hxxps://drive[.]google[.]com/uc?id=1X9Uosg7pwmElYQDmori1rm3imKSUZXhN&export=zoomdes009

Analysis

max time kernel
855s
max time network
850s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-11-2024 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?id=1X9Uosg7pwmElYQDmori1rm3imKSUZXhN&export=zoomdes009

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
10	drive.google.com
5	drive.google.com
9	drive.google.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754016259102275"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e80922b16d365937a46956b92703aca08af0000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c0031000000000066592faa110050524f4752417e310000740009000400efbec552596166592faa2e0000003f0000000000010000000000000000004a0000000000d7d91001500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "2"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "4"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	NOTEPAD.EXE

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\ZOOM-ENVIOS_003254.HTML:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6020	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3108	OpenWith.exe
6020	NOTEPAD.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1072	firefox.exe
Token: SeDebugPrivilege	1072	firefox.exe
Token: SeDebugPrivilege	1072	firefox.exe
Token: SeDebugPrivilege	1072	firefox.exe
Token: SeDebugPrivilege	1072	firefox.exe
Token: SeDebugPrivilege	1072	firefox.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
1072	firefox.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
3108	OpenWith.exe
1964	MiniSearchHost.exe
6020	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 2800 wrote to memory of 1072	2800	firefox.exe	80
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 1064	1072	firefox.exe	81
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82
PID 1072 wrote to memory of 4944	1072	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/uc?id=1X9Uosg7pwmElYQDmori1rm3imKSUZXhN&export=zoomdes009"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/uc?id=1X9Uosg7pwmElYQDmori1rm3imKSUZXhN&export=zoomdes009
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1640 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f88183f-a7bc-4557-a0d3-a063210cda4d} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" gpu
    3⤵
    PID:1064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50c99ba9-f47e-4a39-ab63-4002b90298d6} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" socket
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3108 -prefMapHandle 3148 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0050725-605d-4b3d-9f81-688142a8b1c7} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" tab
    3⤵
    PID:936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c347ed8-82e5-406b-9aa4-f5efaa950594} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" tab
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4788 -prefMapHandle 2720 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1737ec0f-8fde-4cc9-8cae-86d4802bc1a5} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" utility
    3⤵
    - Checks processor information in registry
    PID:852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f932b0d6-61d2-4350-913f-2fc21c467b5f} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" tab
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 4 -isForBrowser -prefsHandle 5600 -prefMapHandle 5608 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97271646-990b-4c23-8757-a54237c25a1e} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" tab
    3⤵
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5652 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7638d6d-4764-42f6-9f6e-53a67683e0fa} 1072 "\\.\pipe\gecko-crash-server-pipe.1072" tab
    3⤵
    PID:2320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3108

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5172

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GroupConvertTo.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb8668cc40,0x7ffb8668cc4c,0x7ffb8668cc58
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3096,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5396,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:2
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5180,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5700,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5648,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4764,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3444,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5764,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5972,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3288,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6104,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5028,i,10417898791115785242,8784423730973025368,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2204

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1d700f974529294eaec0a82a161ee8c0

SHA1
802e35a95ad9e175cc16fce68ec3a93d5a5f66c0

SHA256
109476bde9b30ef359243266eeba7ce80c61b01f29727a90aded44fae5ed20aa

SHA512
a6fc3e34f1b06e7aa52e2b1c3eac61b3c6f7b4ed4d774e34f53e43c2441aeeb3611969626e17ee29e4cd8944777f2c40950575a68db20b1431f939fe6cb98b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
196KB

MD5
f018726763609ee5984be4e236d6e07b

SHA1
9129692a2691ffc60b337d6c246355bf0295823b

SHA256
a42926bea1dfcda2105670c57f638a4421a34cddafb6a85ca7c55cfef17fb784

SHA512
05e1e127dd64c09f5bfab03ad06ecbe214688e752c354b3bc9ba48bbeccb24a97dd04d1b3f9cf521afcd3204f80217c35c72bd7b6c1b58a9a36dfb82b5a2f986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
38KB

MD5
edc180a54f9fbe21e1d7fe7cc094ed3f

SHA1
aa129dd5686bb8c9a33146fdc063797441168ed2

SHA256
3cebb38ee135bd5cb576bb99dc89a311a86ac3345552ed350920c9a6cf0f6d6e

SHA512
50f05c20e0858971ead973eb7f955ada31defc8ec89aa21bd9577019489bc97a5e2ae827c1e3582d16387ec930a300f89a5fd4d6476d9faa5d580bb8fa0ffe95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
361666f0f07da7ec4f20c03afa111f46

SHA1
f756bd93a344d9a0e34af86fbe06acccebcd2f18

SHA256
0b16ea777d59064d7e20028b2c7f736e0c9879e9cc585ed48a94b7c275a9473b

SHA512
902b7df38422f8142799cd5cb8a56f9108e392988e0d410979ebb7cb94c3d6bef1415f0de664b89e2c04411c8b6e5ae9faa4df93d95cc23a891aa1a7c2cd8843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
67KB

MD5
958e72d173944595320c1377b3015e44

SHA1
ba650126f7d4e739dd399fe8e2ab9939df2e359d

SHA256
0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b

SHA512
684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
48KB

MD5
60653467e99814697323b5066d0daf13

SHA1
89eb41b3de9e66272f0e00cfb434d04d71a1065a

SHA256
c3cc319487131f68da7e8bdca0d9a0ff4a548506b248a9c13c9bf81ab83b5433

SHA512
2a6ac7f5bb5b499eccc70d508905214c7963c4a70b6a927ee6b69d3e0cf82cdf45a0e4c97fe1297d2c2e42d9bbee26352843855136c4454a0c32330046b049ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e634a824b1269b5f_0

Filesize
3KB

MD5
a378e5f6a97aebf278af73b570537544

SHA1
ce27273f778c59d308200b8f8091069b5d94d7ff

SHA256
b09ba318479316bf9ab45f0a48f773c2666bcb2de5ebfa9f84fd2720aeb5c8e3

SHA512
05c346a2e66f2d3096a02e6e97b6137d68983210ceff8842309437e9ead59eb12806e123d86d1f3764bf47c5c6c3b5f2b89db34d2654b061232e94bd9d2d175a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bb9a3840d532934adbe30e4ca4868cfb

SHA1
bf29fcf445ecd62da30e372288b5483f12f58594

SHA256
4593a926ce4081ec2f0079d6f5a137795c92f3c77965b0f69279d4e7bd47b2a8

SHA512
6e794c3fe017283f4e02a0c00a67310a4374c853827da41182473c5de6928f3bb5cabd61d9d68154e314af1f55520ad1b580e873f039deb62fd1be5706a08220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
06d6ff9fc31cb19a3b91a336a19d1982

SHA1
618a3bafdecff30ea7d3d5d1d1ddf98203b1f0b1

SHA256
ce285a39e2c68ca2ac872937f4e7a2ffab14bf94b28b7b2fdbd2dab1ce468f95

SHA512
13306bf1f2d11af8431804b290285d4c3dd3accacb37d4fa6830bcdad332ca2e991c16469bf27fe0e37ece67024703280300ac3ac5a3af07784fded966a4619d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d498543ad085e5edc86fb3e407f2cf91

SHA1
8709706996d8398db17800eb29e0d2d43d8d7ff9

SHA256
28f3ff24bab70a2ca2a35aaa4672a788a2b49387fd1aaced1530dd17861e3d9c

SHA512
bbffd6d9dad7489a23ea479e0b56054484ddbc194853460eb4b2ca024e8a0b3653b6314d5a920cefad4596c324ab6fd956dc01af6d134fba4d778635b3d13d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fe5e26feb1ffdf078ac9491a644f6494

SHA1
332180347c5759c3b310d97b7a6d5eb6d4ad0deb

SHA256
8b47cafd3081cd84bc14bb8d86aa1dc5cdbb6f8e76d6c90b6ac941842fce37dd

SHA512
c9c66a051da5a5271e4a0d94fe50b1453b9739bbaef7a0d006aac92868f99b9537706832a4b11bd76dd10786e0eadd61a52ddc20cf88901d4afd935885d16933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ae9d580d316c95e9d02e51a41862104a

SHA1
f853e0c38af1f2b6376c25680ddcb1d17bd087e8

SHA256
c6bc5728598e87cf890016154b3e9c3175c35754f84464376f7d12252773ef8c

SHA512
34764c0960c842a0656153fe0a85a0a8e8583a23d5feb2ac77961e9ba67705f67c5c3b9e92ef7d73dc48a5a8bb3d472a1505354b771595ab8a6eea079fd86893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
bcd922056dbdfd2775dd7954cc4014b1

SHA1
ab18accdf596690e217f0c53397839e65af89d58

SHA256
9466766e4ffe18b3f9b0b8f299405d5fcd6a8e7180550e69b3bc500c3d6239cb

SHA512
699cc6c97af2bdd120654a8be015ed1339d7d31135198eab2546fd66c0192aade032f3f104607b2b47e2030e58936368a7c7b2efcb5b66c251931bb053d7bc62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
75799a11cc969822425fb375ed7914f2

SHA1
29cc3490330f684f0bfadba9c73a2f958fc5112a

SHA256
dee277388c64b5c97d76fd132e703de362c95e00ca20d44126c28f7f6a6381c9

SHA512
02b1334a716ba6b978ebfb3ec7b502a16f10d7b6088b14e4521cb313f9341f4d88d759bce8f164e9e752f7d093fcec31d86b7e11670d647a9ca6f9456cdf1ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_archive.org_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
98ad9cf1bf75ae000c86c39a99552f51

SHA1
e8464d3dda2fc27241f206f771ef12686bbb5fbf

SHA256
92b7e3a27fd672ca53b0095daae00c56875b85ad83b41516b4878c4ebf820570

SHA512
3a42e18bf5bd53b172802ec2843013da1afaf217b3fe3a138527ff795b6e0eb7acee3f342c74a1cd6880417ef4f03f98e00cfc4cd126252893ab378344840a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
bd5b3abbfea71ac042cf7f3caa4afdb3

SHA1
530d3450134ba2ee27f28d64462dd5b73377e1dc

SHA256
37406b6b4ffe4ba140dda971cc730094199ea8557148adbf102e6f3961ac1133

SHA512
6665b1ffe01ceebece660f9e611c6ac9d9b685e10d83e72b2fc9be98c5bbb1c900edc9bdabf4a9b43f51f855ff37e48cbff6e8388f48fdf8a7e38fe23451a398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0d9d3131f0b258c73d07507e2febb91d

SHA1
af243cc029c777bb41bdfbd8ff4868d8983ff8ef

SHA256
12cb5497ecdf2bd60aa573b15acc27a42724ef2cdd13b099f1584066dfbda590

SHA512
43bf304f7bcddcbcf0d4e148b059461d427edf55d532054b192a15ed885bc88c151a451d266eb0dead70693e8531cd96e0c04141ce8c5ab097eb33dc829f2b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4a352086047c4db9e913f6f90ca7e671

SHA1
20a7dcf7e15ac55c46dc67c9104f6d33d8f72185

SHA256
29c4b9d63f476b64b221da108fafd5f6c6b8dc2b69e493a757f3de34114e64cf

SHA512
f72d892afb9a11779af43f030a56ad8793967088de1e65547b4e5abf145a8214144a81a7ed62ea8c998e040f86840d7855239e0fb108d1180f92ae20576dce7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c1be3c84c7beda87763307f8d86e2ccf

SHA1
3601e6eed87cf62bb0a586c5c817323b14c5e7bb

SHA256
a1e3326410bc8955566356a42c2e3492260e722c9b2d9aeaeb275b5b8542888f

SHA512
3e7323f0f68c7e05061e003a124c271a34a44d869b3f16577c7c8893923053202f8c3954d842bfc9d2e5901f0cdaa16b4ed987d0b5b9227cef2e777bf2ffae5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
cc01b1d81d3c815984ffd9a2336d8f44

SHA1
244f5f8296cf74692baa8c1209d8095bd11a0f40

SHA256
4cb10f5190e52810fa2df156fd94cc5490629d4c265271b9a38b51ab428cd220

SHA512
cbbd9f490e06824c48be4b96dd1a6184082a821c4c6a0fcf918996bc903356af1392e2710b0c92eb18a8ff6ec86648324c40e668e6a54b5433bc331c80dce3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
936bc7d057b89696b012b9a67b70dcd0

SHA1
349c8b85021cc79c6464075967e6260e6097f1cc

SHA256
68707c0562f068300509b357eaa0051358c33c5ad7bfcc2b36a1e75eb1241fa3

SHA512
0b9393305f92ee88fd933b7e9de1841dab53fe18388b41f6aa9978812ff049ba8246d43146a1e10d0cad2aee45df91fbdfcee1acb4e0c03389868471aee74637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
ce9d54c5690adf0cd6e7fc5b3f55d182

SHA1
e7414b9935ed51700c8ec6d977efa09e06989cbf

SHA256
0b48956670ddc1f314c74f1285aa3bff89e95acf69584b653b6e1b9261a8b82d

SHA512
7e0fe4c251a0d13803f7d9747510b6bc9c9175f8a5c93fc837d9e907238e4e68af093364a0c35f54c5435a861813d392b333ef21200d77fdfd74f3e8515836a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
f4e7f0430a1940e9846c5a9b8a55f42a

SHA1
09bdd806fe7de9a98a763be6a7f35212cfe1f26e

SHA256
ebe41672b34f0962c5cf200fef5d073678ef82bb4292f28768bd8702d98c5058

SHA512
82a1117f7b0793ce55e1033ed8b72baa96af1fc12dac83e950510a6bac657280b46cb5ed6572b9e406eca05836f0ff2b0e840e8f16ec032498eb1ba7327ec9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
86fdf0d9aa31d7d00c738005846574a8

SHA1
c1bb86b31e53575973de6bc3015ba06589963556

SHA256
3190ecc2253ca033a4b5b7d5538bcdda44c514be82a143589196e9cee2802a12

SHA512
f5875e8afc63eec1e33a8a3b1889baf336ec3aac797b4b3e46640f1317e531e9e3868d34788dbcd5e5aff517527ca51df103aa017f266213502b48579cb872cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
d1a8abbd41dc2ca7e25fd0003f1a8f08

SHA1
c6cc3aa6f14d495247b335103d784816c14e43ca

SHA256
9733a0a0878a27d54fbe335dec11ae0a15c60a1f5d2553b49645492b6e8d39d8

SHA512
8f7b0c6da0bc37cd607b041dbc9ec12be21772cb560019da13464a33413e83bcc202d495f69de5bc10c9f432349f2f443dd91a4a902516eef39961f20b226d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
5155f0ea607a5d074354c26c3f4124e5

SHA1
2a69fb87200c09e2fd9e5b55520900649a02b787

SHA256
de162834e12b1c4ab184acc365af8111f125709f22cc386941ba3c980c5f42b3

SHA512
cd955965c6956a626c48426be6ff6124fda1efe2c9a5fd8fc4bc932a5b387216fc45f79bc3618ec1a6ca1e19c2e2c71dd938b16f6bbf1c01ac2a157859c21b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
bf4fecce00a72c845570e9353e0010f8

SHA1
237aa6ee02d4b012e57c7cf59ca67ae242655af6

SHA256
4b11f771c506644335428b9919df01bd5ea41fa67f71e1175efc1ca51a5c4491

SHA512
e919736191087757cdf9143a84462209919575d725fa8e05ee2ed3fa24e307c4e71de067f973ff9c4f9a987be8ed8259ffe5cbbd80482632c39b3e59b9a839a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
5c210e597d592b03f7672c26a44694ba

SHA1
4d0ea3ebd7bea4f5b1cd88a2cfa40c51272fc176

SHA256
7b7aa44bf2cd5eb3ec544cb8eae78153b3ade310dcfa523d45bdb39b5244774c

SHA512
cbcb9e43a09c333f1a77bea74d9c1952892f788ed4425c3708b790071416abc009d162367b69559b33bbe91e5141e2c59ea3db8de291fdea6d8916c81428f56d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
5f8450cf097e661dce1df5256552bb56

SHA1
d4233350a713f6da2024cd7fcd56ca443e152dff

SHA256
1e33e0b8c4ebc28356890e013cb48505241dd265b111a72bb935b12a54213c3f

SHA512
4532f1a60aef93e0c692bff7f1de7af1bcc1978a74c0f067743210d14a455ed9e77c1cf99cb9d82f14fbe0e286c93cbba8ca23af277ed53cef318809ae568921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
dd19facbff98471c430f92f0b6449c57

SHA1
d87124e2554bc063a965ffc05142090103b3d017

SHA256
cfab7627bae6d7d2d813189efc879180d5cba6f9a4b1a8c05032fe5c89fbb0df

SHA512
10033009f0527b569d031f08394318cfab5c1a76a86237b020df4b15753f27e4eda7a29a4ed70bb78d686bfe6295bb58443f678c1960ca7a2449e7ebb1ba7c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
39ab2564a113ad1700be3a1d9a1b9960

SHA1
441781d13f6550b3eebb361ef42160721810742b

SHA256
14bf5500b80eb778dcabbff4e44b0e51a350f816c25ef58bde6f68c96fecc379

SHA512
d6952844ffdedbc8a3190c2921cde71bec25096f329b3f7afaa970219850c5b642a7c8b3165ee9cdbbe14c6be38a3a42f543e433911693ff31ad43ad391e6063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
49938c8b1479a48cc9e318470d5277e7

SHA1
16aab688216022a62d8677455cc129495c179600

SHA256
a75c7b543788e270f2612c65265ca19cd09bd05110dccb29322b3e5244036367

SHA512
bb0a6f9874d863e2dea1d3b66911b78ef9c4d797f6c9edc965ea5523a04240bb01561536b508a3714cd0aff9ea8e1535b44c129c0084fc2e0067131b25cf2474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
829403669d8a1c0a74d6d966595e4e30

SHA1
52dea7a1afca99149d8571fd2930c8dee700fd5e

SHA256
8209ec86106942fb15ceccd1a7149233a6b009cea22107eda84871816ba7b81a

SHA512
cecaf06b3477dc343cd5c04bfa6841e04b2f8f54148585c58ec70daaec0ee5f705668019307a0eef6b26b84dd119bf598d36ab4d2717cf05137bfc2e611b057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4f257453cccdd6cd775e7b2682fc22c9

SHA1
724e0c3142ecbcd281142a43545cf5c2e219acfc

SHA256
98307d681fee281ec049dfc5ace5604ed7496ef72b3b196ab3fff48d332d48cf

SHA512
4809eedc50c03d5a52dcdad8c8246c8e479665e5a618af0390b15a6b988806a5230e5ae1dc7d918d8cb7c6d4265642a2b4c04a72df1947cf8cf793ed9a098823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6ef725ce620565f3a5b0d36bc41e3502

SHA1
3196d202e09ae8dffb75dbc04f411750e28ab949

SHA256
d84ee9d520e8a7fec11d151d08b98b54ec578c2fd939b4b00cafa6470bd75d0c

SHA512
00d14304342cfc5608d598afcfa35ff2d594c5f414e6117d474597145980de88305196e2de564b4efaf4f21a883cae469ab3ba57b3e0adbfd707276019dd519f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c6d772590b2a84350d250d20ce304eb4

SHA1
493519653fdf46f48cddbf0215aa5b5faa0d8e73

SHA256
495f44b3ba78c270b8a3fc726d85fae60e56a7c5f1e14c9d70f28e554520f654

SHA512
4c8a3f91375427e0ef1b3852359ff340546b1159cff3deadf0570bcea616f8c46d9d8c85e1a3f3a42239b6357b7fb8dd7bb128a8b52fb9afa4c8d449af18703a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3c835bb9d0164899bfc3a383718f6eb3

SHA1
5646296f40df7c0a3e134783209233560a5c1b35

SHA256
e7a6dee011266cc758ec429ce4361c961799bb73b54cc921272ceb8d5696beaa

SHA512
5a5b559faebd9b7eb0c011d7e2d71f3ccb0ccf8e85f7d4dc9d78eb7b85723c08804e0c23679cfd77e3eec8b5bc1389451eb2082c066f869619810cb1669a872a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
49fcf7322274f4e9f768f3eefcc54954

SHA1
71f0d566f1123b0d1255600ab676eb61b8054e11

SHA256
98721d8cb6bd942d3b163eeca4b745b6930ecc74ae8a2e9aae707b9a7bba070a

SHA512
fa901c9331a991466b3a4b08f12d9afbe1d69ad5656f203a601e0b27aefcd8b1c35e6e2c58509d1e8aa10b25ac93b090c5d123be539150c8d2dcbe0ca1cc363c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f5bb76aa9b48d7f19adfba03cbd3a89d

SHA1
12ae2a744aaf6b513d222901aec9ef7255c7cd14

SHA256
7c21005158f9acd8be091b355c4b64dff0ce4ae54e1e5b113e912640cb68052c

SHA512
0632fe90038561f462b5be1549cba6eef0f1306fc5dd20021a20fe114dfe3a3cfa75f71056829fb1d52a39e4d788f31ddbed5f5b85019ba798483aedd3a20871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5fab985400e6b5f183ae2952d8fc5a24

SHA1
8e0dac147e9106798ce1af1c2b7fbb87a2ae49ac

SHA256
ae0804ec6dddcbd60da83d1c2a0859864a3bcc38e8ed1a774b3059ce6afa35bb

SHA512
9ac216abdbc84466392b6b0f571ba7e7d04253b072a097ee7de20fbefbbd76246b933a5f8d53e3c262271c384a4cf898d9b2a4aa25c37d6a5b3e0a5ac88e9d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
cc4099b6780ce88b43b5f9b9f58653aa

SHA1
74aeeee74ad321d5c9269dcb8c66a11b7ccd6ee9

SHA256
afeaf4718fa8eb66a341e9ad1c2bcbb37ae0fb3e3c4a14b16451ba073b38b098

SHA512
f160333fe99ceb385edbf234558f2a6a4f2c6b3fa9b024327c7da3375ef9d6d6431d6f2e7507065b22eb4115a8fd6bf900b59c8b6bf1cc30f27f911bf10ce92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
9b33aef327b9f6d42ab6844d7007afc3

SHA1
768cc9fe49e27b6b4ac614c1b10eb41e9b1ef213

SHA256
016bd6409d689855a2525723442de9d9130daa92450efd4a9af805df603f3e4a

SHA512
db8ccadcf15a0b6993455c23366b5fcdd9d311209db8c9a6dd28f4851351997b123e159bd3f8656f77a60d025d56ceb85c73c86da1e4b0f858f055ab49435989

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
e34b8cf4330f9dd98d06c3b7fa7827f5

SHA1
1e40cf37a0c38e5f3ec4dab4e9dbc38530425a46

SHA256
a0c639db2d62782d41fe0cf2975be6fa7fb9584e97a18e934eddd90cd1e4afff

SHA512
ecb4419eb733ecca251d3b066b9d207aacf35bc3994ed10c1695570f02f3999d4111bb1861dbe235cc2373f0cdb529f5a105c90e9f6b830380b4177b083af5bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
ff5aa938e947b4277dde7adc2438e78b

SHA1
d6a0b32e809670dca2f7c68c15b4c13d9bd8ecb9

SHA256
c7bbb1bc2bd0ffc533b7050f33c41a76670030744d3cf978562ad35c77c01c97

SHA512
c9283afe869a7bc4221945319b37ca6343a052946ab89524be37da73888a64e4efae35a4d8cc6b483dad233ce2d210f1fbcc8b838ed9d100d6ecd2369143e811

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\e5d9768c-03c7-4c39-a619-7927a98b11fe.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5280_871157484\4b287b17-d0e0-4bed-ab8e-55a2fc482d43.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5280_871157484\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DUAUCH4MJYQ1KZEOXSYD.temp

Filesize
7KB

MD5
f4bdff276dbad683b708da10f56d40ef

SHA1
ef169aa551abbec8b72569db65781e855769db90

SHA256
0d5eedd2e164f99b9b339aeac7ec459fcc507c9e23ad0396ed49483b90cb5ed3

SHA512
e9baddce13eb42f3defb01e482f5872e47a1a95aed70f57ce0f7d331775e474d35bbb61b1a928cbbb9738a86b63307e95b1b07458c210fc8b7645b13e1fde1fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
6KB

MD5
fd9580ad389fb466c0cef65757d0c49e

SHA1
ea777391f3aeb586433a6b3da217828dde07a786

SHA256
95e427d93e599a00ec3ad005d4c0eb9d0eedda9011093d9d7d43baed354d3b32

SHA512
1083d2ecbb045bcf929e7e6bbdb661cd2bec2cfb31cf694af5a8e994a003d2e9789252bf1ad54a40736f10a25f23a816116a4b434f44ab655b6b60438f6a1797

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
7KB

MD5
176c7a264d41f2bb80901315d7ba4837

SHA1
f26c4f76196b79ae25e12ac76e3d29ab1a5bbf56

SHA256
ef273adef73c42b1ecf483b3204bd639b1070c9e4788f2cf4c9d91c510f09713

SHA512
cf523edf75653add3857e931cf62b3d9bec1ab38a0addcdb60db74cd605d43a58551084f350384b7342d90ad2934d32c66e8c628771a2cd0de65b3aed9c27f1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
11KB

MD5
f8b36aaeb21f2a92b32c38bfa83667a1

SHA1
f6ae7a9c33ea8b34f9ae891c8f983e9a14b7ea42

SHA256
387fc19c09686a24bacaaba637b1480bddb2d440fdee078a04a036a128021ac5

SHA512
ae1610c3811a47f4e85ce7964adf76e6db9b062a5c50c1083fb6e1277b8b441fc68ac641d8eef3ce177ea39cf2ebd0c2aa33a9845321e701fa533dcfe1fed25f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
a45019c9a45e75db4a2f3b26572b365f

SHA1
2e64d5a9fcd305715b065c8ec6f2e92bae75b699

SHA256
d7f1d05d6326a40397974d8b94c24247b2c903b37d1c67e416723658ae045dd4

SHA512
42075726e3a1477e1f9bbaa1c1c766b62ccb66be79ea0ba0ded25695ba4f64bcfdc7bde8de9ecdf01ae9dd6aef80e229981fb5b9efaceaf5f4fd74ffd8d9b94c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
26KB

MD5
44b662e6bcf90a11ace1253d23cc0ce0

SHA1
7d13083c84ab0195b55dbf839e750dd96859362b

SHA256
935c8a0ad4205270ef4e2bee7f5cf91f002cef6125d29d5c71bf2272d3161179

SHA512
d8c5b5b9f1d53229b61354975d57ca55fcae076b06ccc81df83cb25d94a7e70f12f8115d6b9bcb58a7cedd8099f12c6e960f265584a5d56d1ded0db44bee0b54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6eae7d1f51dcbf7934176c60e3996c45

SHA1
cf2f4e4e05565f678955bbce759264940b588867

SHA256
d0a495cc52e37186f05250676acf6cbd2af00149800d7f00365c00fa18b73d4a

SHA512
a5152433e7f28d0a400a4f5680e3ea0ca33b1376bfa6f0598b266b5eebafa624d087369de7b88e0e18212755243e39203294078b8636413f9a181bb4113ab0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1120f06b62b08d9d433720b5f97a21cf

SHA1
d5e90551d5b8059c5793ea31e3e6ca3c3859e6ad

SHA256
ff9d6ea068b740c4f864bde6ee4f5c74b981e763e29c46f046a3429fa47275be

SHA512
0a590d35d36b5df661245191134777c6e49d57191d95522073c194e550b55ee86a84622dde1ac767801ae98211f821c80459c7541bf3cf315683398db667cbfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fcdaa375c71eab0d97b4d3f9db74d358

SHA1
dd46ade3d8a29e64f077e104dc1b2c49020d5cd7

SHA256
4665dd1ba5c6c99820c911ae41873b2f3c2223b5d01b02222748da6b1e8f0ce7

SHA512
743922ab2418ea22f1abec5fb287dcaff930de8e94565cb54fef9b3acdd8bc8880dd0b6fd81b7b6c03a9eacdbb41903154acf426ac4fbe4fb9d5fbc0ef5c057b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
13d92451457cc18d7c4ffd968777ce13

SHA1
90edac6e004a51f148900f28b2da7c10d0ddcfe3

SHA256
32d0fd8653a4997659951b156a90275f2af45fb8faada170d5ff323a6ef89317

SHA512
b9df9ed02e7238711177671aaba409ec51ac0a767a314621dd719df5d978b195fe090e5c195a5afd9a5d4876c4d42b9fde60afde7f7cd94f6e4f7c658eb675ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
476caeaa0f19c611b8e2c1574cbbc969

SHA1
ee11d765d7a53f2319ace41d8d35d394fd3edd6c

SHA256
22bbd19f5879255a33678745f6bc43a9c12d8de57ac80e94253a96535e8c865f

SHA512
3baaab748c642ef5c4008a8e97d0d6ee24243934c74fe34e88217d7a5ac6da8fed38711bc840824e6239cf042cd189ec64882117390131c8ce9ec67dd9a00747

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\04f8a52f-e324-49bf-a602-1e0e6da2d9fd

Filesize
671B

MD5
c324737416183ad2e32cf9fcb746a8ea

SHA1
dc065f909bd8856be8e7051f279a890ba6fb2270

SHA256
571bf76873208a3ad01647c8e3f5f9c4c0c68e3971157241cb1f4825d5f3069a

SHA512
e03bcf2d9e34c9a0b75489a8438e1ea5deb02d65ee76753ea84294c3096806724bd54f1445739698503767e66eb26d132f6cfe917d341118cec866dfef4fac87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\33d7c45d-cf8a-4e6b-bdfd-39d3ebe5d3e1

Filesize
982B

MD5
c358f85aceb2011f79d12d10deeab12c

SHA1
76ed7cecb00d075f9fb9c82e5051b6c058c51f0f

SHA256
f6932464b69fb662cbbe7ce3ed887e9fca98496d8bb67396ab0bb2dc981fe55b

SHA512
d6c38ea9d3b5f9ac1e3af724ac59c1ee71316b6af79cb7d7c1511c9d948cf0e7149c3d0305e418998b339911015a31938c70c294fc8cb79b6a5ea93a20e3c137

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\760e966a-04ca-41ec-bdb8-3d6de96a50e0

Filesize
27KB

MD5
a5bbaee9b0e453a306482a178bcbbc57

SHA1
4d7f613454899e2615e67c242d812f6e4aaf3f17

SHA256
0b48103aa596a2df21027434f12e2f215c4337c1496d4277b90f24cfe0babf77

SHA512
0fa9f3424375aecb92df51e75fa84adaf4e84d7669aaab1736817e741c27ed94601299e0dfbfaca21acdb701cd6903770159b4bb5abf23b4770eb684b02e5111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
11KB

MD5
9f396f28f3fe19ddc756564aacd1327d

SHA1
6f92a8d50bd9394d6f43cb17cf028451eb822f43

SHA256
36b47858a89949f9bae82be9dd76316e9c2325d985ffc2f0015dc95e3598fa5d

SHA512
7e71c50c37fa1a963bbaef44b0f250e0474789b7b676ae447513a594b109534b8d6d21548f6f9cb1e804c3d458de8c6f2f05da7deb1f47a428589ca4f1fb220d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
10KB

MD5
cdbb081210ac5677041c4ea935a1b102

SHA1
4ae3e16a5e28dadc11b16f5f5bfce2a1662f9de4

SHA256
53531e01325f4ba9770b4fb253d1bdb4b16793e939f4cc5a5420b33c1f27370a

SHA512
04821fb8fd83a799dbba62a4e45be42b9e942a83339f2939997f62867cca0f02a47c5515a7e1a1ce27c6a6767d1fba0110db9196dfb153637294b33e24e8132b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
54d855208dcd10e4c67906cb3ab7342d

SHA1
dc1317b310cf7e749a1aa4ef7821ccf27647e6ca

SHA256
a8dfc3c750c1b1644ca33b878fe24d8b0e747e8153977530f2845832b16d151c

SHA512
44a808722762581eec11394f7486c40ff411758edc2600e9c7ec3e4aae57dd77ec18568ffde9a1f65c0ce6803a15fa9c5b2d2ed568d741033c36313ae1dff00e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
502d605f5e40f464d644211fa1ca7a42

SHA1
9fdfd358aa4b7be3921d295a9315d3df6e76b00c

SHA256
d3d4a31f84abbde1d5eae9c9bdb7aa05fbd2e18a57d8c387eff78819e1f565a9

SHA512
3aa185b2197f84a61ea39785d954e59f58e1a3aed7e9e7a726e7376dedd0b67d59a166014b20b0ad81844218756369b3dda00023cc68d82c75a169c2ee033cd2

Download Submit
C:\Users\Admin\Downloads\UJE49EO0.html.part

Filesize
1KB

MD5
28c865311355dc63234f2c3205650fde

SHA1
5b9c33241e1830fe10eb9be0b6f9cf5a6e9b6a22

SHA256
f8ef3b7821f88cb952f6958c204461e928a71bd33e8ebbd38f32f67b6ea1f7b7

SHA512
e895592b09162a14399f063dacf948aeb764b02468857d7f0507544f5618acb9753f765b948a7eadd6e10eb196da9ecf6c1a026aff706e14ed0b2092a6676e7e

Download Submit