Overview

overview

10

Static

static

09133f9779...le.exe

windows7_x64

10

09133f9779...le.exe

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    26-07-2021 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample.exe

  • Size

    3.7MB

  • MD5

    d659325ea3491708820a2beffe9362b8

  • SHA1

    6e7f725401c33332beb2383a6802a7e4b2db30a9

  • SHA256

    09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138

  • SHA512

    958f4a72530703131be2f25dc906ab7fc8ee174e9cbd13f9c976af7e986593b56a768e0413e6a85d06f2bdc057ac7d9617f6c25cbf8f13cc2f8348bcf441eeb5

Score
10/10
persistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Public\Desktop\Decrypt-Your-Files.txt

Ransom Note
-------------------------------------------- | What happened to your files? -------------------------------------------- We breached your corporate network and encrypted the data on your computers. The encrypted data includes documents, databases, photos and more - all were encrypted using a military grade encryption algorithms (AES-256 and RSA-2048). You cannot access those files right now. But dont worry! You can still get those files back and be up and running again in no time. --------------------------------------------- | How to contact us to get your files back? --------------------------------------------- The only way to restore your files is by purchasing a decryption tool loaded with a private key we created specifically for your network. Once run on an effected computer, the tool will decrypt all encrypted files - and you can resume day-to-day operations, preferably with better cyber security in mind. If you are interested in purchasing the decryption tool contact us at alfredmir@protonmail.com ------------------------------------------------------- | How can you be certain we have the decryption tool? ------------------------------------------------------- In your mail to us attach up to 3 non critical files (up to 3MB, no databases or spreadsheets). We will send them back to you decrypted. ------------------------------------------------------- | What happens if you dont contact us within 48 hours or refuse payment? ------------------------------------------------------- We publish sensitve databases and documents we collected from your network. -------------------------------------------------------
Emails

alfredmir@protonmail.com

Signatures

  • Modifies Installed Components in the registry 2 TTPs
    persistence
  • Modifies extensions of user files 12 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 24 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies data under HKEY_USERS 4 IoCs
  • Modifies registry class 62 IoCs
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\09133f97793186542546f439e518554a5bb17117689c83bc3978cc532ae2f138.sample.exe"
    1⤵
    • Modifies extensions of user files
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3016
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2976
  • \??\c:\windows\system32\taskhostw.exe
    taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
    1⤵
      PID:184
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3036 -s 5364
      1⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3960
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3856
      • C:\Windows\system32\WerFault.exe
        C:\Windows\system32\WerFault.exe -u -p 3856 -s 7452
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3488
    • C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
      "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:2504
    • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
      1⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1240
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3480 -s 1396
      1⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3424
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
      • Enumerates connected drives
      • Checks SCSI registry key(s)
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3604
    • C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
      "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3196
    • C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
      1⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4080
    • C:\Windows\System32\RuntimeBroker.exe
      C:\Windows\System32\RuntimeBroker.exe -Embedding
      1⤵
        PID:3904
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k netsvcs -s BITS
        1⤵
        • Drops file in Windows directory
        • Modifies data under HKEY_USERS
        PID:4048

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Registry Run Keys / Startup Folder

      1
      T1060

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Credentials in Files

      1
      T1081

      Discovery

      Query Registry

      3
      T1012

      Peripheral Device Discovery

      2
      T1120

      System Information Discovery

      3
      T1082

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Microsoft\User Account Pictures\user.png
        MD5

        03087ba0d20610989292a460533fb3ec

        SHA1

        567bf6709315dc50c7e78e943c8b03ebd20c79d0

        SHA256

        96cbe1458012bb3d0fc604a76a8a8c1e0efdaac0c238db57ebeadf9444ed1372

        SHA512

        2683c807c0daf6ad1ccda2231025d43c15e07c68b1722a950137c90c2793b08212390951822340523d28b3c0f15a6918b3e145840a6eccc6139c007084a50ad9

        Download Submit
      • C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
        MD5

        1358973680c0d65b3449b095aef05e53

        SHA1

        13556b4a0313a047b2e6166d222dca20846b2b80

        SHA256

        7908ba5deca903eaa277e79c05db64f108d41928e44cc5f4eb9f300eeb9e2f7b

        SHA512

        9ef5562550014ec7743a46c3a79dc7832e1cfc619d17de381d0974c3ae9dfc7e1e36ea8de26bfa161d046cc1768bb561979e3310e23b70eb639fdf6e6590fa0d

        Download Submit
      • C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
        MD5

        6706caf5ce7db7e637ae6680e0fe5a53

        SHA1

        c2b82187d48a231a439df5b7ef260fb6828eecfd

        SHA256

        ae685a8fcb7ac161299a12721a4b57224096804c033b1261d1e63d4ff3dd0437

        SHA512

        e6ebcfdce465de62bf429cc0e2b989308b13ddd9f78f9a0cfd471024f07b73ed70533c0cf40750749c84cc7d89276db8b3579a83276c2960a83b832e15bb07d1

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat
        MD5

        9960d1b86aeb3e38e5a17340085e9846

        SHA1

        08901219a7b5b3b0d63b3899523a2a0cc74138df

        SHA256

        eb61aeb1e4646ac30edc53a9e67d6f3d11d703dcb52b5f83fa15d9495e2dfc28

        SHA512

        72a90b8ea41d3eef086c9bcd16d05722e6b58c9607c8fc13aff8ab473437fac4695531806abc662d0d48f430c7e74d69d94c8138fc6b0ec5ac0fb389eff992fc

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
        MD5

        4b8dfd8b3cfe0b873c5d4815d37ba83d

        SHA1

        0b38839b5c9d913210c27332767d0c48240f4e58

        SHA256

        68495cef5a61651a0185c27b9f884cd02c0a1e191ed7f1a40b209561b941fdd6

        SHA512

        930b2dd64d1e5f6542bdf59875b051ae21bfa9a57347ea276872601d6e8a12291ad28fa0e0b2d08c103f12d8e232bef17e93042bdf55cb139dca88e3bb3714c1

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\cversions.3.db
        MD5

        7f02be2552d721de04961a4bb01f93f7

        SHA1

        4a01d713baad8f246ccfeda52d632e30db0cf0cc

        SHA256

        b2eea3b1f26cef545f7d9ece3af964c9ac0aab4764b3c888957603658f4d8267

        SHA512

        50c95b83dc40a6c621bff7f2f78e43358cf75546398f0d00ad091612ef3695dcb44d30d4039ac2c0c9c916e3ce046c685008f4631f6864f6808f50b3df1e955c

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.3.ver0x0000000000000001.db
        MD5

        141d3bee6923f94c504ecac278a81526

        SHA1

        012d4ab1e9083ea62cb29a47de951892da25ecb1

        SHA256

        e4590e14d8edff8a31f2727c666a09a27f8bc5f991145a83e9036913def090ac

        SHA512

        b77a313a45f48761fcb0552b4f27264db530693d3865cafd9a9a53d1fac758fd59505ac10a06ea7e39af95b2107f32778ccd8fd76a2d2a3419e4cf1a470dd0b8

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db
        MD5

        da82cfb2a9ef53af8967d30e7df323e9

        SHA1

        1170847f49826d2a21356ff9cea3ab1107691879

        SHA256

        e29b0c397670e18d0e2f49e5cf48688cbe76facfa82ed8be495e7d57c855bf01

        SHA512

        8f5d36807d5751c46e88b30f480e373525d84f6ff458abff1a9c5d183999b0a20e061a9c819c552297a8d5e21e54b47367f6093560abd389a406cec1102f0fb7

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
        MD5

        e058128ac9691c26efeb79a3178c444a

        SHA1

        8507e95541350d2c0b969f55f72ebb7c57e4d5ac

        SHA256

        22023096bb421d7694dc896596d3918188322a2caf31dc0f4601c14f8f505cd5

        SHA512

        b24c7120ce6e29f921aa6fac6987d62a4f8dd81e1045267e3edd063e78d3b96e54931d02f032af540ccad89e3d7b77712fd081cc49eb9cdebccd4cd738cf1909

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db
        MD5

        61761f90902c450f36d257a6314dffd2

        SHA1

        ba1274979107aa6f5669ecf4c783a69bba23e015

        SHA256

        98583b5be2718253e4380fef291e9c5f1d4b8686db27e3f6c0b8df88a7c0c251

        SHA512

        daf095178eb0d7d03f4016b00d65d13d99c6c101f2a2c8fcd2d09199fa09952cad3671ebc8fdfd2c6aac40b54262ae5277e3df5b47fc2a999ee99eea24e644e2

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db
        MD5

        d8217227491932d5a5034b40217a8025

        SHA1

        cb81e40c6aa149af2b3e01a2318814f5448217cf

        SHA256

        118dc060309a4c0aed8830684498e7270997bc473202957fb7123dbf854f21f3

        SHA512

        0ce5fafc271434b34c51abd749d81d847ca95de215f039aa8cee16d33e7843871e749652ea509e96581fb9b1e4227ea8794d002454d77b523371a39161f82a4a

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db
        MD5

        7416d16d986ed1a5806c04806b439462

        SHA1

        f249e2a7084d9efb53284c2a8fb4699bca3e5c07

        SHA256

        00db7f98e5803cde6c299f0f2f3f3a3bfd3793af3e704854cb20759d83c1b6c6

        SHA512

        4197c197cbc11938acc7378e4103a7b77191a5ea4aa71304367172244e910981dfbe205f2a9244ef71dbb9950f6f736fb2afae38ead2d43ac589eb9276f47151

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
        MD5

        0754fbe01fb3e90a79d9d61c32b7e440

        SHA1

        a6b432f20632cd07d13278c7fc5a4781f1157bab

        SHA256

        01e60a246aa5ad2fae7c6cb3b8f8b8a59fb5473254d68a421c022637d6d40b97

        SHA512

        a48bcabb123fa277eb89f116fe4fb5998f3df7874faf6093754720082f6a2dad4ee92c752d11f7773063a8e611bf7ad985ecb3427d8fa2f0ba2ea173dcf53527

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db
        MD5

        8ec7a49126ab974643ab833c51a6789e

        SHA1

        aa2b4cc7f58bf797a331ceea15be90c21db94874

        SHA256

        4e84b191304b8ffb1b76dd8dd88bc4199beb0e322b3a0815581ba36c30f1acae

        SHA512

        2f291efded3c414b792f4966883920934933167c8f624382491cc5efe89ed94a06c9f875473caf7f4e3b0ad34a7b42466bb574a134beba65280b6c873bcff384

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db
        MD5

        035e1af459400be07c01951a4917afd4

        SHA1

        3ce8ef25b828f95b48721b91caa024a4de0ec180

        SHA256

        3f789d546d1248a232b3ed0044d19967a57c48eb253adb45beced478d7bd094f

        SHA512

        395cc99f2a8c0c3d87d85e42281905ab0271172f87dab0100f14305447bb93bbbfc04271e1c5e2390787c339c088cfe388f1e21f4c7ef4ad9b43269dff04b822

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db
        MD5

        b0a1760f2d62e201a6cd703df0217937

        SHA1

        bbcd0b905bc17996a8c6d5368db40528db5a87e8

        SHA256

        913b51c8b6bd8fc7d18d4e00f626b2392980f5c2d1116a31db65c1e89a7f00d8

        SHA512

        8a0f81114dcd567f5be49b07d9f516d41cd99e6bb3990331ef43f107e6be4e2f0759cde3b75fa06d3dbd0a684d54ad68c60520627968c66690d402de38c4b809

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db
        MD5

        3845d0f342fd86c37e7ec7518667fdb2

        SHA1

        6b4e2dd4fa0456ff814e3b9831dae2148a1df72d

        SHA256

        16d926dece35703eb61e640974083c9021acb0d7fc847f522a53f2e6202dbd40

        SHA512

        89c95c72bc13ac3233a7910144a596b4eeb300446ba6861e3dbb7c07166caf5ddf7d56443728d58e1377afd74e4d028088a01619f436d2c6fa3ce25ebb9fd473

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db
        MD5

        abfaeb0bd738727aeef04f89bda6ed96

        SHA1

        e4ee89f2f4da46da49193d9ffadb936f6e186aad

        SHA256

        e921749ff0fcfc51291d36d6dcaa318ebed0776d5a890cb1e413c66b754983da

        SHA512

        86f70d416134b0a25cf9da1175ff4ae85cc6266c4ddfda61c5d51169b4f17a80fec736a215e03c23ad7da4194c7da3143cb4ad799d4d60019caf4ce3a7844503

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        MD5

        381993dc6ebac5b216c9c4492484cc47

        SHA1

        501343039a7a5dc1ce7869083412ad6fc56912c0

        SHA256

        246d2872aab45f755d171b33bb86839dc4e21a2f49145ba17fa393f84fc99ac5

        SHA512

        b9ba87208043e77b5983585b32ee667501e0081b1da3e13bffbaf2270e519772e9d626fab9f5e3aa5c3788ff1fc221c6a117491ea5b311a636f957f189cf11fa

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db
        MD5

        a560326b7a0821651fee56869539dd63

        SHA1

        4e16ee2baa5ac790ea2d1d0d86d71d2974d7ac42

        SHA256

        cab4f66bcd64e5c5d9228b7e20b6dd80b8e44d149aa384814f6a3bec4d61831b

        SHA512

        2e4bc1e55302dac25bd3158704315323a30667394c5982861f75e36d270d877167e951dae0b02b770e9fa51377589839c6070e4253789ba0ef253dea76ba791b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db
        MD5

        f588ffc77c8a6d6e0611476115b3ed73

        SHA1

        674a02baa82596d730ea7c2d02dfe6b708fa8b8e

        SHA256

        6485c542a806f634387e81786b28cbb133a40cc2699023f919719f82ee8bd541

        SHA512

        47389356e6580d8cb7e6caa8c28c93f680d40de40ece0b4a79c6e761773b5d47e9a623eab4d553c9647838b6e6bced4023ab0ff5cf16d7d57c3e675083f1ba7b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db
        MD5

        8d47aa137c349f3d04a8605125d05191

        SHA1

        e9941d94d00e9f145f4876cb1a0b6551377831d2

        SHA256

        2ff1d617d00bc26fc61005f56378ce4df2cd7115bfd6a94838061636499ab1e0

        SHA512

        cf2364bf9c6932bdab2f4b95e4ea79e87ecab19b1d5e6bb7813798456d582b30d20b11ea02759f42d24aa1911dd30ebfb8ed1fd192b190426feb1c1ffc8a7f8a

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1280.db
        MD5

        52e91f5ae27be76b067de474ba7b5ca9

        SHA1

        3b184e34f8a7a1bdea1622f93a2b5b97173363e9

        SHA256

        b8fd7316feea97e2c832fa3924453f6f19a4dcf45146e403e6757627eb7a207f

        SHA512

        529dbedbd9a2caf30c224278a2730e5e130595fb51c00a5cb5ca3c31d41801e9eb64e1b94d44a42c1e42652275420f32e598980ff54bbc4fb78fa62004a4aa3c

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
        MD5

        90a41ae008f6d9cdc83b106e77785818

        SHA1

        fa7cd0d20e7e8d4d8c34780061a6a96bc7971e0b

        SHA256

        8750f097febb8ab1b110a0c01f46817d2c104e09ae84997e921be8bbe6d69d62

        SHA512

        51a30a2a9c44d559a1a9727f712a04341ad7145f59fa6e51eac3252d526dfdc8aeb732bd8cd560879d7110eac93c72a3043faab5a0a9fc481a61e432446ad02b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
        MD5

        419a089e66b9e18ada06c459b000cb4d

        SHA1

        ed2108a58ba73ac18c3d2bf0d8c1890c2632b05a

        SHA256

        c48e42e9ab4e25b92c43a7b0416d463b9ff7c69541e4623a39513bc98085f424

        SHA512

        bbd57bea7159748e1b13b3e459e2c8691a46bdc9323afdb9dbf9d8f09511750d46a1d98c717c7adca07d79edc859e925476dd03231507f37f45775c0a79a593c

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1920.db
        MD5

        be12dbb0068874173252f07edf8fd87e

        SHA1

        ad334fa4914bcbc357325e882f2c29e04329d555

        SHA256

        d5213743798df52c2ad3ebd5d42f08553e7ca27e1c9bbd680bd03ed83184209d

        SHA512

        e9ec84bea933fa4fe42ceabe90a9d25bae92314d1d186102276e9700322a850e6e4ab44cfba48f7baa355948b363861a1e971ae31fff0bd174718ccd66f3a6d1

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
        MD5

        bd07f8728e432f3a58f0473bc5168cf8

        SHA1

        e55b4dbe5b8d0a09eb3444ec446540d250862246

        SHA256

        eba7dfa5e84420e9fdee66289b127fa04cec8fa24125b683ab10f3894489a199

        SHA512

        f450ccaf2ded957cce7e941f90b2f6e40e1c125b264f7be40c6c3e0c2abb78d9c2c70dcdd9650f385450bb1d68fe681a3ab93de7bb322045134db2e34e9f0d6b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
        MD5

        b113c70a7b08f0837100160840f70f21

        SHA1

        46f987758adb81f0bd8ed8a9bbd6498e41c1a670

        SHA256

        d2a136d5ae7bdb73b7e7b89833975c4384ba5760b4758f7e1c5320cae1acedcb

        SHA512

        1c90085bc07df8c88f7aa30b9163b8fc7e02ecedf0d58d477fdaa5956bb4ca75458e2229788f1259a1bb4fd710924abe86f5d1f204262035b4edf3234085895f

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_2560.db
        MD5

        27aa2426ee888dfb4dc430ae4ec4295e

        SHA1

        1a6a8a5eecf0a0e90cab134e0380f14429f0cc94

        SHA256

        cbdf9b37c0a52fd9cfa1c997321c47f9e4c0ad3476bcb641334153a36b56126e

        SHA512

        75a23e3173591ad2006c7a5f5a6bde4ca2be14f37b50195d74d117035605835d28179ae0b289a2c2ddd049a527b3b78be7613a678dcfa159e4b268473cb09f78

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
        MD5

        a1d0c50748df414c512e850c19c7ada2

        SHA1

        5ac580ad93691d436f0747c0146ff289e266dd5e

        SHA256

        4081b03cdce8df45f1565a1d0327e0b29c6f5a20661f86160c06729e085c1715

        SHA512

        1f87d7261fa9cd28dae90cdc2edaae01750648f443f38e71b645033f08b74e7b13ce7f57b9503ce62cca2acae82545f8813e17b83690b5bb5a885261945a0213

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
        MD5

        5c63af4342d1c9b201485a3ab91cc754

        SHA1

        0ac5e689d166557722ae5fad74c607b4a3383344

        SHA256

        d434ad4654f1012b53f49e37b758b74f6159994c10f7e299d2345518b91f7b07

        SHA512

        b73dc6d85d070621545e32e461d6b5b8e0c0dda9130a5bfba316ce8ab730d8e98b2980fef279d52939007d4e05abfcaea1325d420bc9ac201435e741cd8687fa

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
        MD5

        ae6fbded57f9f7d048b95468ddee47ca

        SHA1

        c4473ea845be2fb5d28a61efd72f19d74d5fc82e

        SHA256

        d3c9d1ff7b54b653c6a1125cac49f52070338a2dd271817bba8853e99c0f33a9

        SHA512

        f119d5ad9162f0f5d376e03a9ea15e30658780e18dd86e81812dda8ddf59addd1daa0706b2f5486df8f17429c2c60aa05d4f041a2082fd2ec6ea8cc9469fade3

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_768.db
        MD5

        bf5fc8a8e496f21cc84487730e904e9a

        SHA1

        518b06950459c4452a8f2213d16bcdc369a0eb83

        SHA256

        0f894142891036bdb533b8fa8de85650af16162b165bc78639d4eaef73c1916e

        SHA512

        12ad337fe1e689da60cee7f536b08727c47cf3c40fc02d727d01c14ccec610c892b8ad9bcea33c1c1d83e154a8d90d23d5bbe04bd45eb4f3f375c91247542214

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
        MD5

        434e1103ac0d994b25147d31ae26fadc

        SHA1

        4546d4342631f70e62cdea4233749a789d25e886

        SHA256

        3b5d2ab9ac60fa5da76b8574bce621126220e682d0ffe6742be4689452dd35d9

        SHA512

        0bf55c7273c510dcc66fa16f7a8bb4aed22ec85881aabaa2060c5cc24054625f5259420d4d143f247fb29d9fafb007e9c8aeadea0dd8d536eb6fa73f0c8fa36a

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_custom_stream.db
        MD5

        4afeee2cc1118682230243da8b07c455

        SHA1

        e8da87063b6a7a620997e69bdd3f4dbf5a655120

        SHA256

        42fc8ef4f408347b990820b9b43e4c3307e9f548a833021cfc1a6a2f80db5877

        SHA512

        cc24029c7800769223bce1be06b3b060d3c7a42def0f0aa290cd4a11cbd1d082cf896ce94e55284df8870249c651ffb1ee4f3da97819890f57058b31b29d0f56

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
        MD5

        f0b2c09f624acab31696b147081ae543

        SHA1

        1219788fe8742961ce420f6c302c4132a6b371dd

        SHA256

        2a67c028bb2ff0a88a57e220faef76658d67e65b6b43b683a8c99deb5397a67b

        SHA512

        e6290b0480c28d0bd2601f8f897624f11f3fc67e55795cf37fa1588f859546f756deb48c4da1e1076798e655719841b07c32180bb81490379ed107b5c1293085

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        MD5

        395945bfd3e439ad49c0439ba46fcd3d

        SHA1

        c9167d5b44d1fed75155e4ac86a41b87dfa918f3

        SHA256

        375ece4b15ebb28d5f4ef33f6259a9638562c3b50bd41b309bb2ff9355196693

        SHA512

        529f5dfa37bd0d0905bd23dec014ce82dc98440084cc7f90db7728216c5ffda479c44777912ea16439a6e95b988b05ad857491dc69eefae9b53727190babcbb2

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
        MD5

        34e5efa9555974d1bbd3e24b4b414230

        SHA1

        fbf9f4ec432e5406e0b9e0d9ff7707b4eb2173cf

        SHA256

        5fd728b0219a3d92cf19f741b0de299c981499be125bd55a14ae6bec7c8d5a85

        SHA512

        71cc9165e7224cc70a0bf2a613c81b25a5e0f7ae6d180de283a185ae5b2332bc55c7501f85204f2291507dc32dacd9ceddb371a3f61955946c300f4348320d37

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
        MD5

        6abec5d73904ffb83589ba523af8a85e

        SHA1

        0265a23b5f17d1c95c0c10b9ac2296e9326bcc5f

        SHA256

        7024afdfbc3243ef6f3f81a1da0f19b526fb583a833b60d714a6311a4d2aeaf6

        SHA512

        98df0d63694f7242e107ab3f83cca351825fc6735a65fabcf0042889d6fb4adc2db4515ab620c1991895047c5fd57358773bbb63689d892f670722706c90d739

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
        MD5

        d301507276edb0cca5ccb3aea78870a0

        SHA1

        007a9b95af483f8de2e9ff67f9a71c4bd9b52ecd

        SHA256

        9dfec8f74c3443d4ba8f174fa1099c1fb067158b7733251061e1587dfe96a05f

        SHA512

        b37727c2462beb2461c523ca1efc2acbee43fdbef690c9c35eb645d928ca5fe0b0a574f9a3827e184e3d85c93c861dd83d049dbf0c04c89e5ceafe35f966f701

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide_alternate.db
        MD5

        c465e3bcc6164064fd7f5f800eb14fb0

        SHA1

        6859ee095ff38a0a30a41425180a5f1333549876

        SHA256

        c5282fbe6427b1dcddc3e1c90182440b9bbf54c0e2d14f392afcfe66bf7a62f5

        SHA512

        5897a1ad254cecc83dd424fb2f409c3751d010adece3b3ad2592d9f8bcbe00b4f090d070f5c97f4fe4e474a4205ef8b040eb956c5b803e2e995307e104553539

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\counters2.dat
        MD5

        5446ac0237a807b689b4b4d0ed63bf21

        SHA1

        87f84a5c5caaf55ff920d13169673ad385ce14a2

        SHA256

        2128b148a4e107fdfd943ceeed227426f8736b4eb886e2bd6c7a1b2fd20599a4

        SHA512

        1bd7c26f4f6d2b907a8a2724eee4901f3046afc63996a65143f7852d4bd45bc9f45dd4c130e30e6e98a1794c9de63ee9b2e3705a7218a56a5b2e1a48eb9ff12d

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\09XU2J0F\microsoft.windows[1].xml
        MD5

        a7fe0820e7e563aac3a159562a5e8b98

        SHA1

        f673e19c1bf62b1967cf445aed405132582116c8

        SHA256

        4d842dce9f059ea8fc1b2a07f20fceb7f6605690ae3ee905c6f51c1ee33a6cc6

        SHA512

        cd2c38d74ce162a095eaece363203b35e095c26f0910ce3d609d2f61dcb0873b2878588bb2eb7cc943da30571164640079d059cbb503b6bf7222efcdea1a9545

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache132625136502665847.txt
        MD5

        a149bec55179abee8b98fbf69153a084

        SHA1

        8df2467240c35600b37e1b4ea4c0a6a9dec1f29f

        SHA256

        687137c9a808ec2f6fed5b8a523bb1d4e3527d9c0b5688f34c57c4d4b3d710ed

        SHA512

        2770661d9f8fc98f2c2a322842ab48a55ea35f49a869fd01e9d9cb2325cd076f7e10fc5b2ac20ab5a32f95ce290ceaf2b4c46ea68863d17075050aadcd5e28b8

        Download Submit
      • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\TempState\UnifiedTileCache.dat
        MD5

        05b6406b87c426be3d3697bd13f053be

        SHA1

        18496f137c9cb2a4608263b3fc7062b87b41a945

        SHA256

        c6776026778bdfa1b4b7e23f5ad9e995192a3bbbccff830ed819644f239e1fb4

        SHA512

        8c14657f782d1fd5e0e603ec9a023169223c95f70e158e5b4bb787856c28a21be5d5c129a54b19bb5786a68e0a631a95fef4dc860f6a20e8d0be96e8c5d48396

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\WERE2C.tmp.appcompat.txt
        MD5

        5482b1e194ed4bb8c7ee34f1d1641418

        SHA1

        04f2047dec046169f327921904b0819b7d573279

        SHA256

        3e658d7d102ccd1a2b8d2b07fd8616f7c1acb4778d39af49aabf48363591339d

        SHA512

        5fc183a367931de7eecf665e567215bf2d63efc51222488f5f1f3fe9368ff93a48d391c464a84e79a1e664fe68f84abd09943288a75d1c4017d422e6361b0bd0

        Download Submit
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
        MD5

        1bfc5bb736546bcd0048a18ac62d20b5

        SHA1

        3abffc8bbabd03352dbdd2bb2e5c1c04039846ba

        SHA256

        f757481e395bccf33fd25c2489e383ba3eaad8453415f61638e7b3d06d412d18

        SHA512

        8e791c6ce6556a23e1f10d3de056872967ce744e48a268a7a5b632b700e108455425a7779809b51115d617735ba1e671165f0449ee836782ed23c8cd387d40d4

        Download Submit
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
        MD5

        3ce0485fcc785c022e8124df7eafb6da

        SHA1

        b8dacb84b6539221a9443f8d3805407bbe5473ae

        SHA256

        640ebe095a18e0228769602e087a97d12642d2027b5886f9dd0955abaea695bb

        SHA512

        10f2b740289f323bf21528b51d656e704a7ca18e0e45cc83ae3acf083d615fe13d9586b275648aba55f98e96b23c7ae77282187aacfb5d56c802eb3aef3812f7

        Download Submit
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg
        MD5

        483f86a4a965b8d63f875fa79ece73b2

        SHA1

        e76129b8a6e36b942c60d088e21181de5830e735

        SHA256

        a5109d30badb3591376b63849d70baff45080c9fa129ad9bc7c957fc1841ffff

        SHA512

        ff84b36584f9005e23333a2ea634766f94429f6e7fc461163c30b713351990be7ba998faa712f0ac9c48fe1b7ffe4a81cc0ce7483078714884d613e9dd9a9876

        Download Submit
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
        MD5

        433d4446ee89d4bb4842655fb5c2dfc4

        SHA1

        91867d31dd90c88445d95f6ad4285985f7a23764

        SHA256

        102a9bdbcf6679cb108bfdb0d3a1dff3dfee12efaaac2d9c1fc6a1f5a3d45fc1

        SHA512

        cbe63aa41151bf02e39da9149e961b4bb3f21590ebec2dceb03a2befc2d6f2229e20f068d38ef5e47c179d45222e3bd1802bc5a0b68eb9b6d25874a21b6f2b60

        Download Submit
      • C:\Users\Admin\Desktop\ApproveGrant.emf
        MD5

        73b9bae529fa627e3ee1af5a83433385

        SHA1

        2b7d6802e7338fff767e0a289086d400fa675106

        SHA256

        efd2a4692b990076c41d6ab699f7f405f5cfe4d3b50b7517ac31960cd9f7bbf9

        SHA512

        71e5a9cabcfeee77ed7e173c7b6fd61bb4ea25de92f2bb1d28d8b66db9ee99880a21d4c0a39c919add5ec6167838c5b6b3be8909b70768bcbfa50b064b3eeecd

        Download Submit
      • C:\Users\Admin\Desktop\ConvertFromSend.dwfx
        MD5

        bfb87b23ce8a2a253b11fd38af889682

        SHA1

        9b869b67be11484a02d8dd313e38cd48ac56d608

        SHA256

        1a5b9b768f5a39e7aa60bf04eaec2d4f1354ac4bc561336492303b05e7206487

        SHA512

        a236cc4ad245ae73027a4abcc3b4d226b14a39497c04b7d5c055d68726123d38b8a067e39f4aa5ef16b09b7badddb9498641d163f67035ca0b4e0d8aaa68acf3

        Download Submit
      • C:\Users\Admin\Desktop\FormatInstall.jpg
        MD5

        e476e47d320a5b63b7da6dc2acabd714

        SHA1

        1bba6c532b6e117d4d86f00bff7fe7608a2bdbe9

        SHA256

        90190b1755e93a9d711eb00c2d9bf58a88f4a05adea2fda51e9b8b34f2897e1a

        SHA512

        36465a9e3a8fbea752dc3da4c6f23c524ea102e54d02b6b86ac85b8cd63779dbb526482fb4306eb4bbc6ed2e5ed71da4dd587db16f1c72ec6c6f05d918511abd

        Download Submit
      • C:\Users\Admin\Desktop\FormatSubmit.3gpp
        MD5

        96017095a6e867018d6ca7fc81c2f0be

        SHA1

        6850e130f5a5055d50d139bd568287c14fead33a

        SHA256

        c7cd0c182e74f4a4496530e9f14211c724680febd57fbadd1a6eff4eecd02db0

        SHA512

        28d356a538f3af5518b1ba79e84d0cda116ef82c66a3903d3b1a1327c78fac38b81fa3bbb7b9a66f8090eb44437e5de1599b7617fb0faf7e3612764c6888ad5b

        Download Submit
      • C:\Users\Admin\Desktop\GetEdit.jpeg
        MD5

        457051c9a49b3e94a3b140c0c8c8e223

        SHA1

        aa3e0aa79961a91bb3d2362af47229fef6a963c6

        SHA256

        a85474fe4cf3d92e5d90f2d351607038542d2582672017621909405a40903b2e

        SHA512

        02aebe5cff7c731190353cdae103756990834461b172ebc3efaaa1eb8baf4aba729ce67cb481f8e499e97ad38edef50ca5972516121828b3b74302c401ce36e9

        Download Submit
      • C:\Users\Admin\Desktop\JoinExpand.3g2
        MD5

        affef9498178d9c76115c8861133c8de

        SHA1

        bd843afb6a1f38131fd5492e6b0fce0c34c93ffe

        SHA256

        a188cf2664af262e9cbaf656907dff3bbefe2ee5c5ec4f5101ea39f5fa73b694

        SHA512

        1d02d260e4caae10b910e05f00168f7c1c0f5069f357532ba8e76da43da5f666387a89a04ca946a8fcac243f331b7c2806109e22a2ad1b131ef0926ecbaba6e2

        Download Submit
      • C:\Users\Admin\Desktop\MeasureWrite.TS
        MD5

        0ffe41ee646a70d52adb93d1cc1b4a2a

        SHA1

        4d0c9f33d4d777a89460a18ed702491d8bc824b0

        SHA256

        8d4d6e046063d600da3a7ed19c0ae6cb198cb40871f311ea7c7d2474af048503

        SHA512

        f924dd70d768fb537c8873da5fb88f35ac90aa0d0133b885ce3730f265868f3d25331f7c4616152e032110eb69f59c09ecb7a939af6d8961611cf2f1606a8470

        Download Submit
      • C:\Users\Admin\Desktop\PingRequest.3gp2
        MD5

        0f706375a57b8a1be934f45937c40b91

        SHA1

        988a3f8c0593c440cce83ee2711467eb05f527ec

        SHA256

        d39608d040b84fdd29d3c4a5597fcc1395c9764d88d4f5237a580107a7ff5625

        SHA512

        c1eb2efa2e43c67dccbd521864cae775d3406720767a2b6a8403c9889bcdcceafbdb8ad9fac8759d99d9c4bee4d5c0251d360edcc5f246ccbe6ff1c7b631579e

        Download Submit
      • C:\Users\Admin\Desktop\RevokeConnect.wma
        MD5

        53ee712792431c717a2d7f887d388668

        SHA1

        5498b6bd5146da33240237090a0836d57fe0374c

        SHA256

        4b4bf30534b8f6467dd9b32d1f12e6c73247c50751fcb353c3cae205d3ade708

        SHA512

        d239f881b7340856ca7010e0a4de56adafe07d862db56d5dfe098707a22255864d160639341f609490f08e55b99da72bbde618ef067f6f03b8957e83e05d0206

        Download Submit
      • C:\Users\Public\Desktop\Acrobat Reader DC.lnk
        MD5

        5c555a4abe0305f597d825477c70fccb

        SHA1

        7c704703cc05a770511d6c521ac008f262ac5dc6

        SHA256

        215ade302d23f2045398a12399f47d698c65ec45211b8a92611926527ff05bf1

        SHA512

        1cfc5a842e9cf565f64986a5eb9219068aad06b1644876904044d470b51b8b347bb17460f3c69d5b7e0aba9cae776975e2a170769be27c793eb7da18a7c668de

        Download Submit
      • C:\Users\Public\Desktop\Firefox.lnk
        MD5

        371d79d0abf0c23a8ab0d4ff3483d113

        SHA1

        66b88b6392ca2837660688515a462e9b4d65aef1

        SHA256

        9fcb279e0946a366fb5e8998f7a30bddbd86acde359731e1dbe71a7e353e1c1f

        SHA512

        f3530ee0a38040ed620f0c3a020dc1d435d0a5269965f11209fa1030bcf726962b59f51216967f282ca0609dde37f40c5c20ce027d9f0920b03162875e5b2a05

        Download Submit
      • C:\Users\Public\Desktop\Google Chrome.lnk
        MD5

        4f21056e519019014cd4b7eb32e55e83

        SHA1

        a59a2c82b9c99468a91b2f3720125b7a22579ca1

        SHA256

        293320bc84edcea7a4b89c8a1f25e5ce4e5855eb776e5333fe8fe03a5f6af87c

        SHA512

        4202d8a9b49d7794aa5e82bc63fc33c2c744274d8f3a2e7e8f213d1092aa5551b7e75429a80e0b198c99e5cee765ec2ca76b0c2630342cd27a8ad6d217625aeb

        Download Submit
      • C:\Users\Public\Desktop\VLC media player.lnk
        MD5

        973a111704b799e15a18233b7d974ed0

        SHA1

        b559260f4bfec7eedb261371d4cb7857fed55bd3

        SHA256

        832f9da8a0006e658e065c87f0855a13d6b9d2be29d20195bc318540c38ba9ea

        SHA512

        ef713abf4c4b51b09a582cbafce62a844b16e65a5932b1b3ab8868d96fa2026cd422df83a44ff6d855a0a1e5d4dc35bc4df5f11506ce29585eb276bcf4a5ee4a

        Download Submit
      • memory/3604-178-0x00000000009C0000-0x00000000009C1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3856-116-0x00000000026C0000-0x00000000026C1000-memory.dmp
        Filesize

        4KB

        Download