Resubmissions
02-12-2023 03:15
231202-dr6atshf3s 802-12-2023 03:12
231202-dqm3vshf74 1002-12-2023 03:08
231202-dm4w7she9x 10Analysis
-
max time kernel
531s -
max time network
531s -
platform
windows10-1703_x64 -
resource
win10-20231129-en -
resource tags
-
submitted
02-12-2023 03:15
General
-
Target
https://github.com/kh4sh3i/Ransomware-Samples/archive/refs/heads/main.zip
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Windows Firewall 1 TTPs 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 2 IoCs
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 3 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Checks for any installed AV software in registry 1 TTPs 6 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Program crash 3 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 15 IoCs
-
Drops file in Windows directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 17 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 7 IoCs
-
NTFS ADS 3 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 61 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 54 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/kh4sh3i/Ransomware-Samples/archive/refs/heads/main.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd5ad9758,0x7fffd5ad9768,0x7fffd5ad97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1752 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=772 --field-trial-handle=1860,i,8608860209624593668,9643578679775152744,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Jigsaw.zip\jigsaw2⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Documents\Ransomware.Petrwrap\myguy.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 13722⤵
- Program crash
-
C:\Users\Admin\Documents\Ransomware.Petrwrap\svchost.exe"C:\Users\Admin\Documents\Ransomware.Petrwrap\svchost.exe"1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Windows directory
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cryptowall.zip\cryptowall.bin2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:696 CREDAT:82945 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\notepad.exe"C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"4⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 22204⤵
- Program crash
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cryptowall.zip\cryptowall.bin"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB18E1F81DB4F32932F5DD1A46873E63 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4FA553744E42CB5E3F94D5FDD3154CA5 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4FA553744E42CB5E3F94D5FDD3154CA5 --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2955083A45ABE72248ADD9179EBE4DDF --mojo-platform-channel-handle=2188 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=04633CB9A17DBD8B552627E9EEA38F19 --mojo-platform-channel-handle=1824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18A89E7FEC0326375966BF3BDFD9A0E6 --mojo-platform-channel-handle=1888 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Windows\notepad.exe"C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 24683⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Unnamed_0.zip\Ransomware.Unnamed_0.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Unnamed_0.zip\Ransomware.Unnamed_0.exe"1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\xjiivvtt\xjiivvtt.cmdline"2⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF45F.tmp" "c:\Users\Admin\AppData\Local\Temp\xjiivvtt\CSC142C50E6FE704F48B4BE2AF824AF.TMP"3⤵
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\notepad.exe"C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.0.947035310\502511969" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1696 -prefsLen 20598 -prefMapSize 233275 -appDir "C:\Program Files\Mozilla Firefox\browser" - {715f701f-cae6-47c4-993c-0e8df11bf6ac} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 1780 1b9c99ce458 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.1.583290005\154604527" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20679 -prefMapSize 233275 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5faee591-0ff6-4faf-bfa7-b53e5eebfe00} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 2136 1b9be772e58 socket3⤵
- Checks processor information in registry
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.2.1680919123\1703176040" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3196 -prefsLen 20782 -prefMapSize 233275 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cca87cc5-3a4d-4fc2-a4cc-19a1ae8c9a3b} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 3172 1b9cdb3cd58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.3.300144665\1337393412" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 25954 -prefMapSize 233275 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2217e255-8865-4c1e-b45e-7715339da26f} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 3652 1b9ce10fb58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4048.4.1686282429\1695675740" -childID 3 -isForBrowser -prefsHandle 3940 -prefMapHandle 3640 -prefsLen 26013 -prefMapSize 233275 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1973931-d727-4e7f-a8cf-0486a5131c46} 4048 "\\.\pipe\gecko-crash-server-pipe.4048" 3948 1b9cecd1558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.0.1592860662\458799104" -parentBuildID 20221007134813 -prefsHandle 1676 -prefMapHandle 1668 -prefsLen 20670 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4187a21-d2b4-4f44-b6f8-c0e4f44f4dcc} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 1796 269e7afd958 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.1.1951233409\9251403" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20751 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66622ca3-406f-4e95-9b6c-da9fcb759ff2} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 2152 269dca6fb58 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.2.137724320\1233190342" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 3020 -prefsLen 20899 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3c50256-7615-46e2-993e-e14bbe4432bb} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3016 269e7a59558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.3.205069265\761938308" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3412 -prefsLen 26077 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af11efd2-d3cf-4425-b127-187ae9552627} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3484 269ea506058 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.4.2094079447\2036876885" -childID 3 -isForBrowser -prefsHandle 4032 -prefMapHandle 4076 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0b28f8d-4be3-47fe-828e-967011787ef0} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4088 269ecc7f258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.7.674835288\1087605518" -childID 6 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {59b614b6-5d37-40fd-8e15-f1dae5e55166} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4680 269eddb3258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.6.1577157943\1413115448" -childID 5 -isForBrowser -prefsHandle 4928 -prefMapHandle 4932 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0475a107-80b2-4a57-bbb7-3a66f3b24608} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4920 269eddb0b58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.5.1301167042\1675420647" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4824 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d9b44d8-6faa-4948-b89b-a2b081472a14} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4680 269ec35fb58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.8.145879297\69280918" -childID 7 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 26295 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6a7c51d-2cae-41aa-bad9-09a2fa174f52} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5620 269ef890858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.9.265606030\1203270685" -childID 8 -isForBrowser -prefsHandle 5772 -prefMapHandle 4100 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17be25b7-531d-433c-8cf3-8b1a5de22bca} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5776 269ead20c58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.10.730760034\1338845037" -parentBuildID 20221007134813 -prefsHandle 2588 -prefMapHandle 2884 -prefsLen 26814 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c7b1cf6-1fed-486f-8a4a-08d88d82f2a3} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4232 269f12cbf58 rdd3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.11.582738671\673264389" -childID 9 -isForBrowser -prefsHandle 5184 -prefMapHandle 4168 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e5ac5fa-dc06-45e4-947a-a72a99743e97} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5136 269ecc7e358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.12.1512579788\596900917" -childID 10 -isForBrowser -prefsHandle 9868 -prefMapHandle 9828 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9001ed9-aa6b-4382-80f5-bad780c4f0d9} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9880 269f172d758 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.13.1534677113\138866664" -childID 11 -isForBrowser -prefsHandle 9700 -prefMapHandle 9644 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {611a5637-ced8-4e06-b49c-f8e10b8e88ad} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9620 269f18b2b58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.14.805335869\1314736927" -childID 12 -isForBrowser -prefsHandle 9732 -prefMapHandle 9736 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37850c79-8c3d-4009-8081-83756598392d} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9744 269efe10b58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.16.1566242471\2094394012" -childID 14 -isForBrowser -prefsHandle 5268 -prefMapHandle 5212 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4334171e-10bb-47f3-bbf0-385e89950aa4} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9828 269f016ce58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.15.203834413\932204297" -childID 13 -isForBrowser -prefsHandle 9676 -prefMapHandle 9804 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2068dca0-a5a4-4058-9d78-587f3e48ec1d} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9680 269efe0ed58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.17.1947345192\253014475" -childID 15 -isForBrowser -prefsHandle 9304 -prefMapHandle 5680 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bab2bac-6070-4b4e-9dfc-7af83dbdacea} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9096 269dca61c58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.18.1937902795\1241572597" -childID 16 -isForBrowser -prefsHandle 5728 -prefMapHandle 5736 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f20270a0-9235-49de-bc84-00d6a0521050} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5132 269ed44b258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.19.1402080308\1117138829" -childID 17 -isForBrowser -prefsHandle 9000 -prefMapHandle 8996 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b7a5128-70e9-4ed3-99c6-6f2286092213} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9008 269ed44c158 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.20.400323194\611232936" -childID 18 -isForBrowser -prefsHandle 9480 -prefMapHandle 9444 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2163ee0c-c2b3-4764-8c06-459039e63d47} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9492 269efe0ed58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.21.1767840356\1548166682" -childID 19 -isForBrowser -prefsHandle 5628 -prefMapHandle 5592 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f73d436-c2e3-4d2b-8569-d7d5cc36938c} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 5772 269ed44be58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.22.1056560850\61021683" -childID 20 -isForBrowser -prefsHandle 5708 -prefMapHandle 9764 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {302f734c-c062-414f-9dbc-73d67b51ef60} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4724 269ed44d958 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.23.1388256204\1813537642" -childID 21 -isForBrowser -prefsHandle 8952 -prefMapHandle 8956 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c8fa24-75eb-4aa8-8c2a-4c43e931b568} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 8944 269f0397358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.24.2138872567\232839328" -childID 22 -isForBrowser -prefsHandle 9524 -prefMapHandle 9516 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef3aa3f5-4324-4417-a4f3-e5d42b3a4904} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 3892 269f22af858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.25.1652210913\1877492367" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9380 -prefMapHandle 9488 -prefsLen 26814 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c25e179a-993b-49b2-82e9-0e4e621d2686} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 2680 269f2515458 utility3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.26.24164209\1101902962" -childID 23 -isForBrowser -prefsHandle 8944 -prefMapHandle 8928 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3673b05a-1120-44b1-853f-89a18756759a} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 8632 269f2496858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.27.542180729\41085314" -childID 24 -isForBrowser -prefsHandle 5676 -prefMapHandle 6032 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f84d86-b23b-4b37-9649-57def0df90b4} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 4944 269f2926258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.28.178128380\963112558" -childID 25 -isForBrowser -prefsHandle 9348 -prefMapHandle 9444 -prefsLen 26814 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d3f6c12-9421-4236-85e5-195886260df9} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 9032 269f297ed58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.30.582502059\1714779291" -childID 27 -isForBrowser -prefsHandle 8476 -prefMapHandle 9408 -prefsLen 26854 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a0f399-f15c-4285-bcfc-217e5d9ccf14} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 2580 269ec362558 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.29.130416187\1216189055" -childID 26 -isForBrowser -prefsHandle 8492 -prefMapHandle 2568 -prefsLen 26854 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd2047fe-2ebc-4867-a037-34492e01ad2e} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 6052 269e8c12358 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.31.634951994\1549158320" -childID 28 -isForBrowser -prefsHandle 8724 -prefMapHandle 5624 -prefsLen 26854 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31e73491-2f23-4fe1-888a-afc8465016d3} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 8492 269ee83de58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3136.32.418458013\1012939842" -childID 29 -isForBrowser -prefsHandle 7636 -prefMapHandle 7724 -prefsLen 26854 -prefMapSize 233414 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e769d76-acce-4e5f-8d25-af52a5d84cf8} 3136 "\\.\pipe\gecko-crash-server-pipe.3136" 7736 269ed984158 tab3⤵
-
C:\Users\Admin\Downloads\Grand Theft Auto 6_k71-y31.exe"C:\Users\Admin\Downloads\Grand Theft Auto 6_k71-y31.exe"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-BGFFV.tmp\Grand Theft Auto 6_k71-y31.tmp"C:\Users\Admin\AppData\Local\Temp\is-BGFFV.tmp\Grand Theft Auto 6_k71-y31.tmp" /SL5="$110268,13603942,780800,C:\Users\Admin\Downloads\Grand Theft Auto 6_k71-y31.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\netsh.exe"netsh" firewall add allowedprogramC:\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\qbittorrent.exe "qBittorrent" ENABLE5⤵
- Modifies Windows Firewall
-
C:\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\qbittorrent.exe"C:\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\qbittorrent.exe" magnet:?xt=urn:btih:BFF18AF5608F9196CF05BF0C1F0B54A18C3F0A775⤵
- Checks computer location settings
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Users\Admin\Downloads\Purble place\purble_place\Purble Place.exe"C:\Users\Admin\Downloads\Purble place\purble_place\Purble Place.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exeFilesize
937KB
MD5affb18e583bb28a40f34fbf6175443a6
SHA19eac5549521af8096dd0f8d0bb11016b276bb686
SHA256f7cfb608bb472d073c84e4021b2c703d148207098a89a26d313df6ff55a806ff
SHA5129b90deed2d4bd9d1eb188925556876f90267a53b01c72839b94fa4e6b750360bc7bd156a92687e06bece989990be4e15d99acb4fd82dd72a726af14532193c54
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD574307fa846ea24b9fd1bfc8dcbcc82ab
SHA1d79404b18abc71dae59858843aafba974b247ea2
SHA2566372d448f06d581784e8bee067bc1d2ba46b498d9f89ae26e8fb9e6c5ff4ae63
SHA512e29d24a39865b25e489e275b51da39350b4ea100c0c00d439ed7256ae8e53a3250596f8b5ecd2c7638a642e5a7346fb8c7f446b3c45ae7fed3c663fd38cfcd58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD5c4d5e40b485cf4c72c38276a5154fe9d
SHA11823686c63eae342f49ce545d89619d2e731634a
SHA256131868cea2d269b078906ccef2b97d3c67e24b5050d332bc94ba05fc1308799b
SHA5124aef82887934cbd118de904456620de83ae74b4410379b28116a39b654c019f969700a13083bf233c238190e856426bdbf10ce4f45fbc5b4a209b97e1a9085cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD5c43ad479232ae383b3d7a5d3c110d6fa
SHA1c327340d51a108e4a4cb32063ace6c37d644d3fb
SHA2564ee429991d25666e206a1ae7565c0bd030624750bae9a679e7d3082ddebf4a44
SHA512f9050ab4461e779132dd881095ae46d156e912326e534edbbf93f9e67096de4d73920865ad5643f88efbae16d58a016ac463d90b2d0ac8f02cde88969c47dc6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
404B
MD5453a65083088d69dbbb704df19954cda
SHA1f3858f96e7b42f47e27cc6826ffa09daaed1d7fc
SHA2568e689dc8f7c21fc446b796cd6e458bdd4a73a434a3a6f3e962bd5e63a328527d
SHA512258228b2b5fa97342e26f76bc6f0df46b08eed86f728c9b63070aafd6a2872b81b96347b02f68470b4e44303f9ed68422365e4dd5c1029464ecc6b9cdc81587b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Filesize
264KB
MD585b7dac1bc383e1b516cb4f44c1d6139
SHA1f1ac5e593cc33cfefd2649e09f92062b875e9f09
SHA2561c85fc3b7d00eb75dff6a799a880493b597aae20c9e32c904460cd83b75e3630
SHA51255648569a6b41941d9defa6403ac060493f84f4b3b39b814e72d96fc787542aa07e65b1ff2dd2c3f116dd561a832cbf10e80a3aecc63f2e351436535d6e2794d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
255B
MD5d11edf9e08a127c768843acea41d0bc5
SHA1ff1af9b39de4a3f547407fd9864ffdd2bb6c7354
SHA256217e4d9d1412e45abf7a653f72a5ab8b53bc8fc6f377f52a042668a41abc7478
SHA51292c3f0def567b0e2f2523ed25eb9d4abff06070b8be744fea4a6678f25f292439d7bc0c8015eaa6281b7f43149eebb3d3821cd6d6436598481113694b11ddea3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD53fd7e1921c2da6fb387f55f7f43480ff
SHA11ba2a8655ac0d3aa176f3947d2af49ae4aae6be2
SHA256b6fafd11f119f88d082ae8ca1c4805fcc8f07e7286e1c7da413b3862b14b4285
SHA5127e07c215da6003c981d7b9437a8a20d204cc96a07f9f8449ce44bec89503dffe4d5a00f72705217f20b1e81b28e320b3da71445d253a7469f5cc76933f3d4c82
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD549a946100636ca66e3b4a13d54b64ecf
SHA17daa23f656c47019c4a75a6c029d1f6851ac8017
SHA2565588a125333e2c0277dd636a618890ca87b07301b0cd5c892737f1e55fa05574
SHA512bfc7b1ac4865a5ec6e2650b949c7be3de4ec6f2a819d1ff66e0fcd4cb3c0f872515388c7ccb15a3f12f9c5e57a0572fad71cbbe7a5853e4d52c0d7512ed07927
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD571c672596597aa8c3c65a72dc2ec8198
SHA126c7cf87cb93c43f9f0f08c44d23215f4c0ea453
SHA25679e190ec427bb9a073c8c508befd6429e7d6fa4cf767bedb82ae397f6d9c4eec
SHA51234dee8d40c79cc6374a640acb4e1001cde47b8201b0abad35cef4dba93a00ead5149648f74ffd3b829fdabdce763f2c0e4f03c97bcefe228a1ac2af0e892ffd5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD546c7d9bbac461ebd3bbb36cb9b26ee21
SHA10eeb9d5a6ba0942e5b12caefd65282586d2ea4e0
SHA2566a2fd07a35fc2f8215ea2fa6d2b8e35e29349eb364816bdbd566d003afc21306
SHA5122525886248fac5e50ef925ac94c2d81d27d55fbb94b2b3ccb234d8f56996f923c4a1e31225c925fc67980bacd541a5f6d58a5f2d2bcb1a3e2be82878a1228bed
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
3KB
MD51ac61db4d312128e767e6bcdd9bdeef2
SHA1e06727d878850f7c863cb973c7166ca7a3df4d09
SHA256f0203bfbe093b8065ece8d08860508d812b4cdc707b1834d6ffb0ec7451407df
SHA512d18eaf6f938ea9b0b898ead537091cc16c7e0f7485d7a56313d74373cfd231d5eb0491e28c8a8a190fc1ead84d4f81e4127f6605330d5f288052afc067402dce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
3KB
MD560f9f957229c3479942cd6d3fa90a0e7
SHA1375ec61b18dc1e950affc5bf58c24c9a915a36c5
SHA256bbf3bd31547089e9eb77229b2588de57bffd95e7fd20e303966f3e91b13748d6
SHA51266746fb92c975ba17050f6934ce25648c24e78983f4d3bb7183eccabea7fc0d765b968ff1d4f1103acbb0262bbb99f6cdf238cf236126f3a899d305a9daa53bb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
3KB
MD5859b9ca02c62f52d803c0a9a30fb54d8
SHA1f97d1f8192a71253a2623e4ffb82e13b4a980ca9
SHA25637bceab87284a63dce7913411eb8951027fe6a29226ca123c9d77a47c536404a
SHA5129883118e269736aa5556b855cc8402aac7aaaeb1919d30ff3356efa4cbf14d78259abfc457913557d7e877c10f281e1a93546fa17a118a489d61df6f2b923f45
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
109KB
MD5fcdab8162467d15f136927de7d2673ec
SHA1b477a1bbe416346010bb4db111c1bea24e62442c
SHA256a0f55e4a4ee77e0242401ad11be772ead98cf1b7272c391f48864262d01ffbfd
SHA512f20e56ee44d4ea9bed1367e0514457f7f91f662d4592bbd226633bc231c663a28bfddb0c2117338ceeaf5453830c95a3903ceed715363f6a0fb5add386ad9336
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5941d2.TMPFilesize
105KB
MD5e1e5a8a85f40fdbf2b85e0bd9bb6d236
SHA17fbd34fcfef129661f08b3e3526dc9b6f2a7f556
SHA256e3545aec7e9568c53f10eec1acdc7a213f1ad32266ef3d91536b95ca3a7d9923
SHA512e242d007120281a76538d3d936b0902126cebbd94d967895a202dcee4734c5c951fe0cc0fe0c53bea1baae7b93cf9f738a17bd74800369d4569b35be78dfa6e7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE2CB.tmpFilesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\10713Filesize
15KB
MD54ff3317d5ed0a869d8bceabc9c86728b
SHA119ae44a1caf5e8b9e30be37f8c5dfdb335fa7a6d
SHA256132c0d1d1041997039647be473ba039706b2eaa15ada9a1b97d9588b1e26d5d3
SHA512e483590d64c78349b975ad9711a8e671f1247ee8b101d60b3613b38e26237e163bca4321f476e349e10974e002dcc5525711c183415280e70e80eee3ec12f3fe
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\16825Filesize
15KB
MD50d315068ed1393e41168c5bb5cbac5c3
SHA1ee3509384b109393729c3ebd5a1d20cd8261c089
SHA256b132f03421df77939d3d2c692e71135ef0b875b13617f59e67ba10e7ac3693dd
SHA51212879b0c06b1b9428bd9b30b103ce64b7a1ab7f7a80e02aa8e193b80ebaa4cddea5c80e97b20ae68db70699d69f25809410d983e7e4cf6cdac1e2b8e61cd4e47
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\17357Filesize
15KB
MD5f0d6a43a9972009bac0142862fcb3dc9
SHA13ac4485a031d24b705fa5b17cd7b07227292d5ac
SHA25641a735352f5f8dd8637c20c855cf2b976af372ba58243595e682c806083783de
SHA5125d0de1bb2ceece7f54e320e74ed442bbcc11eba980b56f2c02324f98aa805d4482706ee04f1a60ef55ec589a820e077435a7e6fc011a4115d0b7a0086c479ae0
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\18736Filesize
15KB
MD5e05a25cfe3b2acbeef1d2454df79b5a1
SHA151aaac302531bb83971da6ea47dfe1be75e3716a
SHA256780eb1b8636526ecfb6d26971868acf241c9a42a412fc4b12a46fee19335ef03
SHA512301b64495baf4786a306ab510535a38d2c64a997d1f7e7adc0c5c1c2efd260fe247e44145d337af09bc5067a65f3fe2b657ee21bf4586401d450bd77e9af0612
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\20235Filesize
15KB
MD52454e8381424e76f62f9f9a518d09ffd
SHA1f64b1bc9024a83e917e5b4d5d87f8d7648a30899
SHA256ad1b16c91307c31580bebb25ab3ea0b621fc27312bca3fb96734a3881428b6da
SHA512300d2e60a08e08b4376ec7d9735145815a6d2e8b4a595dd5051662659fee0337377c0f66cc2c577455d77450a28b25b7ba52e2debdf396fd0e8f161d1e03ede2
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\23501Filesize
15KB
MD515b8908a7b2de6b1f3321e41c6978893
SHA14d72c5d6fdb1e73bb4cf62be33438a9fa78c61ae
SHA2569551e997b73b3c6d65918d2a2bbb8598a757661ade0d675cbd93917cb8b777a8
SHA512fb092f7b937df4cf7f0369428d0239538070a274e187277065e475445956a25e2c3439f9368b1fc202146d6a08e04dfb994ca5e132071917e476a8b89366ac07
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\24398Filesize
9KB
MD58cedcd05fe33017a3698bf0fe2d79e2e
SHA1744193e10db7d0b87d32ca702da1911a7516af60
SHA256e5eec294734e2296baba54dae8a5ddf48428d07990a78541e71360e82eb653a4
SHA512db37ed8ae2b9a3bd7c1defe6fe5927a6d800615f1a8660aa8f9d2ab443eb6c3af2497f0209053765aa3f13475a2edb67170923148cf8bae0332c514d953b59fe
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\26210Filesize
15KB
MD5d16a4ada8add09319a5b14bc4d605be6
SHA124490f8237aab6a239f59e3f467feecc1425bdf4
SHA2565caef35ab6169287c26f135d75412694a2c1c2b421de6d04947825ed56573a98
SHA5121f0d22779af18509eb3ea0a6744104ca54245f13ba42cf6e5679d9faf402d00f569ee191a8b7aaed06165573af3d99b55f5c3e023bcb7c8883349ce1e5d4d2c0
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\26217Filesize
17KB
MD5a53ee477860a3d24ebc8a2851b3c9ef4
SHA12509c70af18ab2419ab69dc96ceb6d15868d3323
SHA2563792c2412e541ee27a21d6a235f006f66ed5f8ed3db2a65e75139d28d7648cb1
SHA512e30cf6e470fa2e64ba2e5109a536c3a79bae2b125c999df3f543fe728c98abc25df3a47b2cd97631c0eeb7661f9e0fd01805695fd9ea0357b3f44988d5ecc67e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\28337Filesize
8KB
MD59f6a02f910b4792cdb0363de052d9388
SHA1b5890ad23a7a6461c5641adac799c2d4030768d4
SHA25622ea9308e74695036f6a8aa5b40d646b77f55a65457936f38cbf723a6111afbb
SHA5125bdd5cebad957a1b2ff31ad2d58ffbc67ecfb2a5bbece2f00504fbcbb1d5b7c6caf24b87099eaafa06bfb666acad4e3d221bd8620e5187ff883d39638214028a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\31121Filesize
96KB
MD54c98618d95e97687ff67137e8aebc690
SHA1bf14504affc7a0ab1317e37baf71981ff09d2381
SHA2561e7e2968de2eb33a5aee67c81485235c419b7bb7eb16eb14d23113a4d959eaeb
SHA512ae0cf88c5337b0ca4f192c2aceb2d8a790523eddc3db90d90a3862853557172555b43dfc02fe0384558e4a7ef8814a22af7c7bd656dfe9650bdb3e9e33801c0e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\doomed\7622Filesize
21KB
MD50d301b9567bed468d087ba2d5efb6668
SHA18cb317e9c7bd2e8c56696712b3ded9c0e05cbf0a
SHA25633e483e18cc19e7bf431c9744e9d50a0327ab814b911f8abdd64477d570c87d1
SHA51268c2bc879b02923d8ded883c03c65888bfb4e82a3860df9c3062346dc3194c5aebecbe3b0090d94933fbd93210b239e9e6af5c11ec4ad0fb6a90a5257264fabf
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\1A1A08F82EEEE84066EF9DDB03343042B068A62EFilesize
99KB
MD5713383675b3fb3e1570430ab83fa3fa8
SHA16cfa4fe57b6150716e0ed8aa8a7babd4fab7c4a4
SHA256c0026a93988de1349d58b6e79705836938c8d44e98bb52b9d9ae2250d23cd098
SHA512e48fc30b7055c0c1d974959daf7cfd48f2850377ca28cc697e38e1cd829344d69bfc3996fab321590e45727710681f0d7243b4a80c7793ce080c200224dd1a76
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0Filesize
9KB
MD512b5c12268ffe9db3b1554511a92e20b
SHA1bdb5365b34ae47c95cf4e6c3cadc5ced5daa747b
SHA256946a72ac84840dcda2953b9fe5f6ccf17e5a36f96f7d6006977022dd8ff64f9d
SHA512759309ddf7795fa462a1f51ff8d607a1663c7c0854ede508ceb5e371f065054ddcfad113d9a0561b33005ae92d2d28ebcf0639018f003c7768b2ec8b4ba3e2df
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\577A586685F8D27BD5B926CE96132B84424D8EA4Filesize
13KB
MD5f99a8c7177a70b79ff8a30edb7049348
SHA162f84a752b7e4fa180d21bde74dc12170ce5a93e
SHA256ece7381f485786d5384b1ca9f470ce95f6f5c6c4761bf1f5fb6038db55d3f765
SHA512bff79c2991a5639e8e3a0ad472e2f4e3b088fa37e5cbd1485a05a9310244fc39a050ad982a165ed5c2c8c7cb9c53b5b13e6782459b7b63ee62c8966238b2fe33
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\577A586685F8D27BD5B926CE96132B84424D8EA4Filesize
13KB
MD5a0896fc5e2a04057c6ba652769d6f39f
SHA1b25547e7b16c153f16cf87f9016d8ca8d4c3d1b6
SHA25633d57f1a49ba9f5c6de4c53048a9ad66993418a9835c99dcb7d1982a7b17ba96
SHA51217a0ee3d6d8cd1af30a3c076b9842b202eb60e19e5a3a56b6db5a7969c130e5777e844c75893ea9f9ccc6919cf418444d2842d30b328b464f4dfd33d3a84455f
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\5F93FDBFF6E2A57DBD9B3ED28E26475329CB56EDFilesize
1.0MB
MD5896bbe13d6f42a3d6b2ee7fc779298d7
SHA14de84f06920c6a88fb7da28a74637a79408de3b3
SHA2563bece14b1c64b3450b1d117a9cf9ac9911e3c1dc829adbcd02a89a8d99ac0efc
SHA51263b58bd0dca65b68be09e916bdb7111eaba5210f9a6b8946137f274a0d71d74b5fd7834a934dd8a76925c953d9995de4b09fc74a73ff50d487cc9185a124410a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5FFilesize
9KB
MD5b2b422b71325e4a29e62b3550de803f2
SHA17a172b206642dad941b7f1c2f5a3f0a5724543d7
SHA2568d195e2233e962e63ab65938ea358a425f544fa9dac08f3853f0654c00aa578d
SHA512f80b5e36f5e6107b48d6fbc6cda4ee89499b0397614f08c9548c92f535514fde5bbc108345fb018b1abff9c191165a4bfcbff98ba79a88031c24217548244efb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\6E1D877ABE1269E77F727607D9421E73501432AFFilesize
4.6MB
MD5f7ab4f15216f35bc0a430b01e8492154
SHA1759401980892af327066bcd0d9d9e9d9528bcce6
SHA2567da05ff51bc4796d6457ea0dce82b372cf50fbc6274f4d8faff402d4043b2775
SHA5120e99976ae20110145b4ce838b8310a11185db2f9ea18da01c9e1d09530cb94a3ab2b967b21881f910fad0cdc91da4c85a70ae56e9148253d8b402f2d84b65338
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\70A651CDABE85D9B09043B7E4800B18B03EA5220Filesize
100KB
MD564d6faa786766a435d36faea8b90c877
SHA114415f8304efce0016d8cfc22700abdb0212ff09
SHA2568f6ab87fc11e5429ffd53997104993093bca1e1cca014e6329da14b4c158f8a4
SHA512621311f2d44d8d0493d3cea43c1eff24c1ba70ff91514cda9a8f32bad2fd9ff9db396a272fc6e2f0dca79e96c7824e124586beed1c0e3fd62725781b78401c9a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\89C9B59023C6004C5FCA8E641B2BD533BAA7F06EFilesize
9KB
MD59555811177f3126ad4e7d4637b7bf1bb
SHA11e8d08d8411df400caa8cf45e8e488e5c111cd6f
SHA256c68cad53a2e9e854694583ae01c6771efbc4ca569c44ef57a3523c25fac68258
SHA51202527e93ee9ac786d7ea7f1e210c96c7393a0e4f4c82e1e450587f4dfc9c9a6054e42d4e2cb79295f51b00fb69ea78739ce1a475101a7bdbebf67e23df14b163
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\8AF5D98EA49BFC5F75DBBB8CBE9CADF11B63E0F4Filesize
10KB
MD501fc0f3dfeda4b43a2ce082bcb69dca0
SHA19d38e54dbfe4fd1581014bcfe761f538073401a7
SHA256ae53ca028fa98debb70c1268368c4fb41b76279f72280b876c22b4514a1219f8
SHA5123fa437a1807684c620ed757aa53dd7d320fdb2bc12c670601be10f35531abec70c071c3eaa8092c3d0c75dc35955fea753f9e664e9b155e001232447f5d39613
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\90E321EE94230DCDBDCD2EC0B77C695A4FC21F78Filesize
9KB
MD57dd998adc1d09c4e8ed65fa10603c945
SHA1097618aa59823615d84866a1a917cb56d57c77e9
SHA2567505e003253dd798e7b06fe9486879d4d0519d71ec16f5c6a5acc0faf7a32651
SHA512974311cf878f00c67cabcecaad0db7787ac607c7b2d9123f6c0f4dc5acbe021b292520e8458a14095a21da0ea08b01bf4bc30f71633d42b858e2ac42f7b06cc6
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143Filesize
9KB
MD572d0f85b9a7f80b0dbf5d120fd25c68b
SHA1517041a62f9a86f5117864ef43eebf4ccc8fa97e
SHA256d80e354a0dde3d99cc39e8d7091d46a94a622452fc43a03de8c7487e581bd96f
SHA5121b98bfeeb54e4210850770654c9e7e8629941aec01a7898cb06245d2d2846ad39f04d64b8e033791e0b3169d638269f3bd0d6286f978ff559c51dcece1d473e1
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\B6F59826B025251E088E4743F506708A83BD73B9Filesize
10KB
MD52936774e375d3058b6c686428abd684b
SHA18e1b1ede423cf40f2a0a7f66c0d5e7734169ef1b
SHA2560057f5c27a7e6746d7374b592146f74c2041aaab7f2740c39b7c98263f4aa4e9
SHA5127276f8b73ac910e688bb9acbba421278c638bfd935de6bad343e5d7c63cee3393dcb8323ea93e5d3f4689fc59cef78664720868a1ee96d42ed74a34b5f30bc42
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\BF18DF68806462467733A7BD78F61648DECEA162Filesize
29KB
MD57a0ab054e499173ab0db81bbc35f2b51
SHA15258b716687d31426dc2b31855c7074b8a031013
SHA256d9be4563dd8f4047a3af40256427a8fa640f82ab0a6d937caa1e376ac48f7c2f
SHA512c0127c3abd34a57caf35a2060a72fd8992d68c5da0fb59589a54253679ac0484b635b18615f6b4dfaeafd825f113232314f3132de9446dfd8d3f6b0c274e85c8
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\C982342375C355A44C213031EEAC97222E1367E1Filesize
13KB
MD5adc426571b31d9cf0a5af172a9fb79e6
SHA1527e96e847ada0aa9fc2ad8488a9b68ecd827c2e
SHA256871af8f21588a325ab8329d0a7d9e3ba4ce73cc7da9d7f443475f86cf3248be8
SHA512423cf68423fc7cb7bb190dd51f476526a664503dde783d890501f720eb2ce4e32f6530df247ddb9292e0f4a0ebf52761911bd07b4c87bad9d0496fc2822635d3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\CDA62003B1B987A64F1FAC75D1484DBFF94F08FBFilesize
9KB
MD5bc194811723f14dc99223b3386eb4752
SHA1dffcc0221a89aa149f673230c495a035d731c25f
SHA25684a340ba7c01b21e8c031094a6b99d50e4670d639b84315ef9f8a053588e8fc8
SHA5127f818289b9aa671576bf2fcb2c271ad29f32c2277d034f8219d569c65a6b11531f47fd833041edd05544caeb5b878467e1b3746c3a6f916c44d0dac69ea41914
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\D6B0ADD0DAEA00708CBB4290B85CCA0E0FA79061Filesize
9KB
MD50dc9d1d8641f792ad12f1bf5824984ea
SHA12a60b9599315c86d0e8890a631cd32b6ff9db1f1
SHA256701c0b29b0bff78ccb15ab94ae8bbe91f0034d9f17bbce2561816ea6d2188e6d
SHA512fe3cf5a1bbd34a8831f73dbf7024dc16a220edaaaf49384d7766b1c244e788942f04ffed2e11bc4d18e9ff61a4a04a63d968084828635b5f13f8e9111d936056
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\E5EF2DADE563227ED88C2ACDF65E943DF698A88CFilesize
567KB
MD59d141c43b7be9c0df59b6da5e6a37df7
SHA1c62b64d9867afdb0cfc7c2f8d5111c72cc24a691
SHA25609519ccf3208d9b7a461e9494b426659d34b40d036098b280c7cc19d44b987ef
SHA512f79dc04c6e3bf76e05ffc9ee892c4ce0e97e8bb3159ce9d4199ab11557edfb718ea65774a18fe84a810ecce1eea842c3de2e0fe5198658640d2d694282dd95e1
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cache2\entries\FF63A96CB0EE05C4E8600CAFADA617EBA0BAB35DFilesize
9KB
MD59391a0af44734b3f03be90c161bbf065
SHA1f6abfd0ecca0c98ca0c88aabb911eb42abd4243b
SHA2566a612542271a33ce8b721a7a4cf5531259e37cf23a912063395cd0e48b537784
SHA512ab71fb485e2a0b9fe096c646500e3debb1d9d31d10997587a93f752c52108a8a8673c54f9601955780f194ecfd98c5b7ec56cb942199be4fcf20dd968e0de01e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftlFilesize
7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\startupCache\scriptCache-child.binFilesize
458KB
MD5ba124be5761a8fbe221625fec2d7ee84
SHA1f8617b00ee3c0d312c28852369da1878d564ad73
SHA2562f4592abf022de009ea331c95b31ef760e78efa67b20c7d66b054e8914d027dd
SHA51253ce61703079932f08d881d51daa75f46a808b1ce64c1c0c85d56b6af2e6922294ffb7245ffa6375b8106ffd6e9750612f1ce53b97d955e792a707a2c277cbeb
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\startupCache\urlCache.binFilesize
2KB
MD5bb9dea86ec4d4e106b7c7f567e4b16fc
SHA15bc6cc2d93dd2d6351e3d53f57082788ebf8eae9
SHA256d5114d1c786ac28257ab5fc22161ce8c43eda60e7137111105cad6c91e6ef6d7
SHA51220379491daad823fb6673bf64f6db6110dec621334a4cdd90bccafbca1246adafb88b8753c55c626ccccf5d9a57b1f7d6f8ea21090ec25662b1d616cdc9ff358
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\6SEGPBKS\f[1].txtFilesize
179KB
MD547a63ac172e94ef456f08ae31a0cfd85
SHA183b647bfe3fc0c0d9af70645dc09a30b3bfb2c28
SHA256942691453d5e2f428c956761376d403d5d34f9e6cc390e87c63dd23ed5cb8d04
SHA512e1764c5315475cde47e73bd267b849c342bc9d3413a5cdc41b4c33d69039c71f4fd117d9dbe72b486aac166480c4aafed6bb8a2c11913836d9c546a2cb589afe
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\V3KB0S74\favicon-32x32[1].pngFilesize
707B
MD58bbaecba2cd7c3f5e3c12311b3a07623
SHA163f0777c0e1ad6a8301acb52e17652863b7dfe29
SHA25684a9703c9b520551b59f05f41f1d7e7e3aa663d1f80c02c9a2c2933ab430110d
SHA512fea69c5f4ae7a72c7fb7d66628ee81389330e2e594a2c79f5f4ca14afe4344023a28572511ecfd1f9f1426e291a1a35ec6875c69dd02c5027b885d425be7d1e9
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFD7C32B32BF896E57.TMPFilesize
16KB
MD5c0ec00dba3314365ded53fe5b056faa3
SHA18d445265712ade3ab751b6f663be23f34ae966ca
SHA256a422263500a37b0f5fe979a768e89ac93c4d39af99dd9d28d5606de07861f874
SHA512aee6a0ce14397c6d1e91b48df00a1f42eba781cba1ddf2df16b07a357696df536a02e9210b9bc62a7d36521f3359976290aa6351cd906518c66943283fafc0ed
-
C:\Users\Admin\AppData\Local\Temp\RESF45F.tmpFilesize
1KB
MD57e21892527b1696bcfeeae94717ea051
SHA12f2e54bc3f1dc618e7f9fa3c18d7379eaf471005
SHA256545147a5cb54ffa6a5bfe1aa85b1be38c9cca7322bf2fe25f695472199318491
SHA512e78ef7c29250e0c9961a4d2c8af43400c6df8181638e2baa2f54a361bebe830266327c964bff53d022b9a28863b485a8aa4c5476f71ddf14d40390a9bc079124
-
C:\Users\Admin\AppData\Local\Temp\is-BGFFV.tmp\Grand Theft Auto 6_k71-y31.tmpFilesize
2.9MB
MD5392188858aab78d544835de0fe665a04
SHA1e2c06e4d926bbecee75887c83b5a9e732b0103b8
SHA256eaa483432e2cae37fcf1350c160b848948f8e512ed085fab67d901bfcd8d5d07
SHA5120d0d1d1196d705af2a755d054372b45e8540edeb201d2b9ac2d48a08240399314130f3e78e7e962ce708d3da90ed933fa848023f7db9ecaf7fc6ec7979cb05a5
-
C:\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\WebAdvisor.pngFilesize
33KB
MD5db6c259cd7b58f2f7a3cca0c38834d0e
SHA1046fd119fe163298324ddcd47df62fa8abcae169
SHA256494169cdd9c79eb4668378f770bfa55d4b140f23a682ff424441427dfab0ced2
SHA512a5e8bb6dc4cae51d4ebbe5454d1b11bc511c69031db64eff089fb2f8f68665f4004f0f215b503f7630a56c995bbe9cf72e8744177e92447901773cc7e2d9fdbb
-
C:\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\finish.pngFilesize
2KB
MD57afaf9e0e99fd80fa1023a77524f5587
SHA1e20c9c27691810b388c73d2ca3e67e109c2b69b6
SHA256760b70612bb9bd967c2d15a5133a50ccce8c0bd46a6464d76875298dcc45dea0
SHA512a090626e7b7f67fb5aa207aae0cf65c3a27e1b85e22c9728eee7475bd9bb7375ca93baaecc662473f9a427b4f505d55f2c61ba36bda460e4e6947fe22eedb044
-
C:\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\qbittorrent.exeFilesize
22.8MB
MD522a34900ada67ead7e634eb693bd3095
SHA12913c78bcaaa6f4ee22b0977be72333d2077191d
SHA2563cec1e40e8116a35aac6df3da0356864e5d14bc7687c502c7936ee9b7c1b9c58
SHA51288d90646f047f86adf3d9fc5c04d97649b0e01bac3c973b2477bb0e9a02e97f56665b7ede1800b68edd87115aed6559412c48a79942a8c2a656dfae519e2c36f
-
C:\Users\Admin\AppData\Local\Temp\xjiivvtt\xjiivvtt.dllFilesize
15KB
MD5830d1d50051083c068869e50fcad8854
SHA1fa885dcb8b30410332c6eeb4ab97b6b7826b794c
SHA25693701f1171fdc9334dc672605dec7c7100bd455102036bdc997da09d97026def
SHA512316958c0d25213c7a5538fb0dbe88c7f4e0f4f72126f5b0eeb20796a9ab0bc8ef99983b6e903b58ed99d02b27882211508a43a0de8024739107d65030307f1b5
-
C:\Users\Admin\AppData\Local\Temp\xjiivvtt\xjiivvtt.pdbFilesize
49KB
MD5131c6c69bf182fa58163d8eed19ae340
SHA161390071586fb4cd776bb00fcbeae5b993e9e3e0
SHA256b6ecddec2ead46c01082c0b1fb12f897655e7ab0f0765e0ef29e62787faa4ab6
SHA512fe58c1af4abb54c958fd032344a1723e2e8139748ac8cf01ef1dc425e6a188ee7609ac53ad5b21a475d5d057f167f47128dd1c36e72e5dcd89f87909ee67469c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\SiteSecurityServiceState.txtFilesize
324B
MD5399dc2b957c9170eb51e7d60cf85d739
SHA16f3152f8050de1731069af63e88f485cc482dbe1
SHA25670b3ae621fd51fe7348c8aaca157112e31201ee02aae70fba6334aff6c037f5f
SHA5126dc021b24275df08efa3a90d99dd5b4a1cfc223a73bcd7872a8e6b5ab25ef078f12fa30aa53f793a76100229c0298a9b52be8bc5de14ba56a06de4f14e0947ce
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\addonStartup.json.lz4Filesize
5KB
MD5240ba8559eb2129c9de23ef68fb49e6d
SHA1bc37cc5e3dbe368918d503e4304aa90006fd99d7
SHA256b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec
SHA512ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\cert9.dbFilesize
224KB
MD5367142b3d2d3c32290c48e94394c89cd
SHA17f289185539c6ccde30ebf115fc9ee51bd9952cc
SHA2563c984b32544e425b9db5a71ac56a30ef974c1b9f1df8e2895ebfb4c2c616bf5d
SHA512ec587d04752d81a4e8012d24b280e52e81a4b3dc0e5491dc360843d21b422d469092d613506d6e0838e5c3cf8623975d104fd1f2eb60137388ef30b02aae7160
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\db\data.safe.binFilesize
8KB
MD551b68b7ea0872d4798066913470c2da3
SHA1a06b5cfb2ed42d0acb90156b5cc16b845e575d0a
SHA2567b4a094b9470a40a974354c8c059501fcd8405bf6638aa7b6e1911c1830ca982
SHA5127a23578ef77ed08c1e9b4a99457706a32eb259fe4f784701b83a3efc13a89650fc6d5b0c6a0e07ed822f6bd3428510a29aacef4eaffcc7d891781cb5b7969d03
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\db\data.safe.binFilesize
9KB
MD565d1eeadb604f43b6309b2744a9bc764
SHA10d92a5cf6b631d04a9b1d478a0fffdefa74c9d83
SHA256bbe5761a8f43523327b146f917a033e05f4596f0a3fc83e63651e728e6ea7739
SHA51242dfdaa8480ce9a780ae0de40e95792602c772c7b32cd57a02a6c8676b6320bf8af73876e4b31d58a9235903b6ccbc0f50f70521e91cca54a8529b57d996644a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\db\data.safe.binFilesize
9KB
MD565d1eeadb604f43b6309b2744a9bc764
SHA10d92a5cf6b631d04a9b1d478a0fffdefa74c9d83
SHA256bbe5761a8f43523327b146f917a033e05f4596f0a3fc83e63651e728e6ea7739
SHA51242dfdaa8480ce9a780ae0de40e95792602c772c7b32cd57a02a6c8676b6320bf8af73876e4b31d58a9235903b6ccbc0f50f70521e91cca54a8529b57d996644a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\pending_pings\0b154d09-04f4-4968-9f52-13c8b850b109Filesize
657B
MD574ada32bec7b74be922787dd66e75e41
SHA100bd06eb6852b0db4ea371bcba9a2386d699daa7
SHA2562750d930c367563c302963e1d7afa842bd0d646887a736669c0a9a01807a2b17
SHA512dd518d3c39daf2013bbc17c00d507b2e00d28af01f403d59fde144c1cf26341c413d3dc1c50b27aee2eadfa71b3a77160f049913d6dd2fb193ed5fe19d0e1ffa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\pending_pings\293f7f1e-1eab-4b5a-83de-fa9cf53e0a33Filesize
1KB
MD5ac2283ffb7fc5e6d68465b11fb9ed5e4
SHA10518e8dbb9e3ca26fbaf46e3b2589d717123772d
SHA2566fa4fd485fc5a2fc5065df9d933431f7ab66f1158bdb3c13e26a94b5649af58d
SHA512f8df50e7fc048675deafdfd542df969403f99c8712b06e2f4a5e848c3a3c0fd3654bcd5bc891bbbe74c4abf0d02c574052c0865f274815d1c0ccfec9b6fbeb3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\pending_pings\5de362e5-1c3d-433d-8f82-6957d56450ceFilesize
856B
MD52981df6e829fd51d6f6c4357cf060d8d
SHA10ed71c6b2d63874ec48cc2237bac7b7b5aeedb75
SHA25666e7a26a552065612693f9f86349e1038f85d221a39cd0e1c43dd942ff77434a
SHA5129eba2c2cf92b3bfb0474f766e9a054ac5eae55a29b13068d54375a8326b3808783c381c1e1c0da2f33e8393f134d9deca2a1c9697672a2620cd321cf74a27f4d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\datareporting\glean\pending_pings\a557a165-be6d-4b5d-b7ed-b8110a344d7eFilesize
734B
MD5859a3e9af3e53d23e81065176c450ecc
SHA1c608c55eceef450734c6a5276159d7d6b354b9b5
SHA256b9d1ace4e3b0a5ce217fb90b38ab262811456754651e471511d8e45379ea295d
SHA512880b6d275c779c4088907334b9b3e1e1dba3023431ded7f5328217e4ac9bd3c6a747b6be7e0bce9d6a5097e901eb3a396839d93bd4d6f724b998a67193369a2b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\prefs-1.jsFilesize
6KB
MD54eeca181bfa2e66203ad5570196f7893
SHA1e5b236e60520d16eade01d87bad2435e1e287eb2
SHA256d52b25fbcfa60768666c8cc5849babb6d356056d2b81bae6faf721be8a94eb5f
SHA512d2df3174fd4a86bfbb1d12d814e4c8f1b6899ea4fedf2b828403749f6c712e9d1d71270119b97a88d0ef9aef3b3fae61b8a846a16a62e8b5fba1429dcc594805
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\prefs-1.jsFilesize
6KB
MD503639a3e34bb5902403211882084b79e
SHA189891d3ff55f414f9f7e7ee5b9d52d029f9f2906
SHA256e6bf0276f1e699abb9fee32ada51b7c90384e9b25e3bf21aa3bfa529d44212d1
SHA512caf62544e708136d52b3c1dcad9eddf4b614ee79a73d40f541fc999b3bcdaa1a4a41c65d09868d6ff1eb635d7de58144e777726c81e50ac670e4a0496c641116
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\prefs.jsFilesize
6KB
MD58aca044430b86339477ba9f40b91b518
SHA10593b71e09b9af010b18c44c6142f94085b8283d
SHA2566bc22e93ff3ab8012e143ee6444e561e7c6ae97e0b3faa7fcb5c210fe1c4630a
SHA5129cc1f162948ccabeef141dd3980421998dbf3f42ff11fe2cf08f429368760b930b67616c1cc8010ae5bcaef67fa6ebe553172b9fe184c2f005740a8770ee77a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\protections.sqliteFilesize
64KB
MD549397db0486dc59d607907a086f40c9b
SHA108742ce9db9569062def08e99eea8470702feb7d
SHA256890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\search.json.mozlz4Filesize
278B
MD546d38fdd90eff97f67b36a5bc3beadb9
SHA169c742b23789b0bd4bdaafcdb134a37c3323c9d3
SHA256b1223e35e9f3b8ed42eba754710aa50d614193e0a531f3ceac3e4d9183d15ef1
SHA512b75acaeb3416d580422112c48f5f8c2fa4ce898d1ffe3c3215501a0d106ea2d6de7a87465ebc33288e1b807353e24731052c99602a42f1d20f8b6a342e7606f1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\serviceworker.txtFilesize
172B
MD5c0f33621bf19d6e5493449b6e19d61eb
SHA1d8b48780c0dd02b6c571be05eaf5c1b25994d3d4
SHA2561bdf82a8854c86109e80e7047e7ca14313095a2d6bee83f3a262d6dd362e1c32
SHA512201710f3f7b7d64031b9f78c2d4282f083e1298982a2043e4e5cee580b105c13158f5fe67fa2066d16d8ba75db53dbe7838ec16b2e9249e0703e67165f6b05f8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionCheckpoints.jsonFilesize
288B
MD56b77a9f779399e95d1cee931a2c8f8ff
SHA1826efd4feb0d50fcce5696111af7c811b81adcd9
SHA2563a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3
SHA512ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionCheckpoints.json.tmpFilesize
53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionCheckpoints.json.tmpFilesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
14KB
MD50246b79a037e2b7da8afbc9d4e7deb63
SHA13ff92c366e9a1a976c2579a490991fa242c5589d
SHA2568643f7a648d8aa5c6cd739f658d9bf9ccd826393b695ee958b7a3b5453cc04dd
SHA512b710671739ff80d140fe296b8ff3fb8b07a71d51ab9778e8e8b05f539791881c726ab9b73679c5061ff69f4fe447f62e97592b18f3072045ea73b0b9328e38aa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
10KB
MD50a54cdc2283d755dfc4defc610197087
SHA12c0de4d007c68367a6cca71428886d4cdd48a2d3
SHA2565abbec87957aafdd38bf300d3f339e8bebbe78907b47ed183c8c2fb2fee49589
SHA512b0cc88b42433bae153ff1d5d7af7751ca041d58c8010dfe5ebb5ccc003b3c7d8db1e3e98f8cdea998190a40743a6d1d0a44fd6a47d357377f1bfba4713c957e6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
14KB
MD5e4b513a3e11c96d72541ba3568aadd53
SHA1c6c1c23ece76dd0adc3a2758edd1ced8eb088c2d
SHA256296f070b8ad8b634edde4594ec96ed6b3f98a42924a0dd452ff80306dc67886d
SHA51204c0c24f97cfc0a1f5d7d91ccd19eabf1922dd9b5d18b5f67b5e2fb7af799dbcfb3248c9321b2a350aa2c693d9eb0c2be2e82268f5bbe53db88bedc214c5ee82
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
25KB
MD5c649fe1819ea1ec965cd9acf698345b4
SHA1522f0537632b62359776891dbe510c6e5f388efa
SHA256c92195e3aeb5c2c35a325c249b6c2121428b98859bb6479f9c3f290eeea3c519
SHA5125966b90b6b27831969ca11230b3bedd31df0ce802cf852741f9fdcb57a17f41acfa80e3403af87c498c20e5475e4d20ea0b35f90aebc9fb511a0928a2517434c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD51c8bffdf7eb09127014925bac3aa46b9
SHA1112a9949e2f72e871dcf6be21b21002d0143e286
SHA256da47c341b7a1ef249c3881da983198920e62bc295e5e5030933937a47212ad1a
SHA512bae8295a4fd510f51e6bfca675c17914b4dcb4f1581bd9ee324999bd5cf272067c3c74c8caa623988b5fd765dba723a80816bfbba6367acdc910a9d45bcd10bc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
3KB
MD5df0b06f9e84b5977242f69ab32201a66
SHA15b35ce9d37a3f8c36df57832a9fbbed0ef08f8f4
SHA25619ef5c31e30b989091b2767d607f27da364a63e2cdd0b8a33c71375e5f67608c
SHA512240c7d9bdfd36b0d1b0e35a63be4f9b341b5672a8a8e50a1797ace6e8fdbf7927a8c74bf11ec704c723b3fde4cbbf8963ed5ddf643e87837c18a11f7deceadbb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
4KB
MD5ee869f2165dc44c9ae80ca87cbb914be
SHA12efe6a2e82b493f3fd367071b6d7ba961647049a
SHA256f0ab80a4d12cb15ab208f813397efb1918515b51863a1f385d7f937783b45a00
SHA51281c1666d305238d1a790675f4ce78dd82bf0d7a44212ea14b96b2b39cc24fa492ea2ada54e4e10c3a203e2151b80288490d766a45f03ba032a19a6e48d9bf921
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
14KB
MD5e300144ee1fc68645fbae1c8fc5bb6e0
SHA1e4fb48807c3d6b609023a9bbb0678b257f6dbc1c
SHA256d97acd3f0b276e02645946aac69de1b4252e733277e1ee9965bc9f5425544c4a
SHA512f6d09f74b3e4f392449fc676a1e5659d8c5bf7629eb58e85faedb38d7e5ae05cb0fe1b165438bf3c1f99fef438cafe88257152bd54cb06a0e39b50d4ee951da8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
12KB
MD5fd5d7a2fd0cca6a70d2e85875e78fcba
SHA1b9e8a21a653e25594ff796af3da69698356095e1
SHA256198735f617a0a99d9f3eb0e9ba095fc1efe2c618e12b3f39b8aabdafe293c23e
SHA512860ab41760b2c978a11b0795db2cd81abf1890a3e3181b6d80cccee163b54733d969b66cefe2dbc7192eadaa34a015b7f8ed3cc5ee15c567c2c9304004b50d13
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore-backups\recovery.jsonlz4Filesize
20KB
MD5c1f6d150baadf092cd0ca61e439f9280
SHA1a601434c23aa8920c2bc996717f1af638711de64
SHA2569f08a07bcb06917b58bc22b8d8134897539439066e266c50cf23d78ae7cb3fdb
SHA51253f50fb32ffff92e3b7e1d8ad6d809ad1eb4f33a994705fba50a07c5ddfb0da4e55d7e6bcc30b7808e3d4c3d2bc6d1fcadb22ceadb9c809598e61a7ae574819c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore.jsonlz4Filesize
446B
MD5ec379a286590adc2ba9cd4507ce1bfb3
SHA1e9fef23d888dd59a5979b4ef6bc9bfb8fd47712c
SHA25612604e26d3c2780c9559a581d85ea1bbfba98fe9862448f527001f091d60196f
SHA5127910e0b0fc9cbb03ea9872dcd467269275918f52fb53c9ace1a699f3966ce3216da2cb58cf6459341c6a14aab7ea48ad014c063b1f8bb8abb9aab26b7b74d41d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\sessionstore.jsonlz4Filesize
446B
MD5ec379a286590adc2ba9cd4507ce1bfb3
SHA1e9fef23d888dd59a5979b4ef6bc9bfb8fd47712c
SHA25612604e26d3c2780c9559a581d85ea1bbfba98fe9862448f527001f091d60196f
SHA5127910e0b0fc9cbb03ea9872dcd467269275918f52fb53c9ace1a699f3966ce3216da2cb58cf6459341c6a14aab7ea48ad014c063b1f8bb8abb9aab26b7b74d41d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\default\https+++alvsx.veinmaster.top\cache\morgue\206\{7874f4a1-6d70-4443-a16a-d5e68a364ece}.finalFilesize
1KB
MD5551cb95062e71b367a162653786c883b
SHA196a452a715018b7a87d2594c6073fd3d2d44dc27
SHA256c2026311f7a1f0bb6257aa4ec40e54bc256b6a96fa708e806a257563b6c543a2
SHA5124541eb32afe95d66f8d651408065c968179883cf8b5e334b17d059a836983ac28d309869b7817f8d9a9ac15a416794e56bc6201039fade32169636209743b1db
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\default\https+++www.gamerroof.com\cache\morgue\16\{a8e4f3b1-9195-4756-b1f4-95636aaf8710}.finalFilesize
34KB
MD5b6d320ab54e4d37cb0be6cbdc976e2cd
SHA1f330e811e2b6874f0e51243f1dcece53abf768cd
SHA256fb55e42f04934bf619de4ba991a076de807e323023b69e066559fb9f43698d12
SHA5126bea32ff134d8d90cfbd631ea7db1466bd5f81668bf29cda1c1416026783235797769e8d89ab3d1a9d07245695e8d1e96fe0a45f14ac41dd5f368df99aa87397
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\default\https+++www.gamerroof.com\cache\morgue\174\{43045451-c231-483e-8536-527bac790dae}.tmpFilesize
168KB
MD504a834540f7d2bf9265cf7b5d6297f53
SHA10790dfc6d5cfecfe24d59d3db45334fa77251bec
SHA256c049dc52ab6ec24ba67fec2a8a483955327bf062f65c3e13594b584d97a4b352
SHA512ab45601621cd987f26f70ef4b9711a3b4267b950f8b60b30928028ee377050504205c800ff6aa84142b1523f9addbc97467554572de5c6b7f4e7fadcf57bd247
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\default\https+++www.gamerroof.com\cache\morgue\240\{ca485f61-1936-4ad7-94d3-f1bb5284e9f0}.finalFilesize
3KB
MD57e6cc6dc47d3c6c46af38a5070c9ac39
SHA1c8ee6e7afd7a4bb3cb83a76836e0c5d45c07e345
SHA256fb232ccd4d46200544c091e1306faa001baaaeb820ae1355c7568e6b98282a75
SHA5122e21fba77b46fc6ba0e6b97f2d145f99380075c7fca9fa1b87f13a565951018bc26e9daffd792468ac243df3f592afa81bcc4c86d0e5b330cfb00fa9a0ffa32a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\default\https+++www.gamerroof.com\cache\morgue\99\{539ee262-724d-4c38-8e41-8df33a469663}.finalFilesize
2KB
MD5c0106f08f0507b013502b523357675b7
SHA13a2f21187f66c3d13c2bea4b5142188aa7ed612d
SHA2569d43edd15fca8c68f3e598490b9501b9e026778c618054de151a5d3830476efb
SHA51211439989bdad87578531be509f8363d66a755e35c335dcb61e544dc6e62708347dc0a07489db7bf9281b511696f2909e20b3c8480b353dfef63e60ed9da3f256
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqliteFilesize
48KB
MD5963f2909d724481a18a14d4fa5169a27
SHA13c37460e786e6a705dfab93fc49ae73a41837cf0
SHA25692cdc4208381efb60c3b3b7cfa0a75508f60caa24bae7fc976c4bf949dcc3ef7
SHA5123e633d534726e113fa5f8330abd272046627401ab8b70aa19b714481f02ceec882e7af6fadefdc41195b79f956e521d057762aa08c13daec3f063829836f3f55
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteFilesize
48KB
MD5d1cf73221e3fd116bc32e7b18c605990
SHA1474c7fdc920d3f0108a6552d9a1703a9ad9c30e2
SHA256233472dfd53a70b1ce45e68a46c1feb14df465523357218f95ea9c30aaf35d38
SHA512859aa1db4feb246278d66970ad3c170ee7f18dda7be114c73fa6df5c040c02e4466bb6e8e342fa194cc976f88007c3f7dba7d2a2dc031b0ebb15332e9dab79b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
160KB
MD560d9d7ab5984e4c3567e4948e30e27e6
SHA1cb5d4752d9cecf4b1b7fa7042b312548778a497a
SHA256d1813762fde5975668ea42f53fde5fece9ad592885b5b7d2855079f8cc4368dd
SHA512255745e76eab5e72c78377e95c056f31a977e07c2d8cfe8e1e3602aa32166a16d77f2cf5582ff1d766ea6f9eba46edb53e1c5fd5dd6b0d32b4ef075c7079035b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD53c712d047478f6e7a9286e9857087f59
SHA11bf71a421541d7b40a0b023724ad78ef8fd4f965
SHA256bd4debe99ea17a20627251d47d9698f26ebd9dccc07328ca13fdaebdcc9d11c5
SHA5125826694e932b0ab2228dadda90bf613d63af6d317b79a920b3c82dcfc82b4a83a7d2a96cbb98200ac24d83533fdc48eb99daec6212de2a22eab0354945b14efb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rk4p1g1j.default-release\xulstore.jsonFilesize
120B
MD505e1ddb4298be4c948c3ae839859c3e9
SHA1ea9195602eeed8d06644026809e07b3ad29335e5
SHA2561c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA5123177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e
-
C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.iniFilesize
1KB
MD54c48c2d22cd9014cd2c652606e17c08d
SHA1973a64a9ad3d7e4800f5cf4bcb728e2565781a13
SHA25620a47d066714b21ed9e32e98187150ba32a99ca32c1d1812ddf2b324f4afb6ee
SHA51223ea72cdba51c57468a7b59ceeda15932498cd7e396f30e299775f3305a929139f44a66054cca53a539a5827b343c658c6d8677d068faf0542628b6bc20327c9
-
C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent_new.iniFilesize
2KB
MD5249eb19a46d22b6bf211af793fd56ba7
SHA11a597cb9aaf5965cac6cf58e00948f82cec6b7c4
SHA2568c902a2c44ece9b47467c523b99f923d612b5d416bf935bb74c753f1ed66e980
SHA512565c521c0cd3f662f533a6b8879f636e213e87bc3ce4484834f5a28ed74c6c8be49fd2cf044b5217222653822a79097112ed2b4efaec602cf9f7d091a3d4ff2e
-
C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.jsonFilesize
4B
MD55b76b0eef9af8a2300673e0553f609f9
SHA10b56d40c0630a74abec5398e01c6cd83263feddc
SHA256d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817
SHA512cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d
-
C:\Users\Admin\Downloads\Grand Theft Auto 6_CY-T9S1.RZorEs_M.exe.partFilesize
13.8MB
MD542b0828a300ff9641620a1ab43cb9547
SHA1aea4f6eefcc2aca7f04220daf688565f66b4c212
SHA2560bb4adf992267f14d272bb10743030952057ba5429013b1f6559788498c901d0
SHA51260341d9363a09636b1ccf19ff4ee20bc361c41488bba108ff546b8393aad2652988923d16e958ac889a13265a10f7ffce74b311acbc5986ac1d75c6cb3efa7d5
-
C:\Users\Admin\Downloads\Grand Theft Auto 6_k71-y31.exeFilesize
13.8MB
MD542b0828a300ff9641620a1ab43cb9547
SHA1aea4f6eefcc2aca7f04220daf688565f66b4c212
SHA2560bb4adf992267f14d272bb10743030952057ba5429013b1f6559788498c901d0
SHA51260341d9363a09636b1ccf19ff4ee20bc361c41488bba108ff546b8393aad2652988923d16e958ac889a13265a10f7ffce74b311acbc5986ac1d75c6cb3efa7d5
-
C:\Users\Admin\Downloads\Grand Theft Auto 6_k71-y31.exeFilesize
13.8MB
MD542b0828a300ff9641620a1ab43cb9547
SHA1aea4f6eefcc2aca7f04220daf688565f66b4c212
SHA2560bb4adf992267f14d272bb10743030952057ba5429013b1f6559788498c901d0
SHA51260341d9363a09636b1ccf19ff4ee20bc361c41488bba108ff546b8393aad2652988923d16e958ac889a13265a10f7ffce74b311acbc5986ac1d75c6cb3efa7d5
-
C:\Users\Admin\Downloads\Grand Theft Auto 6_k71-y31.exe:Zone.IdentifierFilesize
149B
MD57fab1ef68682180d1db15ce5481ed6a3
SHA16a1442fa2d28cc9d503038d8d33074c906e635b3
SHA2567f5e305ed27fb475446f512bbbf46911d47dc1084cceec1b9d347ce23963a978
SHA512f8121a9df0f877927c0a29881c850d1774f0b3e4ac5afedd8aabf85ff8dffaaf1a736a796e099e78a0328c55101bec94a01b20246005c6e7f440e198b85272a7
-
C:\Users\Admin\Downloads\Purble place\Vista.Emulation.zipFilesize
27KB
MD5117c9036d884faf47d49a7f368bc93e0
SHA1a0abd2dc89cd1f7dc28c2d0d5b0948b0bd904c6c
SHA256e44a9f368d4791bed7a27027fe8940643716bfde51014da6a57ae0748a3caefe
SHA5124da63ba9ade987621a375465c4c8b5696dc1610fc865225cacd12cf22749963b6570ca7921b0d59d719666fc45e8063c5c3eeb15f54880763cee4ad76e37d817
-
C:\Users\Admin\Downloads\Purble place\purble_place.zipFilesize
58.8MB
MD54547319af1ac04e868db92f960e158ab
SHA17241b51bb357e9e7e4c407c22a1f351c75418f69
SHA2567cce5e232cfe6d0579af13819d3ac269eb9924b85a0ecd1ae89636e777dd318f
SHA5124cd0c8bc7346a9f7cb12f6cbe7a0a020d4fe85fdd0a71ffd8529325c67ffb6c21e3e8f00e3693b1c91e907bf9e98d99c3972bd60c1880fad96baa350350ccb1b
-
C:\Users\Admin\Downloads\Ransomware-Samples-main.zip.crdownloadFilesize
15.1MB
MD5e88a0140466c45348c7b482bb3e103df
SHA1c59741da45f77ed2350c72055c7b3d96afd4bfc1
SHA256bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7
SHA5122dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431
-
\??\c:\Users\Admin\AppData\Local\Temp\xjiivvtt\CSC142C50E6FE704F48B4BE2AF824AF.TMPFilesize
1KB
MD5c178ca0eb0fe3f04e1d74da3f1c9a807
SHA113713e5cfc392137c51868834411247d6ab75265
SHA25685d461b66b81bd36a4e68858ad39a24b3c3fbe1f0e21c9e1858e6eaf879e1d6a
SHA5126e5cfdc2e6f1c47d83cf29d39b84201c18644da0d9bfe0066d746806fd66201950de12dba75a06efa776527be1c570c7b32db54926b78b1dc98c71c191b0e44e
-
\??\c:\Users\Admin\AppData\Local\Temp\xjiivvtt\xjiivvtt.0.csFilesize
29KB
MD5be0c48fc5057a467514eec58f1b1264b
SHA16d656174c6c9ab1e4c3d75cc9270a2aa4079183b
SHA2568685fc1ef0ff239f59289b26d9aa7134998f4cc4a15b22c9a8922c071bb32639
SHA512157df2d4ef94906418ea32be5feedc28aac61787033e7473f0eab8e22d32a2a83ddbb5c43c16b0d5f83c8c27f167e1fcf2967df35bdbafca75327dc35ed443f1
-
\??\c:\Users\Admin\AppData\Local\Temp\xjiivvtt\xjiivvtt.cmdlineFilesize
248B
MD5d06363e8b457969c9684b514327a7e3f
SHA1a9921c0dbe092e8d52b1e5b3e9756c421e6ddfcd
SHA256b04a03510f4ac6fbfc0f8ef866977585b01240df3a3c0048f0cd9a996f07f8fc
SHA5125394454cd0cf91933f0a4331b7a255aaa032ef8eca07da9c9a29bfe2b934ce51f5e612abd5f1e8790af5903cd2eea22a790f33f33be7fc61b8f210ef4671c232
-
\??\pipe\crashpad_400_PYUOAFOGQYUAGGPDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\botva2.dllFilesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\botva2.dllFilesize
37KB
MD567965a5957a61867d661f05ae1f4773e
SHA1f14c0a4f154dc685bb7c65b2d804a02a0fb2360d
SHA256450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105
SHA512c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b
-
\Users\Admin\AppData\Local\Temp\is-BSSF1.tmp\zbShieldUtils.dllFilesize
2.0MB
MD5c79e3df659cdee033a447a8f372760ce
SHA1f402273e29a6fa39572163e4595e72bde3d9330a
SHA2567d09715c4e0735a0832bf81d92d84600df1815a2ba451586bd25eb16f7c450a5
SHA512490cc30ccfac209f1f5332ce4168b0dc849d7e4d86f3c198ddd23b39ddc950001928a1e071c2ace74c4710508265c0872adb02e3f068e521d28ed8b19ea36492
-
memory/2400-340-0x0000000005510000-0x00000000055E6000-memory.dmpFilesize
856KB
-
memory/2400-320-0x0000000000680000-0x0000000000768000-memory.dmpFilesize
928KB
-
memory/2400-321-0x00000000652A0000-0x000000006598E000-memory.dmpFilesize
6.9MB
-
memory/2400-322-0x0000000005020000-0x0000000005030000-memory.dmpFilesize
64KB
-
memory/2400-350-0x00000000652A0000-0x000000006598E000-memory.dmpFilesize
6.9MB
-
memory/2400-337-0x0000000001120000-0x000000000112A000-memory.dmpFilesize
40KB
-
memory/2400-339-0x0000000005030000-0x00000000050C2000-memory.dmpFilesize
584KB
-
memory/2400-345-0x00000000056D0000-0x000000000576C000-memory.dmpFilesize
624KB
-
memory/2400-344-0x0000000005260000-0x0000000005329000-memory.dmpFilesize
804KB
-
memory/2400-341-0x0000000002A50000-0x0000000002A5C000-memory.dmpFilesize
48KB
-
memory/3004-100-0x00007FFFC2210000-0x00007FFFC2BB0000-memory.dmpFilesize
9.6MB
-
memory/3004-103-0x00007FFFC2210000-0x00007FFFC2BB0000-memory.dmpFilesize
9.6MB
-
memory/3004-110-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-107-0x000000001C2B0000-0x000000001C302000-memory.dmpFilesize
328KB
-
memory/3004-106-0x0000000001640000-0x0000000001648000-memory.dmpFilesize
32KB
-
memory/3004-105-0x000000001C710000-0x000000001C772000-memory.dmpFilesize
392KB
-
memory/3004-117-0x0000000003B40000-0x0000000004B40000-memory.dmpFilesize
16.0MB
-
memory/3004-118-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-126-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-125-0x0000000003B40000-0x0000000004B40000-memory.dmpFilesize
16.0MB
-
memory/3004-115-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-124-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-121-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-104-0x000000001C210000-0x000000001C2AC000-memory.dmpFilesize
624KB
-
memory/3004-102-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-120-0x0000000003700000-0x0000000003800000-memory.dmpFilesize
1024KB
-
memory/3004-101-0x000000001CED0000-0x000000001D39E000-memory.dmpFilesize
4.8MB
-
memory/3004-119-0x00007FFFC2210000-0x00007FFFC2BB0000-memory.dmpFilesize
9.6MB
-
memory/3572-2221-0x000001E92A320000-0x000001E92A330000-memory.dmpFilesize
64KB
-
memory/3572-2443-0x000001E930990000-0x000001E930991000-memory.dmpFilesize
4KB
-
memory/3572-2445-0x000001E9309C0000-0x000001E9309C1000-memory.dmpFilesize
4KB
-
memory/3572-2256-0x000001E9294D0000-0x000001E9294D2000-memory.dmpFilesize
8KB
-
memory/3572-2237-0x000001E92AB00000-0x000001E92AB10000-memory.dmpFilesize
64KB
-
memory/4072-354-0x0000000008400000-0x00000000084C9000-memory.dmpFilesize
804KB
-
memory/4072-360-0x0000000008400000-0x00000000084C9000-memory.dmpFilesize
804KB
-
memory/4164-10540-0x0000000001000000-0x00000000010F2000-memory.dmpFilesize
968KB
-
memory/4452-2195-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4452-2124-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4452-2171-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4820-346-0x0000000000400000-0x00000000004C9000-memory.dmpFilesize
804KB
-
memory/4820-353-0x0000000000400000-0x00000000004C9000-memory.dmpFilesize
804KB
-
memory/4820-349-0x0000000000400000-0x00000000004C9000-memory.dmpFilesize
804KB
-
memory/4820-469-0x0000000000400000-0x00000000004C9000-memory.dmpFilesize
804KB
-
memory/5444-2193-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/5444-2179-0x0000000005360000-0x000000000536F000-memory.dmpFilesize
60KB
-
memory/5444-2130-0x0000000000940000-0x0000000000941000-memory.dmpFilesize
4KB
-
memory/5444-2165-0x0000000005360000-0x000000000536F000-memory.dmpFilesize
60KB
-
memory/5444-2172-0x0000000000940000-0x0000000000941000-memory.dmpFilesize
4KB
-
memory/5444-2178-0x0000000000400000-0x00000000006EE000-memory.dmpFilesize
2.9MB
-
memory/5672-2570-0x000001F1DAA00000-0x000001F1DAA02000-memory.dmpFilesize
8KB
-
memory/5672-2335-0x000001F1D9BB0000-0x000001F1D9BB2000-memory.dmpFilesize
8KB
-
memory/5672-2486-0x000001F1DBD60000-0x000001F1DBE60000-memory.dmpFilesize
1024KB
-
memory/5672-2368-0x000001F1D98C0000-0x000001F1D98C2000-memory.dmpFilesize
8KB
-
memory/5672-2578-0x000001F1DAA10000-0x000001F1DAA12000-memory.dmpFilesize
8KB
-
memory/5672-2345-0x000001F1D8A10000-0x000001F1D8A12000-memory.dmpFilesize
8KB
-
memory/5672-2338-0x000001F1D9C40000-0x000001F1D9C42000-memory.dmpFilesize
8KB
-
memory/5672-2349-0x000001F1D8A40000-0x000001F1D8A42000-memory.dmpFilesize
8KB
-
memory/5672-2373-0x000001F1D9940000-0x000001F1D9942000-memory.dmpFilesize
8KB
-
memory/5672-2358-0x000001F1D8A80000-0x000001F1D8A82000-memory.dmpFilesize
8KB
-
memory/5672-2363-0x000001F1D97E0000-0x000001F1D97E2000-memory.dmpFilesize
8KB
-
memory/5672-2402-0x000001F1D9840000-0x000001F1D9842000-memory.dmpFilesize
8KB
-
memory/5672-2366-0x000001F1D9820000-0x000001F1D9822000-memory.dmpFilesize
8KB
-
memory/5868-2182-0x0000000001270000-0x0000000001280000-memory.dmpFilesize
64KB
