hxxps://uploadhaven[.]com/download/8d78b11afcd8438148f696da96887e38

Analysis

max time kernel
94s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-de
resource tags

arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
submitted
08/08/2024, 15:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://uploadhaven.com/download/8d78b11afcd8438148f696da96887e38

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676066975932667"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeDebugPrivilege	2860	firefox.exe
Token: SeDebugPrivilege	2860	firefox.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe
Token: SeShutdownPrivilege	4552	chrome.exe
Token: SeCreatePagefilePrivilege	4552	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
2860	firefox.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2860	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 3364 wrote to memory of 2860	3364	firefox.exe	85
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 2032	2860	firefox.exe	87
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89
PID 2860 wrote to memory of 4464	2860	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://uploadhaven.com/download/8d78b11afcd8438148f696da96887e38"
1⤵
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://uploadhaven.com/download/8d78b11afcd8438148f696da96887e38
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4349f819-cb48-4c42-95c1-e6ea8e5ec784} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" gpu
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {173680da-40e1-42f7-a2f4-db0fc204ca3f} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" socket
    3⤵
    - Checks processor information in registry
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 2828 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b46915b9-0175-4fe4-9254-5393ae7d80fd} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65a4a312-62bb-4871-985b-29d978648dad} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4420 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4452 -prefMapHandle 4460 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e244423-2698-42d2-87af-9728085c0bca} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" utility
    3⤵
    - Checks processor information in registry
    PID:584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5284 -childID 3 -isForBrowser -prefsHandle 5280 -prefMapHandle 5272 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b1793e8-1f8c-4b44-ab1d-e51ee292b004} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef0dddc3-07ba-41ab-9d20-cdef38bd0e44} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5740 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1da16f7-c5e6-4478-b492-fc956bc56a57} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3596 -childID 6 -isForBrowser -prefsHandle 3552 -prefMapHandle 3588 -prefsLen 33662 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64136dd4-e0d6-4208-b3e2-022ea01b3ea2} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1304 -childID 7 -isForBrowser -prefsHandle 6152 -prefMapHandle 4364 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d88f41-902f-4d71-95e3-fde19929cb18} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 8 -isForBrowser -prefsHandle 5348 -prefMapHandle 3956 -prefsLen 30981 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5489de-7d3f-4ca0-a78c-19e9bdf7f6bb} 2860 "\\.\pipe\gecko-crash-server-pipe.2860" tab
    3⤵
    PID:1300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff6c4ecc40,0x7fff6c4ecc4c,0x7fff6c4ecc58
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3792,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4532,i,2460119192037629332,11704494018824574901,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:3088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
39e90c58cdfc285d9f14e4cf8b0f0832

SHA1
9c9ab5491d0b0662ec353ede4206e799a6e1b076

SHA256
410c89ffa7b5fba23f8223b2cd368065137985a70ef10cfe43871b8e33e7e39e

SHA512
eefff8e8605bbbd932e3d32ddf4156eb8392d316241a1b06d5e29d927c0ecca8fc1025e3662edd0c6e60069d56024595cf8fd5c9f920b367d83fb60e94620386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ba7eaba79ba1c820f905a335bf7a4183

SHA1
db39a646580ed1fffdea5b6696034492edd5187b

SHA256
a89e58a6de8cb336c950e58a11200e77ab56a8048b8cc4134c85de61d7b3382f

SHA512
ec957ed4368234135143fb66f13d07a950cf13d4782df9d59daa7270e8e3ed718b4f20eb58b4c75ab4201d595b6bbcee316a7c7f490aa3d0c066c0f0d19f241a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
8f32558d353c7765d93dfad8434c3956

SHA1
6d2fdfa8e56e3a15fbadc217d301c5f28a750f02

SHA256
80910792a7f0e59ee6ae11c272968a755afd9543f9efb8f1b951326142c94233

SHA512
0a776eb02cdd952d52f640356577529759800ba5c48b8ef4fc0e82df4a1ec3c0e610483169f1bc544cdfb4182cd5c215c7b65d48b4625059807d4d776d242185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0d39e749806a92fb7462d7f78352f41b

SHA1
9e133d78fb0c0b926ee4968a09c2adaff65a0d8b

SHA256
4a6fa123f4884c790a22d6749c392e285a1c40c5d0ec5663555434c0043eadeb

SHA512
6e075e3cc4f23c92110cdfa192f35b0a5ad6187a0992c2d3a599681baab5e547cf651a20bb0210cd8d172384490f1db23fc2e55ba829eb0ed7961d9d85b42810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
66025d5d2a450202c582110862726521

SHA1
6535db43864c5cf88b2685e62ea16ab752397e7c

SHA256
0b10c9f4e761c5eb1f97e87dbef89b7432b5de2dc9f09df9717c521ef45f286c

SHA512
898fdc99a6886248b0d00193654ae62358900324bd439617c6318ba838de7fb2c8744d1fba1b36ea4b2b1817525b76df7d0e7c99ab22d1775aa4431e300776f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
5d5dc11a7391cfff5f5d4d953064dac8

SHA1
a76441014469534b3d1ec42e505f2892b3d45d33

SHA256
a9f325f1c7a724ba79f8b9f8e52a9f0ff79bd341c854733592e060f1c9f66c6d

SHA512
e07fd5a66b0b5282689305b295e694996ef9b0be20aa60a621dde368f0f9de55b1d13fe21891975e00fcb75f126dd622c114e82057442dd0a3b5733a16d49f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
45dcf56eba42c2c071ba8f81f85ae13f

SHA1
616a1b8ef6458c85e6372f05f72afb6a39053da6

SHA256
83f3a073cce7a0fdf2203a0cd2fa34ec1d9daa6e71be3b91dfefa1c9bc7f9eed

SHA512
52b2a8606dfb9c97f77c68a9e9b340868561c96b6b07c7e1ee1fc743e069f03105abaa776dc1962d4c1150fb237bd852f6731f9364e2b1b8597e481f4ebea015

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\activity-stream.discovery_stream.json

Filesize
20KB

MD5
f07dbabc16029db5d4f1939f878798f5

SHA1
0c25e242d3b847542f97fe99274abfb2a2ab34d8

SHA256
8466914cc4b72d4609e71fa9059d57e88f33361b7ee21322533d557856fbd0e3

SHA512
da8e0bc9cdfd96a14a2f9ee21983e3c5e2582993fd4a60af3f4ca77189a520796bd1855c798dfa81539113447fdcf379ea49ebe6a70b08e0399d3956a20d1069

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
af4976decfe1c75c287429ab10519d6d

SHA1
09b87509675711427538c99a94400b4dbef82231

SHA256
775ceda372cc2392428fff85ebb19e4a7b5e5d71b1466b9487532e5e9a4378a6

SHA512
9f667d513254c2bb43fb5778aeaeb7150a8928f57dab393a37c5cf2ce51779edb68a8b03a727bef9dea2bbd22ee0cd2221a70ccb576780932ce0a21bf015478c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\76E7147E90F950CD5C9FEF108FF5987AED18E9F2

Filesize
60KB

MD5
a7ed78670e895405ace8f9ab96331df3

SHA1
0e706a07a28bec975af759c776deec8c3d8e2abe

SHA256
f24df2dd422b77e664fb5333c9c86b52c091deec130d253944658d47449d94a2

SHA512
c3c2bc23498d13904aa9a2a3996880e5efe1d743021488f63bc918d33bcaf3d2de3ca48b22041e41a71e0ac5dc9991dcdae2bb1e6581951f35ed42b89f5e223f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\D51AF647E4D4CAC1114F86C66307284ADE3F1FA0

Filesize
219KB

MD5
6ab9baafa05575a5f01b7f89c69d4ba8

SHA1
36be1a31b45613fd97c4a6e90221f91280d35cb7

SHA256
a80f932a5431e5dcfc43ba8422246ce4414df6f8b15e8cb1f28098c0b3b72cd8

SHA512
8890a617418a3e452215599e46f61ec3c5028f84e0f9e3155be23370c35c30b41a434b70dcb395d9d01f1bbf67930375ddbb69172890c12b966f09529842a577

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
8f0b9e5335ab48773cc1ecbaa7bee97b

SHA1
2244445db9fdf016e1bb1d2889319126bd6fa227

SHA256
6b5cdb70a9beca7888ea69494504b2900b8b85c36a5150e1dcad6f2c4240bff2

SHA512
e5871e9bf2c81731f5db804eaa4da068a03485d922ea9e8e0c35e73aef224ce644b0f5fbd28f77b1102e5d11b27635f9deb080baf6c0c54cab36f34c87feaa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
2d29cbc800b33192760b916814105935

SHA1
a6075ead27c68b1fbf6da5657c4901f1f6b82dbb

SHA256
e32c0f6d34328831ed28fe29a7a148ebf7b63a50191bb2f5b9627cacb802925d

SHA512
53feff0cd1662c1c1b072071d2ed2264df29f1226719f5f1722ca11619a9d7a127a061fbb06c5237cd9b70baeddfe88cbe41d307475744495f5caec847afde71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
16KB

MD5
f7a9b7a9b7c78978c462117c45d03b70

SHA1
a6aecb77a1c77b08f8ae5b4bd311768bbdaa2664

SHA256
0e25877827fb85abc4ea28ab21da3472d66c002fbbaf9476a9cee00d3607a6a1

SHA512
bc8043970ab17dacdc10749fb4c4846b72a623206633b7af0a077cd659b342881689dc9e38f86828384ad23a38aefa03e01af9a85ad1e0a7fcb6590da9610df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
b6c13bc72f756eccb487bff678d48087

SHA1
5ee68ea1e7dd8c7243d72a61aa85229840f7590b

SHA256
90f11777795227b3232b0d0bc57754e52f89e0ade77c9afb2b62230b4aad81e4

SHA512
fec5694480fe78a5416bff4d448230ef3205720c3e2429671fad663d0957bd3ff190a43b2a7e2cc4f7b09801c7cb7baef54ca8acd658cdd140ef8cb09e43e39a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
32KB

MD5
182cd7c85fe160c67a002ed132fa7f65

SHA1
32f0fa6d8dd0557dc7331547bf6aa685cce280bd

SHA256
a995b5425ba2e1162d7b6da8852ebbb3ef2b1c7238543ee2dcd705afd520dbb7

SHA512
7e050acc24afc239ae31fe7619ba2a07c2b61ea4f6c482969fec6bbffaa2feee5371a35d86ead258ec5fd682d611400de665b4b23605725487337a2d0d647cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
40468ed26e4661cb7086a2623f5fe4ca

SHA1
ee3cfcb1d6edd08e691d94161febc56c265a139b

SHA256
1d253ab09a73a4f38a0900cfd224fa57925f9cea0c8c947453631867313ecc5e

SHA512
f7177a7acf07bdf022e0377cd06750da0e16afb1d5d16d2fe3aaccd5e34ff8ea041b596b7594f7f873e3eb6e62e15a381ce88a2a5669fd9fafc53ce8fa96c4fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0bd32541652f93b3b1c72cf80eb8c287

SHA1
0bbe92643baba5d9ce89af716841cc88239dcdde

SHA256
395f83332fe7c6c66f4e7565335827a8cfd6df6cf3bd91391615852cc50b8cb6

SHA512
eacb9af72ea00545d80b6730bfeab25bb7df295656f4375e9565289229bc860ecb505a7018781739be59df3ae263210fd9d0ac433c8ea0e1ef305e61de86ac23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\273661c0-9470-4462-b4e6-3bed1f42a656

Filesize
27KB

MD5
d8d8bf33474dea5f85393ccba403bc8e

SHA1
9123dc7111793c3892d71943f9cabce8f0dbda2d

SHA256
09f801466ec3323a086ac201156fec86fb4fdf14eaee60643942d21ef6e80d19

SHA512
a65abf1f52aaedca6919f2ff6991a361490e2a0201bce7f70765a01321f8b3adbdfe4e915289e0d7eea096cf364f871ff5da129caf91ce4c82f4562f5f22b647

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\32fc9cd8-4a54-4217-b507-687340a688e8

Filesize
671B

MD5
3e165eac5b3d95cdadebf7dd07465af2

SHA1
5af567beab597135143ed706b3bb0700c1dd2bbc

SHA256
f7d01893b8d148f692da62b5558867d2de19312c7bc85145febb69b53990ffe0

SHA512
f66bc5b0ced17dd7587accbc0546575b36ab1afc3d7f964198b4b665801028eab343abe70f6ccc2724ed9557f4b88615710f16a21ab1b6f54a9ea26629cee7d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\dfedf214-85ec-48c8-801d-2b0355b31afe

Filesize
982B

MD5
0f5eb5fc3e9cce532b6b3208fa34c2ea

SHA1
c159d7b6f8de2360e83e614bb8b17470870b6887

SHA256
8255d4db0fb73f82daff5abee140a163f807c9baa19a49bf05ac34c2b3e3f3f7

SHA512
6202b6fb917f849b94ad6a1b7e917d3cf9b9968c7ee4e6bccbae350170b1a7486868da095adc5fecfa724740460fe5216f1fbe7fe9a8a9724a1861c783584050

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
16KB

MD5
abc436b38df7a4d07c87f33c8f44af48

SHA1
c50f648d9be44a8c3b0f33336429427ca39d5e83

SHA256
c8c9a80b1276ad0fbfd75d074e327e5b95ebc5eb3db31034915822a875b232f2

SHA512
feb51540643519166d23ad4ae1476143615ddee6595eb167d1f3e566a76784eb7af02ffee48c1f23ddbf4fc4a942e8722ff9e8b049a6361d717648271f6b38a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
cf01d269cf192c4760b34243f96f1edb

SHA1
02d3d4089891a0bb8ad159413d32809509589098

SHA256
f49d8c4cb2f4385838d45dd6eb6fbfaf473db0cd1ccb118d47474172aee3eb22

SHA512
1e8e06de4251ffecbc77dea673451b5065090b84eb57f87f1572130f26da9bc5cb4b4c76b48e30a70151e0d12f18ca51348b6c5c39d9a89e19b6317db07625ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
ee0070c9dfe99f52613d9ca8e07baccb

SHA1
a221e4cd2e995cff4b0289775041d36d299de7a5

SHA256
806ea0d08cf3f31e6c8aa3e9dd41a5ef3038197d7263968519ccec65c9e23a53

SHA512
163a3be9a2e9c20e80096ff2f2b102ee69706be49cbd3eaf82f0d6aaff2681210fb2f97c838dda5b16e6104ffbdd7aa6f091ecf984090bfeb07b2fca1d5d2075

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
12KB

MD5
dc0492992b36409274cc52909c95d98d

SHA1
466a957912fe402305a74b289c1ea4251f18c18b

SHA256
52469927f5439648771e9c8b48c6eeb9add76c8e4e88ae483797c07c4905a6d1

SHA512
c56dc7e3f09a69f92809d61b66a95ff718c303b230e17ec7d436c87d0c6d6dc56aa2348aac4ede36028ec01478f7c3bbafd9e0a81173b4e7c643540c9ca25164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
1b496a1714a41298b279973f20340672

SHA1
df6f2b23389d0199a97f4fe46d69d235febf3a90

SHA256
94806e5208d98c7139df48dcbbc9cda129428d3104eb7f95f48698c36ff2587b

SHA512
84957894eb5be03cf204f309fd9341e5a65f631a0c212a91f9954dc1e32071e448242a113392e574f6b71e76997cc8fca430289586f1fb62e5e068958cbc3b1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
d1228bee26fabd67646420043e456d1a

SHA1
afba7965976d829ae5bceae40750b49078cb07da

SHA256
87aa9b48deb104f17e53f7a858fd1e64f42f9c16dfdf1194051c060a28aebde0

SHA512
005d361d1b414c3b09afac3be103c952e0669c189f921495b21f371e6af2c31facf862d97649f13eeaa81a176e4e4c4a46ff6ebaec1cfb1429ed155214d92c42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9ea96cd2532834c01cafa9b9b86e6e67

SHA1
3ddec6f90d9b9d59d3758d3bb23f285d105ae2e2

SHA256
82fa976af2a216c906c881eadb3cc993f6b7db68da087cd3483c1851aebab7a8

SHA512
019119d5697414f037abb5e014efcd4a3fea2f2882c79188773007d76352d890dae5356abe24e9ad5cffdfc6f9906b209036c654e47c8004173aab7fcec33fd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
82d4b54b8f10fffffd95f7a22d39e025

SHA1
8b4081719d7039b5cc53ad1faf7f1ddd9398f808

SHA256
0372cd884629e69cafce550c2d8544b74d5e4e1d2899f5706e8a0bfe3415b537

SHA512
5b186904d55ce6169e4b9dd4bef54832aac52c5ef978f4d269156978a78316c311bee786d40132c315df98bf016cf317e32f12dca90b11161ce503b027f7e5d2

Download Submit