Analysis
-
max time kernel
345s -
max time network
353s -
platform
windows11-21h2_x64 -
resource
win11-20241007-en -
resource tags
arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system -
submitted
06-11-2024 12:51
Behavioral task
behavioral1
Sample
wt.exe
Resource
win11-20241007-en
General
-
Target
wt.exe
-
Size
23KB
-
MD5
9cbcaed1a71dca5fa2fcb5fe41e0d083
-
SHA1
699923b980e8b8677ab29137dec889cb4c7a87da
-
SHA256
4a99edc4912bb72864cf424c67b500187079ffb5bee14d6851800ebff9a56808
-
SHA512
bab13f8992a4c692412e0e15567693df36d02e6bf986bbadf9c4ff5b285b57853c6a9eafc3250cd1bdf33977428ddfa6c783080d1430e5593a181add28f19f2f
-
SSDEEP
384:I3Mg/bqo2f+B3kXSP1/pYVvobPJ/r91C9zBq92BewD9:2qo2gtxpjh/r9uzs9WewD9
Malware Config
Extracted
C:\Users\Admin\Documents\read_it.txt
chaos
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 2 IoCs
resource yara_rule behavioral1/memory/4836-1-0x0000000000400000-0x000000000040C000-memory.dmp family_chaos behavioral1/files/0x001b00000002aa99-6.dat family_chaos -
Chaos family
-
Downloads MZ/PE file
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Drops startup file 6 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.m2zg Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\read_it.txt Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url Decrypter.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini svchost.exe -
Executes dropped EXE 3 IoCs
pid Process 2404 svchost.exe 3668 Decrypter.exe 4876 Decrypter.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 35 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini svchost.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Documents\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Music\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini svchost.exe File opened for modification C:\Users\Public\Desktop\desktop.ini svchost.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-2410826464-2353372766-2364966905-1000\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Links\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini svchost.exe File opened for modification C:\Users\Public\Documents\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini svchost.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini svchost.exe File opened for modification C:\Users\Public\Videos\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini svchost.exe File opened for modification C:\Users\Public\Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Public\Music\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Searches\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Videos\desktop.ini svchost.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\sofoo9w7k.jpg" Decrypter.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SystemTemp chrome.exe File opened for modification C:\Windows\SystemTemp chrome.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\Decrypter.exe:Zone.Identifier chrome.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 14 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133753712128015463" chrome.exe -
Modifies registry class 12 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings svchost.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings OpenWith.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Decrypter.exe:Zone.Identifier chrome.exe File opened for modification C:\Users\Admin\Downloads\privateKey.chaos:Zone.Identifier chrome.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2532 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 2404 svchost.exe 3316 vlc.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 4836 wt.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 2404 svchost.exe 1816 chrome.exe 1816 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4404 chrome.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 4876 Decrypter.exe 5172 chrome.exe 5172 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3316 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 3892 msedge.exe 3892 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4836 wt.exe Token: SeDebugPrivilege 2404 svchost.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe Token: SeShutdownPrivilege 1816 chrome.exe Token: SeCreatePagefilePrivilege 1816 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 3316 vlc.exe 3316 vlc.exe 3316 vlc.exe 3316 vlc.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe 4052 firefox.exe -
Suspicious use of SendNotifyMessage 63 IoCs
pid Process 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 1816 chrome.exe 3316 vlc.exe 3316 vlc.exe 3316 vlc.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 5172 chrome.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe 3892 msedge.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 1544 OpenWith.exe 2212 OpenWith.exe 2316 OpenWith.exe 548 OpenWith.exe 4544 OpenWith.exe 1828 MiniSearchHost.exe 3316 vlc.exe 4052 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4836 wrote to memory of 2404 4836 wt.exe 82 PID 4836 wrote to memory of 2404 4836 wt.exe 82 PID 2404 wrote to memory of 2532 2404 svchost.exe 83 PID 2404 wrote to memory of 2532 2404 svchost.exe 83 PID 1816 wrote to memory of 1412 1816 chrome.exe 94 PID 1816 wrote to memory of 1412 1816 chrome.exe 94 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 4980 1816 chrome.exe 96 PID 1816 wrote to memory of 3916 1816 chrome.exe 97 PID 1816 wrote to memory of 3916 1816 chrome.exe 97 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 PID 1816 wrote to memory of 4172 1816 chrome.exe 98 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\wt.exe"C:\Users\Admin\AppData\Local\Temp\wt.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt3⤵
- Opens file in notepad (likely ransom note)
PID:2532
-
-
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1544
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2212
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2316
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:548
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4544
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefe89cc40,0x7ffefe89cc4c,0x7ffefe89cc582⤵PID:1412
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:22⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:32⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:82⤵PID:4172
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:1632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:82⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4552,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:82⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:82⤵PID:4492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4572,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:82⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:82⤵PID:3344
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:82⤵PID:3676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:82⤵PID:3940
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:82⤵PID:1628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5144,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:22⤵PID:4424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3676,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:12⤵PID:2432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4544,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3448,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:12⤵PID:3456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3272,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:3544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3496,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3480 /prefetch:82⤵PID:784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3508,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:82⤵PID:1244
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:4968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5552,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4376 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4404
-
-
C:\Users\Admin\Downloads\Decrypter.exe"C:\Users\Admin\Downloads\Decrypter.exe"2⤵
- Executes dropped EXE
PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5192,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:12⤵PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4612,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:4460
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5252,i,397002054826238647,16904817560446442965,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2984 /prefetch:82⤵
- NTFS ADS
PID:3720
-
-
C:\Users\Admin\Downloads\Decrypter.exe"C:\Users\Admin\Downloads\Decrypter.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:3164
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:1292
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:2408
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3316
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:1224
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4052 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e819cd4-1b07-4643-b059-5830d90b341f} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" gpu3⤵PID:2332
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df577be5-b4f2-4628-be73-869dd87124b7} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" socket3⤵PID:812
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3184 -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2596 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2730d83f-df0b-411d-a932-6e94e5cbc3f5} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab3⤵PID:1532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3016 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9ee7f8c-b6b7-411c-8196-ff9268e320c0} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab3⤵PID:3044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4696 -prefMapHandle 4664 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c65047-487a-4293-8c50-cd4abb1084b6} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" utility3⤵
- Checks processor information in registry
PID:2824
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 3 -isForBrowser -prefsHandle 5528 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da44bf7-be6d-4a45-a5fb-1a93c5046d57} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab3⤵PID:3028
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61da1a36-0cfd-455c-a9fd-1b6773a31032} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab3⤵PID:1052
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7b801b4-cf1d-450f-91d4-11b6b3221880} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" tab3⤵PID:816
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:2580
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
PID:844
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5172 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefe89cc40,0x7ffefe89cc4c,0x7ffefe89cc582⤵PID:5212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=1944 /prefetch:22⤵PID:5624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=2064 /prefetch:32⤵PID:5632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=1672 /prefetch:82⤵PID:5652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:2628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=4604 /prefetch:12⤵PID:4048
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=4740 /prefetch:82⤵PID:6072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,15914790903501125026,16337166663880742057,262144 --variations-seed-version=20241105-180111.466000 --mojo-platform-channel-handle=3272 /prefetch:82⤵PID:2848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵PID:5180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffefe89cc40,0x7ffefe89cc4c,0x7ffefe89cc582⤵PID:5200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3892 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffeff4a3cb8,0x7ffeff4a3cc8,0x7ffeff4a3cd82⤵PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:82⤵PID:5136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:6788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:6796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:6892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:82⤵PID:6924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,16860714029578524779,17000945132704836399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:6224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵PID:2892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0x48,0x108,0x7ffeff4a3cb8,0x7ffeff4a3cc8,0x7ffeff4a3cd82⤵PID:944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,15330507663179090677,4861048646168252504,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:22⤵PID:5728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,15330507663179090677,4861048646168252504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:32⤵PID:5740
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵PID:4988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6336
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b5ad5caaaee00cb8cf445427975ae66c
SHA1dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA51292f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
1008B
MD5d222b77a61527f2c177b0869e7babc24
SHA13f23acb984307a4aeba41ebbb70439c97ad1f268
SHA25680dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff
-
Filesize
40B
MD5405dd156f0b697f2d0702afedb827b80
SHA141e7bd95b48a39edd67e751abf94c92b6617271a
SHA256a764eb30b54d11ded5b23807bca8dee0a2a36b921de032d8923b11b5eb835e77
SHA512981f35b0c8c9261a4ad7c6c4cf01c5e062f510c7e58affeea3d541510a8bff28f124a0a0142ced89502b4540b50161d201e61a5a0ba08b7504cb6560f5627d4b
-
Filesize
649B
MD5271eee219f909727d01814ccae638c79
SHA14e1e59cf114d58b594041e0480f975fd26b80584
SHA256bda466ce771c65e8c90682fac2ba13f365a42cbbf986a087f1c2c16937b14481
SHA51283388808df9d634f597b96cd8eb6614b261432d080a1e34503b0d021ce2f4ec67dbdb760325fbbe29c5439019f3e919bfba18c8033efdc8742ccf4b04dd39270
-
Filesize
336B
MD5341494ef8e5d46aec40e32688af0c8d8
SHA17b896989f4e2817e26d2523ce36435f0b0e9278a
SHA256d9338703e3e23874bef7045e715b69688c0d4b3d053d0a589ff659d651cae0db
SHA51279c3a4dceb01a7c664f3dd731d24ec248b2dc6372a6bf5a38ce36c52fb5e62b6f3386d7b0785222fac8242041a87382cad9ebaa16280c9f4d8b25eca19575c9c
-
Filesize
264B
MD59043c36f91f4757d3e9a5a2c879d6fe8
SHA1eeffc323aa466e9881aa707a18fc9afd5c7a210d
SHA256e1c01f474c214fe76a2c5b349aa4dbbe409717ba7bd272f5e145acc9975e06b4
SHA51268514d8aae3ab6da56d9c48d225b2be550a4e8748f669e1d82b1ca5fce7ca0c9c4a37f5927bff79506d0b6171a456c1ac8fd3af9dad2ef732d8928c43b9279aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
Filesize851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
3KB
MD5c515f0c1351eb710665dfdb8440d27a7
SHA1a3864e09a1e263f9c7305d24983f02a1f1fda3cf
SHA25654c0a737710d40e75eb5c7b4f4e2acd54bd08fac26f6796c2c6378f477b2fafb
SHA512bc7e27d6dda7ba7d39ae0b58a4bb919971b35bb81a6844bbb45023ec1a0e0543b153ee97d57997ddab73a3c7ed21e03572867a440ef300fd0ad911619173755c
-
Filesize
3KB
MD5fa301c25bb09cbb989fa6b24a4b4af90
SHA1acf77aeeff0c750a55ab5ffc9c507ed116d92f5b
SHA256dc18883eb4c4ef1d4d2a8b72de95356e54727b99fec628793a6868f3fb6859b3
SHA51264f69f7210772f0fad09ff6de7074c736d812d1fd81f5fbe9003ed6702fee3a876092eccad855b5b7b57653829a5ad7895586f5d8721d7a7a6e2608a3d747602
-
Filesize
2KB
MD57ca936239042610c4b876491cfef0d69
SHA109074fec80ff3772ad6cfdc3ef765806c03a5dcb
SHA256e3f366cc62421d93b901a934c7bf847a7efda4a33427f15bd340711fd119ff6c
SHA512476ca54ad7236e1e2ed6ae9a7601fb5ba9fa661f083e4ee16b629ea09f3a97946984bc76093ceb3eacbe0a24684bfd494fa9c9809d7ad534834234e0294161e5
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
688B
MD5f34452295caa729304948a9d77d28aee
SHA1bed46f22c6f8da5477feafaba83add077170d07a
SHA25637c0650a7c98eb261b5c13d0b5855f0dc78d919b54aecbfd96d8fae55ea83810
SHA5123441c0064656379bebc93487df2de5c56b082508588be40ba943992ea2c0cce07a6f53bff1984c9c1c495e90a4fe4e6fc5b59aee1e6d9bae4ab7b0b9726cfe4d
-
Filesize
354B
MD53811f6b723f6aacf37247c8fbb6fe09f
SHA1a6a2e604f1784ec47791332ab76a4ccb4f16b836
SHA2566e26799cdbc9374dee9f22c9fe1f90077a74b741275b4d61088a43ffbd8b9ce5
SHA5129cca3cf5f7f41acf68b98dbc0086fc318a149b13e1f6a75ad47dbbbeaed9eeeb1ba64bbfb0772dc36da02ef83a3d5a2ad6d5be8c74f93e9b47cdf0748726b371
-
Filesize
688B
MD51f345625cc17d30216e5750620a43f42
SHA1060f712ee5141df03857f9630b1a614332b0498f
SHA25668d1854ddcb5e4b44e0a79e9806037c60d5dd2ac38850c64dcf2a848b1aa211f
SHA51245485beb1cb45bcb4dad379a9d2b4b31d505ad14ec51b7ba8734051ebb635cca838d5b0cf2555c87af252fec0c38472035cf1ee1c6088aa6b42e207ed5be93a8
-
Filesize
688B
MD5685b380fee59cbf8b521c4aad8101836
SHA1863621fcd4d51a6379329dbf6296841c2b4ce47f
SHA25643caee4f0ea7f71f59803d34ecdf71d9aab1609f5577a2f14b1876388ed3193a
SHA51249ff112316b2047274b878174e7ade7a8d380f3bc6a744aaafd0d03f32d25aebe2b4bde0bb8af5f5afdbea450f4516f5b1a323c1ec540cedf1e50ecd45751e1f
-
Filesize
688B
MD5f3337062d0b5d43a33a9265dc2c93f5c
SHA10b2cd38ecaa5be2534b370f9270920cdd4283e04
SHA256c525f69e453361010bb6ba7bb157d594cd3ae34c00fcba6172e1d97c647e1abd
SHA5123161b9bbbf62e35c85fe6f298e7eb0ff67c09ff03c2dfd2f0de930236e9a55884346dc28b91bd3981408a22c30563d2cd398e6f20bae36f1ce85357b59c5eb4c
-
Filesize
9KB
MD56c3bf5355cb8a44684ab38b6174965c5
SHA1a202f2db05e529ddfe2ae929aaa1e38c24d99611
SHA256e2406bd57b440ef1869b33209d5c6a3918e97181c994adafc3db05f35328c9a8
SHA5128a6ad1fcfbe678da8de90a09c316aa6cdfd1b3b8e69dcd7ff93fbe248cada5ac87672d8ab3e25c96ed0de7791eefb057f02a0d3e2bb4bc783be9cb684a844c31
-
Filesize
10KB
MD585828003c01eee7f532dc192dc5d1657
SHA15a43a59cc67753ab46f98dbea982c05ab0fe26c7
SHA2562d5f13464e99fff91862751a1a3806b19bd18f3069687308e68461bd0e0d71b1
SHA512149e741c05498102c306dc587e8de43e9842e0830b1401c0e157d51bc8f296856d9f293ae1352a7aaf96a30d0cc8030feca5b669b16025ba637d2d61e6865e51
-
Filesize
9KB
MD57e0324174a14263d5e7d22caf2306d0d
SHA172701f74f0824dbcc21654534235eaa3f245df4f
SHA25699534b174f5328560c9d901420417c2fd1df3e2934237ef75bae88732724064b
SHA512c51949ea0d37cf0888fcfba870981d009f1555058bfdb05be217038cd1dd94eaa8a055895471504ecdeec1773d203b210644e0b46ab23b400996a1054ffb13b4
-
Filesize
9KB
MD5ef9130e71e0431b32443a6f3a0004e3d
SHA1ce10a69b78c2e3e7795826027180389394f413d0
SHA25680ec3af296c7ed7ea82b72d578a4dec9a124b7928af1a039cc45b1b94df773c4
SHA5120723b0eca482175a23327fc15e086ba23ea52460b494bf1fef16b744d14bc2e9289058f6f27e118ec30243b309e922c5cc7fc8551a844c1201a90abb18c140fe
-
Filesize
9KB
MD5b1340a607edc898d690d34d9967e4aca
SHA107d0e5677cc9e99d9ef0acf5ce4eaf5f8401ef06
SHA25614737a54a985137b663eb1fd9711e919d215e0533b543879b8282fec50364f7e
SHA51242dc478d2060bc14df8738c106369d82aa5e589fb7183327530f0160a02d913aa058729ded32187dd15b587d8e6297dac8ff04965a75d7351539974cd62296e3
-
Filesize
9KB
MD582a45f5edbeeda94c08d7e2917e847d7
SHA1445c41ac705a87e48a1c84a5679529ca22f2fb1b
SHA256bb29b7130947e64613507cee5c9fe3ef772a966fd0c4f7c71ad1181887833ea4
SHA51232f2ccb4fbf48fad48ab9fa7f68ee5df4552f7e5bf8e751a59cb578edb65dec0d1caa64bcaa9382f928819dfef634827b1ccfabe0f2bec86a41bc45104851ba2
-
Filesize
9KB
MD5329a4aaa9f34f1760f3442ce2643f87c
SHA14167863549f13b6103dccae09dd7b4112b3f2f65
SHA2568bffa54ffe71e59f4e85ada26ccfb037d1dded6f9ce28c39b9a8459a401a0c76
SHA512536cbb5f2ae4ac021e6709f41c22681bd04f2d8598e08e919733245bd1b832251a74d93fdb6e12dd7b6229e3f055fdfeb92d9dc1ac783515ed696542102109bf
-
Filesize
9KB
MD5c02d299e9ee6ea0035a5ba30b11cea65
SHA170e031e67dfe5047ba14880beb90860135c81bbb
SHA256e65f40e40ea3838e88c40d12c6e3e6628d6a1806ffb54b61856e6a9e35c69927
SHA51217efc7eead9d8e1437d8562e10732cf3b68d7d4d1380b5cce2139e711e536344af0bffbb4751910d5dcae2b30a9474811286949017e71861aeb3dd0a7b4e30e1
-
Filesize
9KB
MD5815e73342083e78827c8ec8af2d18c2d
SHA1c798956efafa252aac65149d396d635af34d8520
SHA2564f53504164ba4e6cd1c89e437c67d2c0d5ac45194c3ca09a932eacb4f2e945ca
SHA5128b5e09c957c4b6fc9fbb1387d9f1538348c516c6c0f8f6916f33021a9f7a8083da5eea2d544dee3e1cafd162ef68a11e653566f5d6c7d6689a6f77252f96aade
-
Filesize
9KB
MD526628c9b5e49aeed93272d126c55afd2
SHA107c73b0927e277d977f414d0ca7be01afc51c654
SHA2562354ca56412bd4a5c82fe02df88725db96a7aa72614a290e698438c166a74f88
SHA512b335d9b06bff27e6039072c6f578153b5f5550ce67cdf52eeaedb281149a03d72690217be2243942e607650be9e98f7622d1206938a3cf1d801d5e1cc3add18a
-
Filesize
9KB
MD5077ccbf65bef0309fc3fcff8b742fe4c
SHA1f8b155ce195dcde86fa1751d1e99af1e9a6dbfcb
SHA25617722903d16dad819e821f4ef3b583471eb193bc7cdf5bbc44165dcb3f4eea01
SHA5120c8d825b8a9d841d9f1ebb7a414e777c6bc3ab3051b3778e20b2ee622912d2a7c1f8cc46fb7b197049df4797e8b26b049371a210f82a5e6b2bed48121ba85bec
-
Filesize
9KB
MD5aaae5a1ccb81a1a24bb5c81613e0adac
SHA113e94ffe07f09f7f886ce430b96ec0562174b335
SHA25607c7ea212e230f7ca402d781f60b19b51112746ac984dbebc50791e710a92e9e
SHA512f50013245aa486d67ce70af332bacfb2089d94c00702305dcc01a8912f08d4c7e339a5c7f8f23ac36c40635d9f14013e077fa8a8845540f40dc1a086da794276
-
Filesize
9KB
MD5454e9b8b31102161f1d41298ab1ca9ed
SHA1b33c5fb95be00b3837117886b3c39a671a54aaaf
SHA256605e57d515c607dd1f3bc12ed28214468f4e7add0b923edcf2f869a60c42b5f8
SHA5124d8469b8f98347e2e1f2d2cb52cf778c0fe49325ad6e92924e0b714136d3ef9ade32d7223e1baab1a0ea495953c7b7b1768c0dd4dc7d36d7cb64ea01b1190c3f
-
Filesize
10KB
MD5fad4c350fa98096f67701a6075fc2b98
SHA179d90eca1f34d9c843b75d14e956872cdd621878
SHA2560dd3fd653181a235b46ef5a49deb15a82738b666366b7a37920cdda7b27e7c2f
SHA5124dae56b6bf94a23511878b746ec8c251e8f7b3a89f5c13110a574b7f810a442a01dba3eab331416ad9a62612ffd795957bbb6774bad24a6b338a46a52ea592e6
-
Filesize
9KB
MD5651e6747dff07edcf2340c87bcc5d6b3
SHA164a21634b9f86aba853c263f1e3ef26276d8f62a
SHA2567cbdefac8423ae2e4a48e336fff44cc12a9b9cfb7d9ebd4f0a88f1980292f584
SHA5121aa00972ff441038898e6daea9da76e54c1af5e9d4c05b19f1e7824c61a1c3942dafce9e9f0d3380d9c299d2507821c5a84bfe8cadb96a9175314f53c5e91137
-
Filesize
9KB
MD53dfe248d3123e46c86bc83e4af9e51fe
SHA14c602751dba3e5bf2e85f7363825e3affda24a2d
SHA25681fe6127666a87a16f4bb2cab359719e1e5cdf798907b5d33ef838c23dd2d957
SHA5125b8f3162a34af047f679a38865536c8d749f80f3457d80b2af752d0d16a6853986d246942a0e5fdfef7be03ba88e4c662a5839fb37b025644470cc6c25eeb628
-
Filesize
9KB
MD56d402d9c0dd134b9fad755be1f6504e1
SHA1195c97ba5c548d9b6819860fd93b26f867d7c248
SHA25631e636d0d3b7dfd63c2910aa3c21591999cbdb49fd1fa844a61e24d74aa3284b
SHA512071e432fd5eb9ad8320e43b8f27457d998828d32491ff538a95be427361d9066efdd4384bcb660714388ee29ddf302e70db5c7efdc52a0aec04bdc000cad6e7b
-
Filesize
15KB
MD53a9545b9c2e782c937a7751e83d0f89e
SHA1a54f9521e3286226467af3ea5729025175809b35
SHA25646cced4fc235f4803b89733f4691b1bb1a7915c912ce8ea6cc282e4edfce44c6
SHA512738186a89230062dc2090f5f9d9d37a5be03c1652d019d67aba6a34b1229d5aef1ce7e4f69156ec6e4da657b07f97299dd38c9d512867f1ed723529cf87568b6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5594ca146ae1724a7006046caa350c782
SHA1ea91edba664c7e71ceec515236cc4e9b3ea425f7
SHA256165b34d183df3ffabf8317343a5d3041a2d0768bf82f3f1864ca03f63420f4da
SHA512cbe46fc2203427e39b21d8cebe08f948883f38fedca9cc7037a719eecb6024988a00465fd2294dc4f9ff5ef33afc43e65f10cfea86487fae5dfd42161c534c6a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e71fd79d-565f-42b5-91f5-d8d209f2a398.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
231KB
MD56167aa41cf34c2d65180b4b887fbf359
SHA1c78cc8b71655ac2c1ddc2aa8de2b8130f72616cd
SHA256f75ab52c324d7480ba164a44c33853901489f09c62fa2d17f53285101c511dc8
SHA51223248870ec2d9d227982302184354436545dbe8920cd336f409a718643db351f070d5ef1d3bb1dd07f997c4fee7b0a0e70e41c62afdd1f098905517fd933e98c
-
Filesize
231KB
MD5e5a2045199ffa2bf7dda3561fcb348f1
SHA107bdef3ec78de7a0dba9c2f04208d281a24df832
SHA256a4943d14f7a826744fb2748d53f7a5300e23a7dfe44db765f77a52810867d79a
SHA512e825bf6b3844aaf3a7e75abba990ee9bcb4a6f23a8270ee9f305a7187ecc810c8266218619321f09fa463e72d5890849ffc9197279c784d519669ad183427e75
-
Filesize
119KB
MD57f613a33b2ea0d7e6e0d9e9c3ef6b70a
SHA16f7f619af058bd5da2e2d039f24dd8e939118963
SHA2564f7c46f13cbfe7724eda5ee9441d3e7323ce72b715a7196ca06d8e97c821f765
SHA5122f8ea37e6681af40a7162eca36a94b7a8c03fe8411c572f513854f2532323943a522660af90d0ba65e982580ec209cfcae1beee9ec2ff6deefa3b0c3cbc45453
-
Filesize
230KB
MD5ba66f487ad490b40421b3bbbfd12c8a7
SHA14f9d9d3c1df4f6b66506d87baf0e509e0e12190b
SHA2565aa38661b3483621e443ecc357cd6f96bdc6a082c0144d2e3bc2bb57fd9fbcb0
SHA512ec42cfd43511810e82ec7d4ac1bab8d1230fb2b8a06eb8949cedea1c350c961a405f07b01fe22d718c4e2f41ebd2fb04dbf5ac5ed85bcdd155ab86a5476207d9
-
Filesize
264KB
MD573cd212c3ff82d63ada5f32958f47acc
SHA15358e6394dc2cf552580b97395d0389c6cd6797f
SHA256a98120aed795d867808fb02af057d00b4acd6817183cf9b46b3040abf93736b2
SHA5127e2436a39d349230750f0be414ff418ec2be1ecc0a5f204fa116b2e2b2e09e13b7104bd7b7dc45c86bca77b6cec68adb2e41ff5768d172aba6f27bb124cb702c
-
Filesize
226B
MD54ae344179932dc8e2c6fe2079f9753ef
SHA160eacc624412b1f34809780769e3b212f138ea9c
SHA2563063de3898a9b34e19f8cf0beeec2b8bd6bd05896b52abd73f4703d07b8a7cd4
SHA512fadfe2b83f1af8fdc50430325f69d6172d2c1e889ca3800b3b83e5535d5970c32e9a176b48563275a0630d56c96d9f88df148fd6b2d281f0fc58129e5f4dba19
-
Filesize
152B
MD51fc959921446fa3ab5813f75ca4d0235
SHA10aeef3ba7ba2aa1f725fca09432d384b06995e2a
SHA2561b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c
SHA512899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06
-
Filesize
152B
MD5e9a2c784e6d797d91d4b8612e14d51bd
SHA125e2b07c396ee82e4404af09424f747fc05f04c2
SHA25618ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6
SHA512fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1
-
Filesize
5KB
MD559e046b224fc0343091960db5f80ca33
SHA1c03ebd4364d6dc607721ed8e0032e02d38a8d126
SHA256dcc256589221dc972d7422b0a125ae430d02b303335192eaa8f1e9317680013b
SHA5120730f700a9b8d3e4aa3959245c56fb36fa45944398d365e751e70c7f8f0a6fbfff34978c92174f0d6097918c15318a20f9ee119c77ac64574f52d91955179cb4
-
Filesize
5KB
MD535bf760a8589217dc0359773c97f33c3
SHA10cba090d48a9c898964778b5b76a7ee8f3852aeb
SHA2566566b9a8193ec0c83d9edce4da55b43f4d221354eb84e889f9ffd65943f362ed
SHA51274ac74e3327170d297925ede29ef24e6bd6c9a2d13d24ea38c94133c6878d0634ce442406ef3a4f62920cfe968ed7ab3cad08c242700ab31d60e991d97c74c13
-
Filesize
8KB
MD5c881207b560cf235f37289a759f00153
SHA1f08b65ae145f8ab9fa1b75e553ef0ee4b337a11e
SHA256f25d9a94d412574a5dc541e5c769ad68d38e2667f089833db922d150198b885c
SHA5123637efe9d191647d12f37835c696defb33677033bff6b675703e42cf932ccfb7a2bd25af40624b9df7210df3348a76acda666e4a63256c4c6d9c16c266bfb767
-
Filesize
11KB
MD585a1713476688a65a2ad03968566111e
SHA1f8ea8b086e3c8046251d868fa9c347f77ec082fa
SHA2560ae664f7be94e15ca61777d9714da0ad000927a2b808de0200d0bfa3da7f69be
SHA512bab84aa84c2cfa0c7a9f5876070f13057ac16ca316ab8f932231f345c3bcb2334e2dfeb47b5c5e6b334f00b716a20ff28bed1aec8451a56466810164cff6014d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\maevrvll.default-release\activity-stream.discovery_stream.json
Filesize18KB
MD520770050cc672b39cb5c5d02e021787b
SHA1b0da7bcf65fbe0fbc463225fd4ae2ab2837323e8
SHA256ef92794035ee6323a1f3c0023b1dd61de836897153c3c0b6f22aa63aca07a507
SHA512979a8c3822031836a11d7767040382142f1d4e60826900d88dd0497f7165fcd991c33e309eff30d95ada613912e14a2f22103c36c1f17fe60190a077d1f7680e
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c640c352-bd48-445c-9711-b9b8df5b26dc.down_data
Filesize555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize9KB
MD5f704cb963f605beed28fdc82da43a4a0
SHA1ee4bbdcdfe18a46a0d527990987230b5c610588b
SHA256719e87b58195f646a127d6965cec19b55325a6904e2ab8e3e4da79f8fdb592c6
SHA5123aae886bc95f6cc40da060f84591697d05e5aee60ae3553b6c3bf8810da26ec2da1f7f32ef7106674c2d9709fe36e1e0ea88cb4fd5a3e96826a0788d6815882c
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize9KB
MD5cfee32e173dfe3a606ad45f7716a2b91
SHA11d04d8fa92251c4d41af907d1f0443151bba78f6
SHA256d086c2f871ead971ab0b68d4d7c09ca846fc9413c70ec083b52c95f2f1bfd711
SHA512b0b53f0cb7e3a18310dad45fa8d0f56d6b81980de33687e01de4ffe1c5421725ee1e0eb4baafa8386cd8234b66921efaf0e88d2158128417cf97738ef1278e2e
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
132KB
MD5da75bb05d10acc967eecaac040d3d733
SHA195c08e067df713af8992db113f7e9aec84f17181
SHA25633ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA51256533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\AlternateServices.bin
Filesize6KB
MD51bf5d5a79aa895096efa8584fc77f4cb
SHA19a54f861ebcfdcbeef178b231a31994145e39690
SHA256953a2b6b9e448e885b12d318734b11e0b356bcd99e28747f70751244f0d74a99
SHA51253bff3d954a41c77d9151a1e617d20e0c42b14208fedc06b90a15920ab2cd061c4389c83daff1c1773802c3fe54f154063e9983baa3a434df220ead450b058be
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5810caddef8cc6082c4888b159cce59e3
SHA180a39e71bca856e4af94fb590f0d5e139cd2be62
SHA2566db884004a3831c577d090525587578cd0cd0f118aad7bbe4a48b4c7d3941d0b
SHA51221f48386919329547be71680210ac0587856414aaa65c428ef138684bfc1e4d7f4c0e96a6c549123fd5149353ae24125280f194b82e0c51d6668eb66d69b493b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5e16b777b770961354f086bf66c657504
SHA10201df164d97cb575d6e64c072689afe5abedff7
SHA2561b0983cea9fefff7189594358ab302aea3003852d19cb39434744bb0d3546abf
SHA51297f7cc9d57af394f822ec76b0e2ebe341cf9bebb064123a8820bada75c692b52b3d52b32858be5aad1ee793504c95f5f4c410492a6f576ab0ad08d6f2bae36f5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\14f914fc-cad8-4d1a-9236-1dfcb7c7e916
Filesize25KB
MD5a0fcbef3664af43e6090c84285e0097c
SHA10d65b0598ad9916a62e03f46d2054c65aa7bab61
SHA256c8d3610b537a2f1ab9cafb200e49c354ef58655227f24b73072392c0d55212e9
SHA51219457429359530a0bea9532f438a9359b7519e2acf06d27d6a88d861f8d21311e7e38d5750f1f0298d69eab815cc93f18bc593eae8dfb81e1ce0b227a3ee6bec
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\b4453c42-697f-4fec-b550-c11eaf1882a8
Filesize671B
MD504bf695abada2ff65fe3e5ccb525364d
SHA153e7ed210ab34404315a9bdebb57f9468b60d143
SHA256c6b0b338600f4f06c43d62eb5021defb243126b90c6dbfe5fe0f38e8e148d706
SHA512a4bb6ebd4d6d6ab5ebeb0adcc377f12b954b73b3e3b0a88fe3f2667e9b003e2267ae5fdb70ef55a357f1a1e119c111b936cd530361b2733eccf172cfa1987e74
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\maevrvll.default-release\datareporting\glean\pending_pings\ccdacbcc-13e1-49e6-a17f-130e46f97431
Filesize982B
MD5f7532ec63677aaad028766b6704d8365
SHA17bb1e141458bfb34dd0241ab3f3a82354483a826
SHA256690e2b23800fbd426a18a9c58451f505851db8eb012ebb83b45d008a55120950
SHA512128bee4d4f4d746aa933f4add2dc7db51aa637601e12b913e323d280a72c17b91fb7ae2db64d6a80fad794d94da1915a7afe598b7014a656af5b0c89975e7fab
-
Filesize
10KB
MD565ea20a2066f51431c97733c334c993d
SHA1a2a1600ea52516ea2c9c31043ceab2b12828c688
SHA256cdfc1072ef951a4f407bb7d2b51ac30b2aba75db4118105bb96fece86446a4ab
SHA512e8ac181995df3b3388c1292ee8f753432f392b58899d2cc780d5b46679123a4a351d4e6f5510921e0af44e768b9f658f46c601b83a83b59da4abd3d538d48205
-
Filesize
10KB
MD58b09cbba8cc5e5a2742c6c4d8efab9b4
SHA10085a2d99c328b4d502f61f6e4d2d3bcbd934085
SHA256e2940439427f9ef1c3338b61a9c20a808bda5605f5b905fa4713b14d9780e4f9
SHA5124687acf4da513246b729e08b66d71bdbcabe38d1c7e741d16f807ad831bd8c1b17028e978f1950018ec97d76d169b94574607c17974f6002cb43be1ae495d094
-
Filesize
23KB
MD59cbcaed1a71dca5fa2fcb5fe41e0d083
SHA1699923b980e8b8677ab29137dec889cb4c7a87da
SHA2564a99edc4912bb72864cf424c67b500187079ffb5bee14d6851800ebff9a56808
SHA512bab13f8992a4c692412e0e15567693df36d02e6bf986bbadf9c4ff5b285b57853c6a9eafc3250cd1bdf33977428ddfa6c783080d1430e5593a181add28f19f2f
-
Filesize
756B
MD567606bfed808c04f792bd19fad4eeae8
SHA100e05e9ecb7b31bcf8866ac1f83701a4b5f505bf
SHA256dbf910115c815042fb18d17c20b7312847ad1b805d0ae568370903d0d05105c6
SHA51239eb9dbc22b4a9a645051a3e43df3534f0ddf6b9b5476fb3af8a197ff89f8bc176fa42b5394897ade81363222e8a646795b8afb03013949dce10f85d153fa51b
-
Filesize
1.1MB
MD5fd02bc7ce3b6a675ebb648d5d69fc36e
SHA19448d21cc4b9be82bd4fc376976e7cfb4f0cad8f
SHA2567275bb38ab56e30bf0625ed5ba5a64589ad08ffacd0e65778e7c8713a5a974f2
SHA5120ba5a71b694382b0bf73f7b955371eb354b25e5f87b4561a6b400766ae373b875dc16cf760b8a4d35d7cbd6dab82c4b05e371fd9a46e7cc733bc3fbea898243d
-
Filesize
21KB
MD5219c615b141d860be13a00912e4f8995
SHA1683d42622e4381f38345791f6be46713134664b2
SHA2568a6bd6d1ed88f58c53559dc7da2e6403e6788baba642ba6ddaec97f7aed3846f
SHA5123be1cf0851a27665e9b1b3acab750f3e0bcc45fe21ef26af71d1bce9c62be73abc94b519bdd5748f3f72f4abf26c6d30b2dbbb3384a9ef329f2a9f93c6099e1e
-
Filesize
766KB
MD50a6808114eba4e0b5a965973cb67ec52
SHA182b8fdb6dd3049efce9603c2fe4a3a77d7057e5b
SHA256dec149df2623bde968e6d3cc44d000c68bd881eca16e9396817c9ae546a5d31b
SHA5127937b646a9280e05eac99ea1ec1273ba0675e5a7f8e907565ea93a9bcf1ba14d4fbc68f75092dce363f1293143bd1ec855c1b8fc69f7f27419c75e990480b1e8
-
Filesize
1.2MB
MD54c245f09418a918216008175ae7f9880
SHA16fa8fc6ac3bd64c43cfa5e91b0a6f92446179f65
SHA2569d3c2d18eb82872e2f98362221b73278548a451dd2b015a87c782a3aa56f6b59
SHA51214814362f72d4831ef657b402223123bee8b2116e0b024053782746d95873ff54d46b74371ef5fe9335ce814b67561b1cc864e2b9d549539bd84d195ceccc6df
-
Filesize
1.9MB
MD517ee2b16a6b98dacf8e9af517c7cec7c
SHA1bd1c782a5cf8c670a229aeb51ab3be8bb2db4ad2
SHA256c9c72e1aadb33b05634977d25fd2b4e213fb16dee7c21143ab785c0289f5dc67
SHA51272c0de51c51b8ce81e8c942c7f3d01602e8d9225e852b1d2ccf883cd49e71bff5027be63eabc4c516a1ae4d5f85edaeeede3e1f750e0e29dd42aacae556ac3a3
-
Filesize
1.0MB
MD5f6a01ed6542b257b58a66b47ea5a0250
SHA108fd277589b5edd529fe791c90058426d49e7865
SHA256345498c1b33d69dc92e71dd2260975fe1658bfe64949465653d16e5de0f224cb
SHA512e2716da918bcbe6aa1d83a65d49a9fcf6c8647911991ced8aef2f7041db458e4e429480e3fc448520370a518de839911aa72ddc919f6c146ae9c8ebe2e00c0a8
-
Filesize
1.1MB
MD58ff2caae02422cb96f0dc113e13d9572
SHA1b31139828a97db8edad79e50394dab9f0fb6c3e3
SHA256a3692532a0324b9321dbcfe286cfa2b70da1006403554b37cab20b410e32deb4
SHA5128a451bc184174b1345067e8f07ace649e4307cccccb864ee9a0d2a4e456b5c02dc892e0421e806c8e640285985c8b2eefe23161a30b31dfd710c81bda96a329d
-
Filesize
1002KB
MD5bbc1c8067ec505f71655b53308f7a991
SHA1e92b1017a3553d821ce5beac086c64d3ab5c5a32
SHA256da242953ea675ccd29e8fa2b2ddbe8907865fc90dda5bae1319f1adc4b93f4ad
SHA512c53d3f7ce292e17b725a497f0af1a31ec6c30cbbaa4d0e87f52fccd91bf6efee1c61e929830e1f41d4881a3221bf0342e1147297fdf9d8d254b069aa71549ccd
-
Filesize
3KB
MD5e5dee78de188f004251052fbfd134935
SHA1d306c313717abbd27e4e804d7265d6956727d815
SHA256eaeea1e22f148ea348766ed5e270d103e5256e752e49bea5e1b796f9230184a0
SHA5129fcb92211a6e108bd97b7e613623e90927f0fb1de3a57ae2f8c3ecdec17dfe5529dad8bec906a43294a7cc49454f18d2f9fa278c64087a870fb0365b5dbb4fb9
-
Filesize
1.3MB
MD515f5b0673c881efcae3eab82b8c3b9c2
SHA11bfdb2d1e6c6e21240011f3074b41d5f843a2af3
SHA2569a52a8568a9ecf776dfa804b1257dfff415765640b8e88ceb0a274c13c9bc28f
SHA512a1ae0c53e8df2061e5b6c64747a3c3f3d746ba9f1c50a9cdfcfdb0f74738f4fd4e4347da2cbd83ac25c57721e76fed98888f065bde85b08cca2c198ebd77c7c9
-
Filesize
845KB
MD5bde3248899bd2680683d3185010b79fc
SHA16d66b6dc681eaf346ce575dcd3c6560996990ca8
SHA256257c8b80a62b7d09320be4892c594f954a18f2ed9fddc67c762742459b83ecca
SHA512547fcf0a3422cfc83f305efa13a975d56a43f962af61ed3440414278da99d270f70af5681def3565c7a3a85f44f8436798f2b574f3f241505a93e2583168e9ae
-
Filesize
924KB
MD5ec76cf2da99ab8de53c70092e153c98d
SHA17271a84f6b7ef11f11eb554d8f7cf6e018f7a42f
SHA256ca8c5153e3acb9a3437631b3ec8ce2d6b4e02c45c8909a3c6c4069f1df90da4d
SHA51268407a05a95e505cd11872cae1d13b40b121fc1b28d00d6778537044d64d049c74099e3f7dc7070e00af0bd64ec042b002ba47547667e05318501bf7cce78246
-
Filesize
18KB
MD525f010384f8bc049e34e8f23bdd5532e
SHA17124fd216a4f3071136d9848dc6a2e6dfc3b707c
SHA2561460cf557e0a27b5935f7c76cf9ef459f102a4092a8d662d0f5730547bc4c0b2
SHA512674b96cc7a6092c5820f32bb25d927430ec71e73a5f5ee12fa3346a8bec6044a88687dea5d3fb4807d1284b725a538733b9c73ac9ebf342544caae9f4f5e872c
-
Filesize
806KB
MD57a0e2e33b47ca38abbc488a4bf5eda3a
SHA1ae72c39b210fa73b8ac6dc3e52db5d6804a9b349
SHA2560c0e0481c13e1fb3067fb96abe61537ba2845fff1174ef08b121a0133521e6b8
SHA512053de5f025658c55667a432d33af1ad63b0d9c16588f397577c698d6f093d3e7387c7e4d39b7405175fd5e445275abf7159349fa61f92c45c198f5bce48a6157
-
Filesize
1.2MB
MD53792c3bc550da3eb82baa3716f1bdd32
SHA126aacf2f87c78c1a0eddc5fba881e112a6d4705f
SHA256dff20cb4af69ae71b9607a51708c7156869dd554e01cb09d5f2064cd85988a87
SHA512578c268df74e63e8b2bc7cea5fc2d47940f9b23be85c613055eabf01aa6fe7211eab8660b795399a2e16fb726d2635df8073d1a921c9d435d0db5a1c037575ee
-
Filesize
584B
MD5ad56a099973f8973ea9a76456f15978d
SHA18afb6696f4180c69928a490a622aa5fc4add1c18
SHA2562faf66a126ce147275c6640acbf1130516ee0b6f7e6b283ba7f35425945dd261
SHA51276648824403d7dacf266acaf3408463e71059fa9fbf9c311b0c3f00954b9da870e3b7b893cb5ccc9dfcd9af8a95110a27aed2aaeaf8b61252cafebe64b536b4d
-
Filesize
24KB
MD5262e41d789aa62bb59d7d584ebfd8536
SHA1b96bd1c646d885ece22b3d860fdcf1765c5094ad
SHA256bcbdb7b5e7e2356baed5ba5776dbff46605277621a15eea9d3ca45ad302cbddd
SHA512b528429ea007cc234bf82a0477756471fa36d5bb88341ea9344443cd7ceda7a4f43737776edeb4fe7a18e4967adde9b839e82324a9e94481d222ee98e0be2a6e
-
Filesize
15KB
MD508b70986cc33cd5aff40737fc826817f
SHA1550915f05bdc55fd6df8714c86600f2b2be9b9d9
SHA256a722a5c588f3622a6ab2a8e24494e3abccb1c035857ce2ca540bc3f38f256b3f
SHA5122e5038091d939a4f34f00d847b407a04d8577db65d49dc531295fc1fa410e946bfa61cbece0141cf3a3fcba50bfa0d9b54dc0239669686c3656eaa4820a62a9f
-
Filesize
756B
MD5122736ee51c0184a9565a4d8a668de53
SHA19bc9bc666905d54c0bc812f25339d2043b58596e
SHA256ef34cba9b02e032016e82bf0af1f622a0a23f6555996f541e5395b99e451564a
SHA512f19c994b54bc2c45b2e9d7fd0efef816fc38acbb22805d501f895fdb2811a0bf9ee11399a47d925ca0d1e2d6e7bc6c7d76820994addcb8ea45fbb188e4c220ce
-
Filesize
1KB
MD5691dabf88ce8bf585b6554d8f0ff880e
SHA1543414f88078a7a5520593e24119253f2b7fc95c
SHA256c58ae5db59068e59c319fd721a3d0d9174fdca70ad1e37859970dfabc0de49b2
SHA5120017de1d0780f6f33d8ea630ef2ca1bdc6b8836cea78647cd640f0e0dbc84108cae2e2b46ea03c14fe0bec48010fc1b437c1019f99d63ad60dc99108dfe58f8f
-
Filesize
156B
MD52cfab073d01bb678e128a7de0af877a2
SHA1d655324f8d4cb6bcd0396e0fd6e9bdb886b128ea
SHA2568aabb60ce305c2ea927e131d79346d5660f144f69043a617f961e71c6316dc76
SHA512d2f58fb60ad6b49b56bc372f0e99bb4a7f7876d028133283a0d355933dba94d12065a71001f37995adf2b28d099ffc290ec36861338bcae09355adf60627e6bd
-
Filesize
218KB
MD597f3854d27d9f5d8f9b15818237894d5
SHA1e608608d59708ef58102a3938d9117fa864942d9
SHA256fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2
SHA51225d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696
-
Filesize
1KB
MD54ba2079482d40fae3acde63643a12016
SHA123836a11e28f0d39a8e5c870904d04001b1470e4
SHA2565e37e6ed7b3e44fad1674588e0df6e0661774d3807527363af69c79530a0b844
SHA5127a0274c01f587fb811fb981191c6a2e713e178bf3c3d2827e49e27b6216f2b5395642d9213e562b7b99d1a3907a48038801cc5a82987078d58110f4e4aefefe0
-
Filesize
159B
MD59266176748e957fbe15adddacd68c068
SHA1d814495f6ca68459bcb95299c04785ccec7e762f
SHA2562717fd5f0ae4ab37c25badc7e529ddd56592ce66b5366528719c209cb3d5c0af
SHA5124816a3b78a7b159b6667037f8c7ce84fdec1d44d22cbf6626c64458fc0ebb5282d5a3706996fd65072263796aa119def22a04df2536694636011e2c005563922
-
Filesize
884B
MD5b06e274d4ca7ff20438d6aa21134d197
SHA15f0aa4595d29eb105b7afafadf671dc909daae4f
SHA2561ac68c568fd8efc6818e5d2b0941bb8a0c52ea5eeec06f6d718eb62b3e5a79ba
SHA512c839b2eada242aa0aee1f80df7352c2b7c62df6ea8b6a8066bff02d12ba427e57d8aa5a0158cb374f59ea866f289f6bfbdfaff0635d61810843690245397418f
-
Filesize
1KB
MD5c524f83498f49f20db904ac7046f4780
SHA14c4e6fb3f2d6a4cc65e2201e94d825609f9939d5
SHA256d1afa2598c71b7c9a034475df0091e9d83721558f8bfa9f802783d7e0d3ed2d0
SHA5128d3363fbfced1ea333c43ac14fa8cc9cf22a7d5e7b5457f971b2042ef411a1c3398406d8b0bcceb3643b21bdde358b6b9457c2df116820acadbee0be691e182f
-
Filesize
884B
MD5db3cd3d877fd4b2a77caad67f5c526db
SHA1f74dfe54a6d331825c6f8b8451e1dd7363e36f2a
SHA2562d5451c05b21c84408a07fe5070f490836f663ec4004378089d16a675e7ae9ee
SHA512beb2c14bcf3bb18fe06fe4940591629492b0744b81d7398f45f4faee4d4eac8e1d311c521f48e441123bad944a72ce885f9f0e62b548994f80e631b0a7ffadb1
-
Filesize
392B
MD592de74bd68b500bde509f1902085ec64
SHA16798390ea6322ffdf0f4083ec791ae7a115d7a05
SHA25664d332a534c6ad468f39d7d04fa1833996b4de154b2e14618245b49aad65e925
SHA5125f648d6e3c950eca66655b466b81ffeaf626d639ad99678934e5bd75e677ab76ca83b3846e5b0755936b95fc9d67620b99f7e689c4d34fc1cbfc8c52257d967b