Analysis
-
max time kernel
115s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27-04-2024 12:09
Errors
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Annabelle.exe
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Disables RegEdit via registry modification 2 IoCs
-
Disables Task Manager via registry modification
-
Disables use of System Restore points 1 TTPs
-
Downloads MZ/PE file
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Interacts with shadow copies 2 TTPs 3 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
-
Modifies data under HKEY_USERS 17 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 46 IoCs
-
Suspicious use of SendNotifyMessage 35 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 9 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Ransomware/Annabelle.exe1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffc5f149758,0x7ffc5f149768,0x7ffc5f1497782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2916 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3708 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2520 --field-trial-handle=1896,i,9640255081618417461,8274713082115328871,131072 /prefetch:82⤵
-
C:\Users\Admin\Downloads\Annabelle.exe"C:\Users\Admin\Downloads\Annabelle.exe"2⤵
- Modifies WinLogon for persistence
- Modifies Windows Defender Real-time Protection settings
- UAC bypass
- Disables RegEdit via registry modification
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Checks whether UAC is enabled
- System policy modification
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quiet3⤵
- Interacts with shadow copies
-
C:\Windows\SYSTEM32\NetSh.exeNetSh Advfirewall set allprofiles state off3⤵
- Modifies Windows Firewall
-
C:\Windows\System32\shutdown.exe"C:\Windows\System32\shutdown.exe" -r -t 00 -f3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.0.2076980389\1733935970" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25788257-80e2-4f32-9536-bfc9cca39e5f} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 1976 2144dfe2b58 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.1.1580302005\17746374" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb62df1-27be-4ac0-8bab-2167b6173bea} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 2376 2144df03258 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.2.1285768621\278049404" -childID 1 -isForBrowser -prefsHandle 3448 -prefMapHandle 3444 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7e4565e-8fc9-4090-b925-cf0cf6e9fe60} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3460 21452114858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.3.345165226\1888190064" -childID 2 -isForBrowser -prefsHandle 3240 -prefMapHandle 3220 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14b0df84-f337-4cb4-af72-9328dd33342e} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3028 214522f9758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.4.1215499532\683894217" -childID 3 -isForBrowser -prefsHandle 2968 -prefMapHandle 2884 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6206dca6-c87e-403d-aae2-c2980398ff51} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3016 214522f9158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.5.969992204\15799761" -childID 4 -isForBrowser -prefsHandle 3016 -prefMapHandle 3892 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {964887a7-7668-4883-b836-988b150e5995} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3084 214522fa058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.6.1254826940\117131164" -childID 5 -isForBrowser -prefsHandle 4364 -prefMapHandle 4360 -prefsLen 26331 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ea45aa2-fc29-42d3-9ab1-e8645dd0baec} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4376 21450a7a658 tab3⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3852 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:81⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa399b855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
2Windows Service
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1daeaa8d-a799-4ad1-8b43-954a71a1a9cb.tmpFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD57be82d24a370ea217213162276f0f5ab
SHA15db253aa04a403b67d28e56c44d93a0c6f79eeec
SHA2568a54259d46aba3517d14fcef72ac79587f2edf3a4c39d0a88fb20c76337f694c
SHA5127ad0f29f709b7a85aa8fa8c40a617674d4c072e2fb3c310895f44113a6d61e42289d734f9f09113fbe60fd1a7b1a7dbf447d1502a06008d3b0b8bf78af6dc3bd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
986B
MD580c4400684b684f33f79607f7a5710fc
SHA1e461e0540de04541a52129c0f3c7020f1978d640
SHA2565e53aa0e8cfc7b70aa0a5c2cefca0036eefc47a8ba822d1b69a89eeba72bda40
SHA5121869a9a954f873bb76a8f26b9fb0d1fd1e5218cc9eb7860fb62c62e961571f8c30e53e73e6de0f7811d5ec14830eab2b7182e03207111bfb62313f6725f64b44
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD598235fdc0a7d4f2587c6980931693e91
SHA1f7b01c6f8f51095e960a8c8ee5e917bcb502aeb9
SHA25641ba46a0714620bd428e1fbf065cd825b9285688571a349c4315d64d194ab6ec
SHA512a2bc3a06ff578d188f94e37d2b21e9e57a6dd6159db713267f37abff7fdc1c0663e3be9b3a72acd71d60603ec5d8b8e0a567a8eafd2c5d2c3f51b9b64c37175f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD55a8b7a93cdd5679d656314a12ca263c7
SHA1afb792812066d5b929fc8abeca9a58d56232be8b
SHA2562921aa73df543ded25218d84b27242deb65ec654a914818353bfd62d68d6ee8a
SHA512230df44b203a31e093198fb186da428fd0a92d810bafa3e9fdf55d7038527c62ce31ab1d13fb02369d59ab455338a36d22a286022d3aa1929f440112407e8349
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD56c3aa1477b6e45d5aeaec7b2c2b699a4
SHA14d2ea5ffdd650367c50f3bb555bc0a50310673a4
SHA25665cd899012647847721eacf2f55d565f7c7505e9d1148ff5f3be1b906e027436
SHA512d607d40e7c4f32372f23692a47e5b23e48a64b9390c3de59078903b4b0801dc5dd6b98342d0223269bd2771543f35fe5de06686efde091ad146c345189e62dd1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5dc243d0053012e2246920e84f288e16b
SHA1b13445a60181b42c8121529573fe0dc8b17f6c4f
SHA2568b9791a7970355c00ceeba4a6e0e3a2881e12f769b989f06db9ab4ffc7e1f483
SHA5121f22e6822a9480caac96015a3d20974bfb9c76b79cb0b8862282a4752defc5c9608503a8e41f014c135aa34e249981fe6bbba94003a6c591b9a44dfa28fb7291
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD567dd0dfd62b7dddd4e3bcd95004ed8aa
SHA17cd4d70a0a856ab526a3ff3c799fdc0b18f3e637
SHA25617f61b3e7a6ca66e696dd34f172dc0d402971eb58b7043490f44380a3986d950
SHA512ab6218db1c086c66335900a21dfb27086725c392450f3fce49c0c445434abfb9ee4f2eda60235cd40184fcd50fb7df31cccc46ef2b2ab64e5e97cbf06eb5f0f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD55bc6fec6aa4b0f2e5a2b902fe0ee790f
SHA1a2a761dc5f143865c5384a4da22c5ed30b29cfef
SHA256fedb8ac6f160d62a82b98e1cd6e897fc5bc8ff8dd629ed569ebf1568191cda04
SHA512e917fd415a0637ba357e48a81215d835767d6e1613efd7612dae5d21d3960b99c3c7c364bc6b92ab88462a51ab9e886dec7896cb125d79d6af6a93946a118566
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD529a0a3e4cde9215cc6b7fe6c4bd0bcb8
SHA16fb771ffbcf790730dd42eafc886ceda924d1d61
SHA256acf637db4f559c51261ec1135664d5ebe07d7778141c348582fe34201cc9bad9
SHA5123e99da1df47112361a0cb45d1ce8d2865aa69973dd2facddeb2d2adfaa10893b181282cd83bbd097c5bac46cbfcef1aa901b56d5ce6569e0884b803c801ccb4d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD586a8723965bf2da2e2efd394f0f03fc2
SHA1d160996f9d7492d4993e09473db27d8bfe96ac42
SHA25621db757c3b122215691ecffe93da000f6795a333ac1aa2a619d32171da9d565e
SHA512f0772debdc83457871e00106227c27acc1b99eda16f70a0bbefefa63ded90864f3cfdf672234d95e6d577ca29b36d8f67e5169df45d503cd7513e38b8b1dd125
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5ee150918a5524d4b7b907289ff3a9d91
SHA144b499516fccf1e62cea28f14a4fb79a125478c6
SHA256a1684a734b6fc7fb4b70053f38c86e4519d81d3e5b6d69bd731d103dcdac20d8
SHA51264f5060588745921d4534ecfafe5a70a2d21e60ecd4ec35935f353be9aa5fa1d41de1f026998befaa5c1240a3e6acf8f4a054985c15fbe4455ac1571b5e5732f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD59bf8f95b5cb4e761164008b0336e6dc2
SHA1bc901336b917f782488bdf5fd8d0b28d7a8ffb26
SHA256f73c7b6b732dac285965e602c61b42a4c937b4db7814017b54d59da127e3716c
SHA51209c15328cf0fc130f009ea55e1bc53add872b13d9e9986d8a4a6cb0b384fb938ff93f14efeced3a8e8128805534a0c2d4e83acff1a1c5d528a747d989c96744d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5c242d7da328d71f319ffd88c7367d60a
SHA16c8c99d2f8d21f81c36a1b6692215447e9297e94
SHA256682de0c690db598ecfff487964e6e3a00cb9d15e7e69772e0f16c31fa9d5c35e
SHA51233c4353f9a19eb2812717274c1358981ae2f48bf2e55901dd4a42de6aafdedd84ede618d3603237ed289019b174d6474443432f253d5ddb585b044a49c07d9d5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5595c739653fdf1cc12b914324155cd50
SHA1822927ee016c4264cbecf35a36181b73f0e5c730
SHA256864cb1b71037d1c590f10881f5c99bc6d6c2816a88c06a41ec80e9ea656b62da
SHA5125d32bcb41575fc75a6065bc8cc89a4991239496ad27cd3ab3f60b26be7208d3b5f7a54c57bd58db5c34f0139c65218fe4ad55065fccc9df26de884b003cd1f77
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9f1597dd-f851-40ba-90f2-91a6b8775c32\1Filesize
10.9MB
MD5c2c4450dd9dd82f2214c555cead43118
SHA1af8f5b2955f2f1976128d08045b35d6c939495f5
SHA256838fa0b08fba45c99233254dd2e1b02840c6f2c842a3848ee1fd343d0f3dc6b7
SHA5126e30efbaab63f33776e263a72a42a52fa15cf145edee80b129b50ac80be97411285dc1263cb4609896be6150ba49ba59fae3f906e9cdf55f8539da0d79837de9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
128KB
MD59176c9b7a469f42e40b314285208c0d2
SHA13c4355c46466642d600262bc08565ef584608b10
SHA256830ed1ec441c5089938bab1c8c623e1334e6f06fb1e869e6d72dd201ba4c9840
SHA512fd12d855c7dc0ecb20951dbd5970007dd86bfa2c592d121a2af9c83d5f9e6917c4eb45da615c260b96bb77640d999483bec752d2cf6fb860cde4f095f7164e81
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
128KB
MD57d68216d845c924d45d8fee07020cb7f
SHA19ffb51a1e2bfb5bd6bc796341fb39ed1454e64f6
SHA2566a6931a66b525993238e747a14bf6d8f0da8ad367106ed36c75e288e58c0ceeb
SHA512a4fdee6d89efc932fa67fe4d94005a45af314b5b0aa3443855439892e33f5b8795c2b5cbcc16548b8565e753f92be49d8b69698c71604424a6397bfd4fb3ad42
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5c792a29831c7623f529067cfba8b6fc8
SHA13d82cd1d6de80add015f4ff8f805be142df4408d
SHA256b9a642a99059ffb3796ebc7685ab4ba88ba1c46ebcaab4c4ccd807a10085d75c
SHA5126f25717f26f6ae4e40235b95bf7750631c51565ddc5d53cf439e95b83ebd716910474a5a62aa11c11f51ba690cf34ea0b542251c53f24e4f29dd3a197ff7c7be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\204776f1-7ae5-4108-9ce4-0f24ddd2d5adFilesize
746B
MD52fbd385f08f65771785f0cce9018048b
SHA1f54ba9fdfb60a1fab430c528c5806bd8a42450c7
SHA256c8b75b69928f566396967b8a5fb0d4c7c21a24078a374ae3ed43d5348647f104
SHA512eac545ed0903383378f691603a6730f7a1e6481b6d927e4c06eb84b5a9cf4020cee18a9b889968db983c96741e127e26fdadc2f8ccaad94c2598647dc83df018
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\ed16a7da-a39f-4b71-a1d6-72fa0b9bd59aFilesize
10KB
MD5e1b61088cdff0e6ba6cd166624e244e5
SHA11a05635d6340651550f7714c345f1336c8715412
SHA2563821dcbfcd7008820a147fc496e685911a9e2d75641131f739d70d47b17b8f99
SHA51226c096e3fe4158b30eceb397262d3b751e10b94012a65a4fe22fcae3c8a0333624f994acf56220e975825b666ab1a9e5a80974b7caba0e309d8dd73ecf8f5b48
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD571cf28e778f6357c28ff74f0f7df32e2
SHA1a50fbd88721c05239168a845a092c9294219da4c
SHA2560166f97797a5ec4f33f7bc359ef88641cbc730ea53806a408a2bc82966cbb543
SHA512e0ec000653ef04107153911cbff78a252e647d9d52f93fc03aea46a70ac42bcaddf3646bfdc531966994b2d5aae48a50f64a37adde51153a02da4a4343c8f96f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD59f7456b483dd29190858ba221d03602e
SHA14875b1df1b68e08cefc810830357eef3f48b7255
SHA25608234c31223ea6d6a26d95b11401cc96fb4f1cbd7e27ae476bffdfb8ec9c1eb0
SHA5122670d6365807bd8d87c50b186fb64d5701b4a34bec38cc1849ac7d59fc08187c270d4ce58019f188dc97dc4063405569abe37091b688e56aafd3484247861d81
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.jsFilesize
6KB
MD51b7b363819e38bd949057f0053349b20
SHA1272ea10aae9f8ae4db4317f7fbce391bad5fb8b8
SHA25628a9fe03b71cd2bab79340f22bd193c8a61b5ac00c55240bcfd2b116ee9148a0
SHA5123c84495e543bdb06c347fdeb825f87356e5579d0ce58abdb254ce4c0887b1fce49f98ffb765ca47a31b2b72c9f1f588ad30e7b436f75b193fd34f003f0044bef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.jsFilesize
6KB
MD5b0786f825493c39c67826afb79369c66
SHA1ec9a9db26c6333b995ac299d356658d035fa8784
SHA2567f69ac017116b29bf3b5429e2dbf971b504013c08bafe3e182dd02b3beb4862d
SHA512daa49af37f5938a6a214a32805fb231d24f647062e35306bdb99961d5a4b960515a0cf1e8e3bd83587422acc99a89461bbc1277b55951d9d6251106b43c40a38
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json.tmpFilesize
259B
MD5c8dc58eff0c029d381a67f5dca34a913
SHA13576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA2564c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD59f2ea8b8202ad6dd23da969d1ee8e385
SHA1e57973984d31ff0b7847a963e29856160356d60e
SHA2565eced4307db910dad4fab931b97f2cca1f146ff4670c6fd47cc6ff51089709f3
SHA51212230dd224292343ddff072200701802b0614c042b352fc28402d903f75794641c9389864612ca01f5040d9afef8b9c93739209631b302b9df3cbfbbbf696b5e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4Filesize
271B
MD5108336494e95ebe681e47d675beeab25
SHA1defe20cde97640a9813323ba54c54cf9ef99e203
SHA256789d8b08c82d08244039c61c3d54a9fa1ec29a816252a39777d1a900cd335115
SHA512545cf5f2328c93ee147615eebc1b74174acf9f81f49713bb09c94eaa252783d490b1f7754375988fdc89e13ba89d5376f20887ffb269635640d466d824bf90ac
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4Filesize
838B
MD5d68924eb9caa75d6f84829fa4ab412ca
SHA1ff172660e602c23068bc0956009e9ab2cc7a5e71
SHA256e34d2b4e9fe66f7f1327e49411416874dc4155fb2d1a474d97fcc64763e96a9f
SHA51257b992ffa28b7b1f98bebf8b59cc3368c70e1c9a52fb3ff59728ea554bcc15a0ade215a72e56d82c8c10efb80d394f02433b5f12afc1b54c61397d4cc807e5a4
-
C:\Users\Admin\Downloads\Unconfirmed 934319.crdownloadFilesize
15.9MB
MD50f743287c9911b4b1c726c7c7edcaf7d
SHA19760579e73095455fcbaddfe1e7e98a2bb28bfe0
SHA256716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
SHA5122a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677
-
\??\pipe\crashpad_5004_FINWDIUBRMGWMHYQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/5824-488-0x00007FFC4AE70000-0x00007FFC4B931000-memory.dmpFilesize
10.8MB
-
memory/5824-253-0x0000027AC1F90000-0x0000027AC2F84000-memory.dmpFilesize
16.0MB
-
memory/5824-404-0x0000027ADD5A0000-0x0000027ADD5B0000-memory.dmpFilesize
64KB
-
memory/5824-403-0x0000027ADD5B0000-0x0000027ADEB3E000-memory.dmpFilesize
21.6MB
-
memory/5824-612-0x00007FFC4AE70000-0x00007FFC4B931000-memory.dmpFilesize
10.8MB
-
memory/5824-254-0x00007FFC4AE70000-0x00007FFC4B931000-memory.dmpFilesize
10.8MB