

MD5
5bbc4a83dd54ae3e65231f4e803bdc60

SHA1
522fdd196c9dbf23376c1f57574ef32c30234ade

SHA256
698d9818e53ff172f361cb08c2d3a71e7437c95a3f9b7fd9675a3942ccb63f3d

SHA512
419dd9a5cc8c7658bfd19a27fb7abb9f3ba161335ebd00b9472568d0f039da487aca75f5ec6287e4343efb785ab1c5bb3671b6cdeed11916c5ee0474af4db18c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
2ed117b0220e67096214de0cc7a58ca7

SHA1
f1902e6284dc702529b3451b4b83958b90b459e4

SHA256
f83b9a23e29b550d5db01aebc6e0f3693d5a2d05131d499098ee1c4e7bdce62b

SHA512
b929f7608cf0c8340f97416b2e53b26ca8a1dc961f39f7947a5ccdf7f3643e52e5b2a34b555e2637d297cba73c10ffa72a293faf9c0ab4feda9847677fc15096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c85c.TMP

Filesize
92KB

MD5
b3b541f93288d2e04641c85b378b60eb

SHA1
28173ffcb2d9e4430aca5996ecde52f5a770826f

SHA256
cae79810bf966e293ca55eeb7c09b7e4b2923d002692ee7d8630766e4e1a4adf

SHA512
ce97334672e197cc6c431b2db3f44143fa2c38f85d4d8cabf563121945396c374ce72c7a1444b0c8dbedee19a0621c63258b63bccedf5d7db2c551c44c623885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e5704821b1dafe0a358e158dc35a5b3b

SHA1
d91edb32c8c0727781df8a431a427907c852333d

SHA256
1bfbda55063cb20e6d514debfdc07eb652d85e908a50b9601887317069efe1ce

SHA512
1b088a9001abcac3a6adb0e92f99fd9c713ae0409701d77b1ebdbba1b5da48f322da0ffd46babee3befc8a3f9deaa2132000c5517e8c15eeccafb15ee7b94304

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\866cc317-94cb-4f55-adf7-c04ca287a07d

Filesize
746B

MD5
fedb8829d064d80945cfd4e5cb47d3e5

SHA1
98eb7f4f033f840bc4c57a396e1dca1f5d2a49a1

SHA256
2ef74f4fd5dc0654bdcbe911354d008a07ff667c754e9393638e429718d1292e

SHA512
4eaa3d16a52f6573493f65da808353c9a362ec529860bf13d3a4cc07dcc40c98ea140752549e7d4d763d634a0281a94c0b3c4bec96df5fc6574f1729f0386a6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\96d44a17-72bb-4540-bfa5-6acad8a67356

Filesize
9KB

MD5
c4bf65a5b4b1eb260ad800f7cd28ad9e

SHA1
955b3b6fcc0e9092f2cfc6aa37163d0a89da180e

SHA256
c723034afda734afe38e04dfa8635962e27ab6dd6142d23c852d9b585cfb8268

SHA512
9666f4a697a45c30b783828ecbe51934edb914b8b7a986f383ccb9981a446e1137f5f7678dabd936e2179a367f3e36edff2e03e8d69686c6dbe558a44d2931f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
d628b2125653283ace27450f687ac349

SHA1
da7a3dd747394349fb60e6b634d58dd9ead115d3

SHA256
39d1010e48c2ec42798b2f10e1750a6d474091acdb11ebc414163ff861450d33

SHA512
bfe24fa42296a5ed5a2c37dd77732de0a0ccd8a3aecab51d1d57a8c65cb19eeb883cea69c8a6c07beedd3247407fa1ab9b14858e6cbdfe802643004345bfc186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
1a5733e93753d3c37c282b57c375e5e3

SHA1
03ecd2f5a50ae5e1c74cfbf85b7c171e863d7629

SHA256
84abf4104ea296b00e25d2feb1173cf5c3844e25938c2a0f372a3ff2702b34b1

SHA512
c13481a03a60fbf7e8f7a57dd2610201aae01aa5a210078b4e2d85492f9248d819f5ee89ae39a01782ab6481b85d42d27ae31f2bf8a05e0d9b873615a6f2f48c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
982f5e617b83793c3b414355b9ba184a

SHA1
a479db5378db887ded8421d7b45ee46a95f4f843

SHA256
56886e7fb2f7efd7f6d0d02646ece04eb50c2eaf4ca690e9a186293a84da9417

SHA512
9fd3547571104c028b1ccdf96d7e8a589a64cecec5872cfa30baf2860b6b3d1fcec023fd23756a67a082380b5d531f8fc23919c1ed27523cfd58a4464c39bc96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4604cecc63e64f7a284bd19722d300e9

SHA1
5305ec18a8c884ac01e78a5acbfd62fb3861f31f

SHA256
449d1348fd162f1c5e49bcd6f71cc13a8907efda8f84c9c07eccb3564446414f

SHA512
ee5c60dc0f674ea702167f10d2ca628939e1d31ebbe5be253ee22fe46703bea9262111db7a7bc6534c02be12ff28c50482a240be6332e87346b809bb04b191e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
013af8702473741b42f7ea1077cad65c

SHA1
2a56903008ca9074043c891f250fea4aab16e963

SHA256
b3413cb7f2d8c4e5533f079d52ed251537bd6b3d051a5a693b540afd1c3cad47

SHA512
2f3bd585ccc7e3e77dfe38bb23fd88b27599eba96f2a9705d185ba3ea7f228a19df53489af7402be93e16157ccf89d1b6f99f9c85cec2f5cd029b161bfae0a65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit