dharma | hxxps://pixeldrain[.]com/u/RPfRQZMT

Analysis

max time kernel
1689s
max time network
1693s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/u/RPfRQZMT

Score

10^/10

dharma njrat hacked evasion persistence ransomware trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

hakim32.ddns.net:2000

6.tcp.eu.ngrok.io:19738

Mutex

dcba070f19312db838f99fdbdbaa0ffd

Attributes

reg_key
dcba070f19312db838f99fdbdbaa0ffd
splitter
|'|'|

Signatures

Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
ransomware dharma
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Renames multiple (546) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

1644 netsh.exe
1028 netsh.exe

pid	process
1644	netsh.exe
1028	netsh.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AnyDesk.exechrome.exechrome.exechrome.exeAnyDesk.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	AnyDesk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	AnyDesk.exe

Drops startup file 5 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta	CoronaVirus.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	CoronaVirus.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.id-412E7263.[[email protected]].ncov	CoronaVirus.exe

Executes dropped EXE 9 IoCs

Processes:

AnyDesk.exeAnyDesk.exeAnyDesk.exeAnyDesk.exeServer.exechrome.exechrome.exechrome.exechrome.exe

pid process

5320 AnyDesk.exe
3656 AnyDesk.exe
3400 AnyDesk.exe
5852 AnyDesk.exe
3188 Server.exe
35488 chrome.exe
35572 chrome.exe
35672 chrome.exe
36172 chrome.exe
Loads dropped DLL 6 IoCs

Processes:

AnyDesk.exeAnyDesk.exechrome.exechrome.exechrome.exechrome.exe

pid process

3400 AnyDesk.exe
3656 AnyDesk.exe
35488 chrome.exe
35572 chrome.exe
35672 chrome.exe
36172 chrome.exe

pid	process
5320	AnyDesk.exe
3656	AnyDesk.exe
3400	AnyDesk.exe
5852	AnyDesk.exe
3188	Server.exe
35488	chrome.exe
35572	chrome.exe
35672	chrome.exe
36172	chrome.exe

pid	process
3400	AnyDesk.exe
3656	AnyDesk.exe
35488	chrome.exe
35572	chrome.exe
35672	chrome.exe
36172	chrome.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

CoronaVirus.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Windows\System32\Info.hta = "mshta.exe \"C:\\Windows\\System32\\Info.hta\""	CoronaVirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\Info.hta = "mshta.exe \"C:\\Users\\Admin\\AppData\\Roaming\\Info.hta\""	CoronaVirus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe"	CoronaVirus.exe

Drops desktop.ini file(s) 64 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	CoronaVirus.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	CoronaVirus.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-3803511929-1339359695-2191195476-1000\desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	CoronaVirus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	CoronaVirus.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

468 5.tcp.eu.ngrok.io
Drops file in System32 directory 2 IoCs

Processes:

CoronaVirus.exe

description ioc process

File created C:\Windows\System32\CoronaVirus.exe CoronaVirus.exe
File created C:\Windows\System32\Info.hta CoronaVirus.exe

flow	ioc
468	5.tcp.eu.ngrok.io

description	ioc	process
File created	C:\Windows\System32\CoronaVirus.exe	CoronaVirus.exe
File created	C:\Windows\System32\Info.hta	CoronaVirus.exe

Drops file in Program Files directory 64 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-96_altform-unplated_contrast-black_devicefamily-colorfulunplated.png	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20231223004745.pma.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailSplashLogo.scale-400.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_filetype_xd.svg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\fi-fi\ui-strings.js.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBROAMINGPROXY.DLL.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_contrast-black.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_x64__8wekyb3d8bbwe\AppxManifest.xml	CoronaVirus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_ja_135x40.svg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\comments.win32.tpn.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\it-IT\MSFT_PackageManagementSource.strings.psd1	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-100.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-100.png	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\SharePointTeamSite.ico.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.ce48eef1.pri	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Trust Protection Lists\Mu\Advertising.DATA.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-125_contrast-high.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\Settings.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\es-es\ui-strings.js.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\rtmpal.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\TinyTile.scale-200_contrast-white.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-down_32.svg	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\ui-strings.js.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ul-oob.xrm-ms	CoronaVirus.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.schema.mfl.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Grace-ppd.xrm-ms.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\locallaunch\locallaunch.html	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\download.svg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_organize_18.svg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\compare_poster.jpg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\zh-cn_get.svg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	CoronaVirus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_folder-down_32.svg.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-right.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\[email protected].[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ppd.xrm-ms.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\ui-strings.js.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\ui-strings.js	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.ServiceModel.dll	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png	CoronaVirus.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-80_altform-unplated.png	CoronaVirus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\arrow-left-pressed.gif	CoronaVirus.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-pl.xrm-ms	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll.id-412E7263.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll	CoronaVirus.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 51 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exeAnyDesk.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Interacts with shadow copies 2 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Processes:

vssadmin.exevssadmin.exe

pid process

34844 vssadmin.exe
29936 vssadmin.exe

pid	process
34844	vssadmin.exe
29936	vssadmin.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133523068265703134"	chrome.exe

Modifies registry class 64 IoCs

Processes:

NjRat 0.7D Danger Edition.exechrome.exeNjRat 0.7D Danger Edition.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "4"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NjRat 0.7D Danger Edition.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	NjRat 0.7D Danger Edition.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000002000000010000000400000003000000ffffffff	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	NjRat 0.7D Danger Edition.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NjRat 0.7D Danger Edition.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	NjRat 0.7D Danger Edition.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NjRat 0.7D Danger Edition.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	NjRat 0.7D Danger Edition.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	chrome.exe

NTFS ADS 3 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\rats_ez.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\AnyDesk.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\rats_ez.zip:Zone.Identifier	firefox.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

4028 PING.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

AnyDesk.exe

pid process

3400 AnyDesk.exe

pid	process
4028	PING.EXE

pid	process
3400	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

ngrok.exengrok.exechrome.exeAnyDesk.exengrok.exengrok.exengrok.exengrok.exechrome.exechrome.exeCoronaVirus.exe

pid	process
2908	ngrok.exe
2908	ngrok.exe
2908	ngrok.exe
2908	ngrok.exe
4604	ngrok.exe
4604	ngrok.exe
4604	ngrok.exe
4604	ngrok.exe
632	chrome.exe
632	chrome.exe
3656	AnyDesk.exe
3656	AnyDesk.exe
5044	ngrok.exe
5044	ngrok.exe
5044	ngrok.exe
5044	ngrok.exe
5544	ngrok.exe
5544	ngrok.exe
5544	ngrok.exe
5544	ngrok.exe
5484	ngrok.exe
5484	ngrok.exe
5484	ngrok.exe
5484	ngrok.exe
3252	ngrok.exe
3252	ngrok.exe
3252	ngrok.exe
3252	ngrok.exe
4960	chrome.exe
4960	chrome.exe
5912	chrome.exe
5912	chrome.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe
2992	CoronaVirus.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

chrome.exeServer.exe

pid process

6096 chrome.exe
3188 Server.exe

pid	process
6096	chrome.exe
3188	Server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

chrome.exechrome.exe

pid	process
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exeAUDIODG.EXEchrome.exe

description	pid	process
Token: SeDebugPrivilege	3172	firefox.exe
Token: SeDebugPrivilege	3172	firefox.exe
Token: SeDebugPrivilege	3172	firefox.exe
Token: 33	3040	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3040	AUDIODG.EXE
Token: SeDebugPrivilege	3172	firefox.exe
Token: SeDebugPrivilege	3172	firefox.exe
Token: SeDebugPrivilege	3172	firefox.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe
Token: SeShutdownPrivilege	632	chrome.exe
Token: SeCreatePagefilePrivilege	632	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exeNjRat 0.7D Danger Edition.exechrome.exeAnyDesk.exefirefox.exeNjRat 0.7D Danger Edition.exefirefox.exe

pid	process
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
1284	NjRat 0.7D Danger Edition.exe
1284	NjRat 0.7D Danger Edition.exe
1284	NjRat 0.7D Danger Edition.exe
1284	NjRat 0.7D Danger Edition.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
1284	NjRat 0.7D Danger Edition.exe
4428	firefox.exe
660	NjRat 0.7D Danger Edition.exe
660	NjRat 0.7D Danger Edition.exe
660	NjRat 0.7D Danger Edition.exe
660	NjRat 0.7D Danger Edition.exe
4428	firefox.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3936	firefox.exe
660	NjRat 0.7D Danger Edition.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exeNjRat 0.7D Danger Edition.exechrome.exeAnyDesk.exeNjRat 0.7D Danger Edition.exechrome.exe

pid	process
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
1284	NjRat 0.7D Danger Edition.exe
1284	NjRat 0.7D Danger Edition.exe
1284	NjRat 0.7D Danger Edition.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
632	chrome.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
1284	NjRat 0.7D Danger Edition.exe
660	NjRat 0.7D Danger Edition.exe
660	NjRat 0.7D Danger Edition.exe
660	NjRat 0.7D Danger Edition.exe
3400	AnyDesk.exe
3400	AnyDesk.exe
660	NjRat 0.7D Danger Edition.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe

Suspicious use of SetWindowsHookEx 37 IoCs

Processes:

firefox.exeNjRat 0.7D Danger Edition.exechrome.exeAnyDesk.exefirefox.exeNjRat 0.7D Danger Edition.exefirefox.exe

pid	process
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
1284	NjRat 0.7D Danger Edition.exe
6096	chrome.exe
6096	chrome.exe
6096	chrome.exe
3172	firefox.exe
3172	firefox.exe
3172	firefox.exe
5852	AnyDesk.exe
5852	AnyDesk.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
4428	firefox.exe
660	NjRat 0.7D Danger Edition.exe
3936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3240 wrote to memory of 3172	3240	firefox.exe	firefox.exe
PID 3172 wrote to memory of 2308	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 2308	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 4456	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 700	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 700	3172	firefox.exe	firefox.exe
PID 3172 wrote to memory of 700	3172	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://pixeldrain.com/u/RPfRQZMT"
1⤵
- Suspicious use of WriteProcessMemory
PID:3240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://pixeldrain.com/u/RPfRQZMT
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.0.1903114699\1601486357" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25406df-0be6-4a2e-8797-4e9446f91e0e} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 1944 1a1fe8d0a58 gpu
3⤵
PID:2308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.1.1282961499\487096572" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44fec560-8c9c-4084-9f32-4b8d9e925336} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 2368 1a1fe3ee058 socket
3⤵
- Checks processor information in registry
PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.2.1778693990\1564247576" -childID 1 -isForBrowser -prefsHandle 3372 -prefMapHandle 3368 -prefsLen 21590 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {662c961c-4363-4c6d-9295-007058470f33} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 3380 1a185449558 tab
3⤵
PID:700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.3.115937701\1375104512" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f950d4c-0a95-404d-bccc-0da5bd363a15} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 3624 1a186106858 tab
3⤵
PID:4576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.6.1543722984\466040307" -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5396 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9fb20ba-477d-4a4a-90de-878403bf7fe9} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 5316 1a18751b658 tab
3⤵
PID:1864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.5.1276459733\738232260" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ceb92d3-9d43-412f-b527-417ee1f2dfb9} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 4996 1a18751aa58 tab
3⤵
PID:2164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.4.2076770484\864321166" -childID 3 -isForBrowser -prefsHandle 4528 -prefMapHandle 4940 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9f8c363-0c13-4969-9211-1e016ccb880b} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 4976 1a187519b58 tab
3⤵
PID:3964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.7.1198875296\1212881947" -childID 6 -isForBrowser -prefsHandle 5000 -prefMapHandle 4988 -prefsLen 26318 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9488d156-0d86-4207-95c1-caf732ddc036} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 5084 1a1859ec858 tab
3⤵
PID:468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.8.1060639567\386849570" -childID 7 -isForBrowser -prefsHandle 3484 -prefMapHandle 3452 -prefsLen 29676 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1d21b0a-e86a-4d67-99d1-13efeb5e8b4e} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 3464 1a1859ed158 tab
3⤵
PID:5484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.9.1710250179\464231261" -parentBuildID 20221007134813 -prefsHandle 6312 -prefMapHandle 6304 -prefsLen 29676 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d6a3100-a357-4ad8-ae47-0cfc72fbadcb} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 6340 1a18c8f1a58 rdd
3⤵
PID:1968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.10.1056399205\23348011" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6480 -prefMapHandle 6476 -prefsLen 29676 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4883e1-a21c-47fb-a954-0442dd9bcda7} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 6488 1a18c8f3b58 utility
3⤵
PID:2232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3172.11.1780961712\1646468269" -childID 8 -isForBrowser -prefsHandle 6636 -prefMapHandle 6140 -prefsLen 29676 -prefMapSize 233414 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb573443-406b-435d-b4eb-b3c66f8b1713} 3172 "\\.\pipe\gecko-crash-server-pipe.3172" 10628 1a1926e4158 tab
3⤵
PID:2428

C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
3⤵
- Executes dropped EXE
- Checks processor information in registry
PID:5320

C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3400

C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3656

C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --backend
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2088

C:\Users\Admin\Desktop\ngrok.exe
"C:\Users\Admin\Desktop\ngrok.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2908

C:\Users\Admin\Desktop\ngrok.exe
C:\Users\Admin\Desktop\ngrok.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4604

C:\Windows\system32\cmd.exe
cmd.exe /K
2⤵
PID:3968

C:\Users\Admin\Desktop\ngrok.exe
ngrok config add-authtoken 2cBMH4DqH6hylwrLYbRNCL0sYdn_4dRRJ923JjN7Hqq1Evff2
3⤵
PID:1760

C:\Users\Admin\Desktop\ngrok.exe
ngrok tcp 7777
3⤵
PID:404

C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"
2⤵
PID:3028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ff8e1b89758,0x7ff8e1b89768,0x7ff8e1b89778
2⤵
PID:1876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:8
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:1
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:1
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:2
2⤵
PID:472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4656 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:1
2⤵
PID:5344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:8
2⤵
PID:5548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:8
2⤵
PID:5628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:8
2⤵
PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5516 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:1
2⤵
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 --field-trial-handle=1876,i,4066130697382116860,9515429265112530796,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6096

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.0.891519228\1595601744" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1724 -prefsLen 23634 -prefMapSize 233949 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4098917-aadd-4d9a-a8ee-6c39517598be} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 1812 15af40e7958 gpu
3⤵
PID:388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.1.2019087165\1112358578" -parentBuildID 20221007134813 -prefsHandle 2188 -prefMapHandle 2176 -prefsLen 23634 -prefMapSize 233949 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27dc5395-773b-45c1-9671-b3a0bf7e69c7} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 2212 15ae06e6158 socket
3⤵
- Checks processor information in registry
PID:2596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.2.754958998\1396738420" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 3036 -prefsLen 24095 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39972373-4e1b-4c68-bc8b-8658d474481f} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 3000 15af7cfb558 tab
3⤵
PID:3176

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.3.868461196\1768591096" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 29273 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f7f2b1e-354a-4307-9b91-f0fc15cfa03c} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 3640 15ae0662558 tab
3⤵
PID:2472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.4.1590261674\1076066475" -childID 3 -isForBrowser -prefsHandle 4292 -prefMapHandle 4288 -prefsLen 29332 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7e56255-9e7c-489c-86f1-f6164bea1541} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 4280 15af9cb0558 tab
3⤵
PID:3248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.7.356193759\684936501" -childID 6 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 29332 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da4ef1ae-31fc-4dba-9d04-8ddba8f0ef36} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 5504 15afa4ec458 tab
3⤵
PID:2808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.6.1655605201\964220308" -childID 5 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 29332 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {382c5053-8057-4330-83d1-b1c1e6c818e9} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 5316 15afa4eeb58 tab
3⤵
PID:4208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.5.1661097526\709984954" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 5028 -prefsLen 29332 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e68953e-f952-4faf-a98c-49ed461bdc15} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 5180 15afa4ee258 tab
3⤵
PID:4256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.8.733643258\806002408" -childID 7 -isForBrowser -prefsHandle 5876 -prefMapHandle 5936 -prefsLen 29332 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {271f3e44-6d47-413c-898b-b3c7a7b49a8a} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 5952 15afc584558 tab
3⤵
PID:5908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4428.9.2085969530\194581653" -childID 8 -isForBrowser -prefsHandle 6316 -prefMapHandle 6312 -prefsLen 29390 -prefMapSize 233949 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62fb231d-f718-4de9-b6be-5796f1063bf2} 4428 "\\.\pipe\gecko-crash-server-pipe.4428" 4844 15ae251e358 tab
3⤵
PID:4396

C:\Users\Admin\Desktop\ngrok.exe
"C:\Users\Admin\Desktop\ngrok.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Users\Admin\Desktop\ngrok.exe
C:\Users\Admin\Desktop\ngrok.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5544

C:\Windows\system32\cmd.exe
cmd.exe /K
2⤵
PID:4040

C:\Users\Admin\Desktop\ngrok.exe
ngrok config add-authtoken 2cBMH4DqH6hylwrLYbRNCL0sYdn_4dRRJ923JjN7Hqq1Evff2
3⤵
PID:1436

C:\Users\Admin\Desktop\ngrok.exe
ngrok tcp 7777
3⤵
PID:5976

C:\Users\Admin\Desktop\ngrok.exe
"C:\Users\Admin\Desktop\ngrok.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5484

C:\Users\Admin\Desktop\ngrok.exe
C:\Users\Admin\Desktop\ngrok.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3252

C:\Windows\system32\cmd.exe
cmd.exe /K
2⤵
PID:5220

C:\Users\Admin\Desktop\ngrok.exe
ngrok config add-authtoken 2cBMH4DqH6hylwrLYbRNCL0sYdn_4dRRJ923JjN7Hqq1Evff2
3⤵
PID:3344

C:\Users\Admin\Desktop\ngrok.exe
ngrok tcp 7777
3⤵
PID:2328

C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe
"C:\Users\Admin\Desktop\NjRat 0.7D Danger Edition\NjRat 0.7D Danger Edition.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:660

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe" /alignment=512 /QUIET "C:\Users\Admin\AppData\Local\Temp\stub.il" /output:"C:\Users\Admin\Desktop\Server.exe"
2⤵
PID:1132

C:\Users\Admin\Desktop\Server.exe
"C:\Users\Admin\Desktop\Server.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:3188

C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Desktop\Server.exe" "Server.exe" ENABLE
2⤵
- Modifies Windows Firewall
PID:1644

C:\Windows\SysWOW64\netsh.exe
netsh firewall delete allowedprogram "C:\Users\Admin\Desktop\Server.exe"
2⤵
- Modifies Windows Firewall
PID:1028

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c ping 0 -n 2 & del "C:\Users\Admin\Desktop\Server.exe"
2⤵
PID:5432

C:\Windows\SysWOW64\PING.EXE
ping 0 -n 2
3⤵
- Runs ping.exe
PID:4028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:2976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:4192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:2848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:5488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:5184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.0.128224646\1388120675" -parentBuildID 20221007134813 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 23643 -prefMapSize 233949 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78bc8054-b5c8-4d1f-955e-f045f59f0503} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 1800 1b17fee8c58 gpu
3⤵
PID:2856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.1.906880120\2116781896" -parentBuildID 20221007134813 -prefsHandle 2180 -prefMapHandle 2176 -prefsLen 23643 -prefMapSize 233949 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {787413cd-8558-458b-ae6b-b8eddf37719b} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 2200 1b17fb30e58 socket
3⤵
- Checks processor information in registry
PID:3744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.2.2039952458\535897394" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2936 -prefsLen 24104 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8db41a7d-9c5a-4b93-8dab-2afb092ca4fd} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 3084 1b1082f4e58 tab
3⤵
PID:2736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.3.1865689462\924849913" -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 1328 -prefsLen 28502 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7608c381-066b-4477-9fcd-30c4028acd29} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 3624 1b109452858 tab
3⤵
PID:5248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.4.1794370973\1314680649" -childID 3 -isForBrowser -prefsHandle 4736 -prefMapHandle 4732 -prefsLen 29341 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d196ba1-8a21-4cca-bdcc-da4e7dfc6bab} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 4588 1b10abea858 tab
3⤵
PID:5272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.6.524444803\2105991462" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5320 -prefsLen 29341 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b290fef0-8663-4b5a-8f8f-e3060d4c5bce} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 5196 1b10b39de58 tab
3⤵
PID:5040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.5.1587979040\1217193030" -childID 4 -isForBrowser -prefsHandle 5188 -prefMapHandle 5156 -prefsLen 29341 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {242fda8a-8591-4892-9535-7548b43e2c95} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 5172 1b10b39f958 tab
3⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.7.845571406\2063214639" -childID 6 -isForBrowser -prefsHandle 5588 -prefMapHandle 5584 -prefsLen 29341 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab59c842-b418-4c5a-b22e-2ffd1fe7d7fd} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 5504 1b10b39e158 tab
3⤵
PID:1768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.8.138445260\360943975" -childID 7 -isForBrowser -prefsHandle 4760 -prefMapHandle 4772 -prefsLen 29500 -prefMapSize 233949 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9f31230-23c9-4dd0-aecf-04660c46f2d7} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 4756 1b10c55e258 tab
3⤵
PID:5172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.9.2053917302\1650338303" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2756 -prefsLen 29500 -prefMapSize 233949 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4e31bda-1406-45fc-9abe-c5fafd9cc5ca} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 2868 1b10a8e9558 rdd
3⤵
PID:1528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3936.10.1870936118\1273549575" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2996 -prefMapHandle 2748 -prefsLen 29500 -prefMapSize 233949 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9313a16b-b879-408b-8442-1e54d4297e9d} 3936 "\\.\pipe\gecko-crash-server-pipe.3936" 3080 1b10a8e8958 utility
3⤵
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e1b89758,0x7ff8e1b89768,0x7ff8e1b89778
2⤵
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:1868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:5772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:4220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:2
2⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5140 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:5440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5504 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3164 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5596 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5612 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5488 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5792 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5948 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4760 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:3940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4856 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:5608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2016 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:1872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2996 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3048 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3888 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5956 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:35488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5744 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:35572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:8
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
PID:35672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4768 --field-trial-handle=1932,i,5079190736383325362,6859987533210917705,131072 /prefetch:1
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:36172

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1792

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3956

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:1164

C:\Users\Admin\Desktop\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe
"C:\Users\Admin\Desktop\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2992

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
PID:5952

C:\Windows\system32\mode.com
mode con cp select=1251
3⤵
PID:26916

C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:29936

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
2⤵
PID:34552

C:\Windows\system32\mode.com
mode con cp select=1251
3⤵
PID:34820

C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:34844

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
2⤵
PID:34640

C:\Windows\System32\mshta.exe
"C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
2⤵
PID:34676

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:35892

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\b5fbeb8c55d845589e61f69dde871386 /t 34680 /p 34676
1⤵
PID:35128

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\386907bbb2fd495f96ff0cd04ca0d969 /t 34644 /p 34640
1⤵
PID:35272

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\FILES ENCRYPTED.txt
1⤵
PID:35384

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:36956

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\SpotifyMigrator.exe
"C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\SpotifyMigrator.exe"
1⤵
PID:37052

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe
Spotify.exe
2⤵
PID:37120

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe
"C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe" --type=crashpad-handler /prefetch:7 --max-uploads=5 --max-db-size=20 --max-db-age=5 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\SpotifyAppX\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\SpotifyAppX\User Data" --url=https://crashdump.spotify.com:443/ --annotation=platform=win64 --annotation=product=spotify --annotation=version=1.2.30.1135 --initial-client-data=0x4e0,0x4e4,0x4e8,0x4dc,0x4ec,0x7ff8d60e3738,0x7ff8d60e3744,0x7ff8d60e3750
3⤵
PID:37180

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe
"C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe" --type=gpu-process --log-severity=disable --user-agent-product="Chrome/120.0.6099.199 Spotify/1.2.30.1135" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\debug.log" --mojo-platform-channel-handle=1984 --field-trial-handle=1992,i,1939073746385750083,7582550794860934568,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version /prefetch:2
3⤵
PID:37316

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe
"C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --log-severity=disable --user-agent-product="Chrome/120.0.6099.199 Spotify/1.2.30.1135" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify" --log-file="C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\debug.log" --mojo-platform-channel-handle=3204 --field-trial-handle=1992,i,1939073746385750083,7582550794860934568,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version /prefetch:8
3⤵
PID:37652

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe
"C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe" --type=renderer --log-severity=disable --user-agent-product="Chrome/120.0.6099.199 Spotify/1.2.30.1135" --disable-spell-checking --user-data-dir="C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify" --first-renderer-process --autoplay-policy=no-user-gesture-required --log-file="C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4288 --field-trial-handle=1992,i,1939073746385750083,7582550794860934568,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version /prefetch:1
3⤵
PID:37792

C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe
"C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\Spotify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="Chrome/120.0.6099.199 Spotify/1.2.30.1135" --lang=en --user-data-dir="C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify" --log-file="C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\debug.log" --mojo-platform-channel-handle=3384 --field-trial-handle=1992,i,1939073746385750083,7582550794860934568,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI --variations-seed-version /prefetch:8
3⤵
PID:37784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-412E7263.[[email protected]].ncov

Filesize
2.9MB

MD5
fe01985443b8f4ca4ca898778e8b5a21

SHA1
566216a780ac29f39d1cd8f46fe2bd098e1c8749

SHA256
8fb602b27c2cd35faa162dac4e83f5a3cf0be53aa3df56b2e9ec889253b0f143

SHA512
77f4cd27bb12a7588c0df51bfae9a7ca3fabcd9683fdea20b98cdbaa644825010abf567b4d5521da5c07276b928607716b1d25737f57bf4d8f4fef72923efb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\97e85209-d366-4ccf-8045-dc24ec518b77.tmp

Filesize
129KB

MD5
38fdb6882bd6be011533acdcda179658

SHA1
7d0a0cb9e6b10923f681e43b479d2022bf6d4426

SHA256
38a742c80810e8e8960a2a337f35969f566bde65d931db934462ad0cf34938d7

SHA512
0901dde4447bc32df1fe2d8c7616657b8d82829112430d06abb8858c2216fa5e9e3454fef51466be548a0c7a9be54717528d05f7a9b29729ecef768717238ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a43c5442720748bc3520106b9b6d4737

SHA1
3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab

SHA256
0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c

SHA512
9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0cfde433-2436-4370-91dc-fb0b58c40512.tmp

Filesize
7KB

MD5
28447c01990d5702358e17364b90a117

SHA1
fe18933ecb77ef53273a4440ae5aac8449f63d0f

SHA256
b5dde6c2576426afd418592f51f28a2adb9c8938e3c634a93172a66c4b847bcf

SHA512
f54f9e9df6c1b03a304f4a057eae4458b7ceb68e66df8a21612acd31d2fe24a32e2368be8ca78b72fb5d420531eb479de3c4cd111dc4f7c103d44ed737957a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
43KB

MD5
fa938d13f992578fab849f63ad6758d0

SHA1
35f74de235395966c309187b2256270518a13d15

SHA256
c83bea6acdb959657946efaa2cc6a971506bf4b56ecb0c4951e89193b78caa95

SHA512
6d665cbc05fc826e83111014d0258867ccaee6e05d3f7457c78a8843e8c88c6d8c4175979b37e7795e22b6c5b0a4aaa161e8948c1262bbad4422870d0788e0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
24KB

MD5
657ed1b9ac0c74717ea560e6c23eae3e

SHA1
6d20c145f3aff13693c61aaac2efbc93066476ef

SHA256
ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570

SHA512
60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
49KB

MD5
4b4947c20d0989be322a003596b94bdc

SHA1
f24db7a83eb52ecbd99c35c2af513e85a5a06dda

SHA256
96f697d16fbe496e4575cd5f655c0edb07b3f737c2f03de8c9dda54e635b3180

SHA512
2a3443e18051b7c830517143482bf6bffd54725935e37ee58d6464fac52d3ce29c6a85fc842b306feaa49e424ba6086942fc3f0fea8bb28e7495070a38ce2e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
18KB

MD5
5d04a5aed02ac5a2f8a4269a6c2570b5

SHA1
727f0be60a1bd0abfe72a018e5741204006d5f03

SHA256
7d8edeba0329989214034e43d9b5c089bb187c2082dd29a811cc766ad998c258

SHA512
88bcd58efd108cacc3818994606e9fd58f0fdf59e4a0beec4be6081f49d0c236c08168ae9a8b975e7a8955068d4fa2765d68506e5a042bf2a962393aedcf1961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2674008389f08c1b_0

Filesize
17KB

MD5
6d13d159bfbeb3ad1a2eddb6b09fe4b3

SHA1
9a756802a54563a18ffec09a6afeffea5658613f

SHA256
3fad948d0d06cd88413b2fe893a8b345d93ebdd8b70741f6661adcce5fe8c2cb

SHA512
165bd1664b4aa776f1034405f464b18c2f490305542cf626ab819957d3d1419841044c78b074dd9cdfd1b516b949bad7c41e9e314f31bf4007eb1b975177c5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\27bf86a7e0b8ccbe_0

Filesize
280B

MD5
1934407ce063679e371aee1607fafb95

SHA1
adfd9914875e21c31f7e382cd56e1fef8bb01337

SHA256
d76d71dbab493bf57b921f5b9bd865f47d2a880c61805d8aeed1d75a3bded256

SHA512
b1fa3cd0d56175a01f6ee963ed044466c24b939c68f10dff90a170fc076562649af5885c43d4e66b69de91b63402f9b641fbde38a2cd1dab38e927c4a1d70542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
f0c93b7d277d8ea940a85f99cf20383a

SHA1
54dbfdecaedc14d3526b28f8500823f7e17e4558

SHA256
50dfa5bcb0f7f00fbe94e15ad5eb068b93cf230c23ad654091ae62abb73b7100

SHA512
c9225648ac4e7a76842551a3f9277e4ecd441fea32e235062ed234734750809406348e8d3fb2d263192011b0cab0ad60ff45c7341856e0ac24ff7255b800f080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
40d252a062b46a0d11cef4bbd1832f14

SHA1
482f0fedf2efacd0723c54611ef925840078563f

SHA256
4c022e43d2a93ff14c3c11a52c383914ab7170aaff9c45b635786620005fba5c

SHA512
8764a6cd014462c40407b78c8d896cb595d632a005be1e695e68f33def51bb453560665b8af5467540e5c79039ad33424250cbb1c7ed6c29cd8027ffafd56af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e63d5929faf5c47adab32cff1f7fe175

SHA1
b68ea4945a496b0c2a72b2cdea83d681c5f1703a

SHA256
6e9815d3fc784490bfad30e1d8f6c670e3d134f6d71f0ec43b926dcf1315931f

SHA512
ad4ffef633f615b78f6ee0fab720524799850bf3880b53c9deb176c1494b34852a2acafcb7ad9602ed73daf2e6a795a7f7eb50d633e1a06a32809f5e660ab4f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
670efb0f728b3056ba1d5911338c38b2

SHA1
1f471fcc1652d4c67c5ef0d02728a59822b0f14d

SHA256
583084712a8da26b04aa948813914f7f9b67a7d097af50aab29b2937ec75791e

SHA512
c39f222776b34259bafcbc25a48f1114de2858937fe7fed0898d600b0e404fd241e1275670b77d6c897833c59347f575db283df371f4461dee59021bc0e96c34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
80f896193c6e4143f0e3c9ef97a0ce85

SHA1
36f8976847f3928a98439c05650c218d7be34471

SHA256
0d24174c75ff6ecbdecf532a8d2a43b8be201969d0ae5dda5aee2404895c6abf

SHA512
2d12f30875edfcc281e88aa8883d54164df5aacf9d7cb37670c80323a49c7dd266b0ddb41722f11ccce91456a9cfd8b4bcb7b580d7d5bcdbc698bfc3cd0d6404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b951c7dd2fea3ba8ac3b6326551b96da

SHA1
9a367faf22d51475571a6c09c32c32b9e4d602c9

SHA256
cbfddc0f4da8eaab7c86d69f432716d3a3523954adfa2f09d0b4b20d8c1f33f8

SHA512
94d93a6b1043659fb1e9c1ed6ad8c6abc14efeb78a79ee240797c74329e9e13775828d2d781ee5ba0efa4306235c6a04ae0e7be04be75f087c6c897ebd099784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fef70625b21cb60da7079e5fa318efdc

SHA1
cf259fc4f4b2a41fd22d62d52e72d1c4218d12e4

SHA256
24eaf02aaae9732e62901ba4848b62c4e49fa21880f720d7cf11753a70d6be06

SHA512
608ecf98b2deed84182f76dd3a616687f405595d70f2b1cd79a173ef3b94cad6620f26aee14a4606d9c33c0c3d15caeebf21de54d900c1c66eed4314785c6cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51dfb933-4d1b-43f0-a9f1-c32226ecf407.tmp

Filesize
1KB

MD5
8c773d698dfd94aa44c21539cff33fe2

SHA1
0ee02d566d0debda5f028b18e3972a95f680f516

SHA256
3af0ec6e8e917ac1a0d186a36b7bce579023bfc50510aa0e1a366280bf08a9d3

SHA512
a068a7e78123912efedaa42abb212bc45e4eb4d43f929cca9365b3ea4d9bfabd5b7036b5eba07310e8d73384ead234f95759450e48c9f7cbc6998c7563255b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a3cd72eed0c83bbd6e5679f9cf8ed920

SHA1
e38f5dff082bafe8c4bb0540f6249c24d6d54ced

SHA256
65b9ade86ee7bcbd1bf865a971cb9d8712a81ba1c856f6dbe4e12e423494a222

SHA512
b5a800a7cc883b149f5ed7b1a5781a284b08f863a1b5032a871bc74ad000ee65a49220b3bc751bb52f31d976dd70ad24f6e7dad84144481b56af82d1fab67e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ed6a5faa30130ce8a2a286a688370386

SHA1
1952760a1715a1f3079d12ec873cb75994d4b938

SHA256
e09aa16a30074b890302ae75b8f60eebcb838a8cf305c54c170c08229a630e0c

SHA512
e837b8714a43eca7c5add0443c1daebffc84d22c0744f428a0bded9cec8322a2575376d69162b0ad51887500934897df45c73d81d79ec5d4ecf8f2b4d8106c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5765f7e178fb16f4e2d952a90a193a68

SHA1
35f9edd333cbf864a4c7b0e2500316fc20904293

SHA256
1bdf1c029fe34ba6419338fbf51a8879518018d45eed0d16a14c778df3f3a154

SHA512
7307acdc406c3bb5a44ce80693931e98eb48d31d6c6dc7a4605de56d634e10aa37c62cc533e053261f6ffe19fb653ec7dfc9df22a5c5aa730023ea2dc0519f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
816c5b7c613e8cca9f537348eae4aec3

SHA1
1722eaf6d1f77401e31386757f5318bf2607b4a2

SHA256
94d1ea9cc815b6b58d8134ba92b72e345bef0d4506a7fd9b93e7bfeac447dc94

SHA512
5f7ef6a6ee43ec8e72d7db02946b527c3fc7e408b09a47744583de24288792f86d87979738e24bf08b98a9fd7e2df9bfe43a0bfe79c85db2d70a7e159345627d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
20b7f5389ae556a8d9a3f5efdec40f8f

SHA1
667dd333f7139050f633e69e775d387a71caed50

SHA256
4a7c600f6a0f444d839db57e7baec9a85dd95fb9f3fa633efabe31727997ec89

SHA512
a99c954aada3e2ba9910db31438d1b20c54e3cba0e4df32a1b3a9e82b8aeb05e44493d72165de55d85a2dcd9cd2d88fce3966958768b4996ce09516e1dc873ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0802940e3612ca4cdec8eaff52836185

SHA1
b1243c024fb3d9b3c949f2e366bc27a600da9a05

SHA256
b3d56c527a151c41f8b75b4c8aa86b7a1fd2e96d9a1e2b9618cf43896db1c6cb

SHA512
6cb93ba6849fbdb878c7e8acc30ba74ea9e995db6a0edf4ff86ba333da729bf1cb2b56cb01a7b85bbc2194dc3e8176807266c7be0f913ab131e211ff098656c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dcd9fa04d85f463ef6dca4a3dce3b685

SHA1
e183df3f6da57f35086307179ed6f317ba556c8b

SHA256
1639f8a164454ce7ff4eafd990a43264f136a74eb2bb70885025fc1dea9d62bb

SHA512
252457ce2c1a5f5503275f29530f71265f67534e2985f31168dd921161ec8e9ca45f440e68d038c41f47a6fd095d333ea13f8398b8e14721177f85616146cc81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6ce2c08acb9ae4cbaa6909d254b30321

SHA1
89a0bdc313a36385a03e956b0a91819150b21aa7

SHA256
b238be2be68845248f4a83da85b3ec15bd2b98266696ea0d39637030daeb6c14

SHA512
5bc54372fa73fc4ed4323fb2cab59acbbd9f7d93c840e2f0b78a78067722f18126b3cddf4daec37fb643f1150f51f972e1490e334ed17e10e6afb2ea2bdc7acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
5c39d77ab8e4ec6ac8caf944aa85ee86

SHA1
81216ffd7a7c82b2b10e5bae01cf651b9f3029da

SHA256
7ce318ffe4b525c919e0a2054358efacd1f83db0a068b74b298a3f037aef7842

SHA512
894813928e2f43004788d4fdd337ca4b52895893d5209e7c216c4617ad0c474bfb10c1c4321abac5b1cd5ca7c4b2feb61e214cf7c442a4b8fb0c929fea9c4598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
90fbdf80962e8102e6ceb146f06343bf

SHA1
b409afb20c3e22aca70dc19cf8c6410a198ae5be

SHA256
ef39d3c58b7c74464d84e3c537e70236ac315fde5abff97f81e0fee4c862dff4

SHA512
9021fc9ca06f0bec368c684978bce8cb8186866463af3aa7f9ea957270e5c61c1091a02585cf804d23bc683b0930bb7520615adac793615c14b97c6a8c885aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6486bf2ee1cf5c83d9f77a32ad97094f

SHA1
dae311db96997c3e786f777b76b0e40f56c71a8f

SHA256
59a849990e08832a2dd20ef02df39b84977db65ffb9ad9dc92cbcb102c5aba52

SHA512
a149ddb90e652fdc103a61aa447776194bf167d9168444925bca94f4c9b45035b1f77bd0f283e14b5925a1d817cbe8ce6ef091826df2c24f9d9c03096d7c5f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6a023fa4956eb21e16d93aace04c3d1f

SHA1
98a4c9dcbdd8d2a5241ecfec0e4ce361731f935d

SHA256
7ed88204e099fa79846c45714c9076718ab3abccba7cb4c6f00423d6ce40fbb8

SHA512
273bf10f475a01909eeb373633d0bf12df5f06bf60c79514b9ef58b996f9ced2b9e71b757f10f586749502725e57fbf2f5519e0533bb06caf0b9d531436b0daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be0195232eb98b236bc7b46f351fb01e

SHA1
8d1cd86973dee6844b2d5fcabfb10e42ada41508

SHA256
fc0756c0c2d935f50532b240c2889bade824e8d6ecc62210de348ca131026d63

SHA512
9986d7626cbd1ba88ac2ab5dbf97af3327601d4702df31a0c7e0486d75e9ee0ae484890fd792a13768a49fd2995ad6d925a60ea771a5068c7939f55db60d1922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
79f1f6cd20256670b297b49fca3f165d

SHA1
09d2baed1e5060458ace3e6f4e1aa6a42c4dd671

SHA256
e9f2206ac49a6b63f6e09b81f59d0f145d44102484e0a8b90d3c106509dc733e

SHA512
ca8fa7491d2140907db9a5e0163e58cfe7bec8a73e3f549cccae95f67450eacdf1bb3ce419c6dc3c1c68f022368d5158335c734d73011831cbb370548c1a6f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6bd6fa42329a08311a96f127b85bdfe3

SHA1
1267b84841c76046f52d6aac4a49b34ed1d34201

SHA256
63a31e09c7b0e0f98f5986c54da10086a123474d5c04ca8fac19f964795a059a

SHA512
d3520ab8708532ac3767ed4a3bb41c8e01f9a2596939174a5c6cc5879c48e10d0876ca95dd79cf4688beaa5e7996d4e5622143f5f3cda89b774da14769fd095d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
6a786feb3eb82d4206e23c9c99db7dcc

SHA1
40cc1299ae6d43eed6ea3d5384bff272c7d5c4af

SHA256
c3fb449e6471eab1ff64031964ea1b57ed80ff98d5731086dc39f077d33d1a92

SHA512
9a35e2d5cc3898882d0ae7e90532f2e59cad7b503b53a0c0b132b261ab0f8784cc79690d4d7680557b93b4bc9a62dba4f7e8c02ca03212ac96f75474f20dcd56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ca8c739e6337b3b7b9f37322518b42b2

SHA1
438daeac5b17bd0e9df32b22001ba7e3d416e1ec

SHA256
d35576fa257bfc26e7c69638b9184dfaf0b97bd2bcde9af7a312ec040f5d5718

SHA512
864624e4f6023b2772f6bb95d29999b553e476ef982b311688d113ee1fba612bc097ebe6cea60c7680da0a5f1220702a1c86b07ad521ff022d0c970e4b2922ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b39fd418c9fbf7a1871a56f13dcbce95

SHA1
07fa348c246982a1bce1367ac9148ab975498252

SHA256
eb9020d86d230ceb6d6807ee841b0d8bc93dcfca9a1fc58db205d98334670ba0

SHA512
a2e6f76a520f5259e96e9cc82c71e3097787331c31c617ead346931e2dfd5f3b1e7aba4316ff703b343d17667554f4e8e1d3aed1ce8ac08c4a5c01acf2f65bdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
60680d058224889b550876770b522bfe

SHA1
a9aba0384a772f41ccdb97293271bbedd8acb449

SHA256
7e376c20ee500685b3d4e1348e67705ee067793ad005959f8cd9bda423fae88a

SHA512
74c69701badb0b787a30d6903db17f5bef581c2daca93c282b86208401ae35651595174e7fdba91f820d4762da2eda80e80d69a872b377a9abdf9446c1a8bf49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56f142f8438e843b2922e99794a4ec85

SHA1
83e12a07e8048efd1cedc4d70034d599b4f05726

SHA256
4a336ef93ac88e040942ef578eda82c42e39db0441f68b07addd824dfd46432e

SHA512
f9599ee3627fbdc0b54755f0ad3344ce61e1880cae3d4ceafc1e82784801d2e44ae0ad1ccc09bd9cff60c3ced32c1fb6c7392d9065fac2d15fa60528afe7c5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf2049cc43d7f32ef13b6de16b001804

SHA1
58b273736e946e8648436ff0c618ecb72a169a45

SHA256
a6cea0ec6f82e54a06cabde9d2f638390b98ffde9f1e39d42d30e99555091cfe

SHA512
71c56a12443150e3b16e370e2dc27ef1a324e340295cc536afedda2dc42008139e3b93cd04129e827740d906d81ca45e34696cd394df0428887c9bdc1025b5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4a8efb0a84e339cd1941aff1bb5ef3f3

SHA1
2707aae3b9363a585f551231eb3421ba8774bd25

SHA256
ea7e89f13369bb42087680b3fac6ca55eb152970b7aa5927f1bf42ab40d3fd21

SHA512
7b5ce06b471c5574f99b7db07ea85b2105b2ad240cfbc566a3633c2991cdb889c7e0bac6f4dc91e5d445ae5225e59a0b2085b8b9607d7019bd8ece802a791369

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
651c22c770712511e000ce9c0f350eff

SHA1
3444255308448dea3fb34e7f9f6fa4de03613d28

SHA256
8e23b69cb18acda4e7b8f8659e462cd594696b30e8984a4796c6e29c8f84f75a

SHA512
1f6be8633991c81714706c503e04a8dac9db92444a450b94af182d33e53bcf8338b5252b9413c2348f6f302ffc86826f39f28416a86468ff9d502071e8ec9589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e90d0f0093df93cca7760f595887de60

SHA1
23cbaab791342abfe58849dbca8fd9811ae059ee

SHA256
5660b0ce7450b51af219491c438dc2b4ecb901deebc43c81fc7786c60d9a93cb

SHA512
76d64d886daa4db3a8e1130874ca0e6610bffc7e904ed9275616bc74172bb66afe1936409b436c3a90cd735efdcd1a4db40cc4dab75e1a089e6a0ed46df68699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d3e48c00e2e947c17f79e5aec4f252eb

SHA1
cd7d2f8181018c00924067464d9a73c25626f267

SHA256
6d680e276ef562fff70f4ed058e434d5232c00fc8840f8e9b0f70bfd4de82503

SHA512
33d6d96515ad292c47227c5523d4bbd206b634330034b03886b0d8bdd1a33b060867c330d5537b2076b75b15ed2a8180ae482afd3936d229c9e9d408b9842966

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80471297e78d6c48bb54ed2e9b800ff6

SHA1
a16b84a8ba5f7144286e704b110949b3ac6f5b7f

SHA256
a97f3f1a4e4ed2b787a1c98a31ae74009b7c90f27b45372de2f8364f923e9a0f

SHA512
226b5ec661a44bd8185f8d4c2683a95bafc4cacfe727807f8a3da7c6a05ebb795c2b6fcf8f0f1ff242cb24ab4be78217f11139be69a37edab8ed8d6982f7b828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c54bd72bd6c14be5f358ba60345e6be

SHA1
e3808fdaaba0eb406375561c4bc078ec4fe8db8f

SHA256
16a522d4c45954e5a040bf9d3ab3c52a729b7a036134f770b60769fe236cb7de

SHA512
0a79e40dea4eed25d254d155bb8c2160a21cf89c13e216e4be3dc5cd56ecb2a36d67b656b2db227aec716be20511fe616295b5ba700407df8b2b428f8f12e490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6c889290239af53ae7160e2e9704f47c

SHA1
08186dbef44b1258f48b30eb3130bb8e02fd32f6

SHA256
43f7178f867b4b2a72104f2943ea4f2c65a9d7d4715bdfccc524d316a6a8e291

SHA512
dce3f1d514c28ff35276796c36ecd9873646e2271a0118a8c4b91d3354c20351fd8884d3ce9064d20c0d0e36472b033713c441b78b8aa5e9831634b4bf97d7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b56031819521a242dcc6766fb57599a8

SHA1
05549145fb40633cc1cfcfae0330d8fa49b0bd8f

SHA256
74ba8f1b3c33782c8e59fecfd9b131f003bbfb4133bf540f247052703c5d1019

SHA512
1b1029d1dab7d5cf8e1313bd39d11ae727e5d11e4a0eb8e7b0ef0513d51806e1ade433618328cd3440cd76f5e60c1fd0d65fc1516951195e807bbedc53f71cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
690cb9249d1ca244dc892d1a035c0764

SHA1
4a23f1d30998725182f973f58c6c9223f9fcf514

SHA256
a8131bbd711dc6f575c62494d5bf586e018f5c71d7c3c6c6d24d0f178cadfe76

SHA512
adacd9ca586194c3a3c3a997b6bcb9d437f6f6447a4b12764aad53889ef05b10a4e0c747d733205e013d7630ea4f6a2670ffadd4e9c298bd4951f3f8191106ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
85d8f6507d5510117e90783d11ff307b

SHA1
1d14654327e93ac7b9e930ce3b82b72bd3465f5a

SHA256
77181e87f6ddc5a0c6a5c9b233aa7dc839e0d9468c200207166933a10682457d

SHA512
64a14e3cbeb16fb7fcabba7240a5d8dc6b151b96e7348b60d7505fcf65eea2b86b0a58f794857146ac53ed6f98f1d3afc759f478e91dcfd0d9681037de35ebdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0715e3bf315c1542b167d69d59e41778

SHA1
6b994e830ffdfb14490999f67542db9b18ea98bc

SHA256
9f90bb8ebdd3d2ced43079680a6f93d9bec315f4b07acdadd96009fd98591e12

SHA512
076d5e1fb4af2f6f71cc12ac499e5b243959e3f540b243cf9ba060dbdf6a17acf6c55f760cf99243bda236e288a98e38a4d47c1ee33977ab859f0f990eba293b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3269a6dfde66d06bba49e0e3dffb6562

SHA1
af77386bd0d5780dc0416ddbe4ea9dc33b3fe9b7

SHA256
5d07314bd0081f6972cf4a233f2408198c45c51d3ea8fc6b76bd8d7d6d055612

SHA512
3ec66612e92c9d7788707574ad5f859670677798dd65b19b931d9c89577854b255f5d8bf0aa58559bc6c0f26460cc055be97338b00109e406b22ab3072b03ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFe7078ef.TMP

Filesize
8KB

MD5
2204d857867dd9f1d8271ed352feccd0

SHA1
8752ce9b79546eae05f58d621c2c695651060944

SHA256
8ae757f5b55ee600b71b92e6624f621e055c665599a944e599eee9d129117b5b

SHA512
f0e610ac3ef3c499346c1a7144b9a3b79d165d8f695d7159dceb25ede7566dc5e9172be4cb068023ec317bbedcd83564f66ab5c8e6529039b684d4f92e5accde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
81e6efa6b5abf4e1137fc3ed8748cf89

SHA1
1111927e641457662d4dd9874e90e7b093158542

SHA256
1b76f5f416e2f10e851c9bd3a7b62ba4b11e76a6971418686c3bc59ec366734e

SHA512
fb32349d60e6a6c598c683898e147f0ee28c380d2a2e6c532960b9645ad3dd774a80ae1a45197164c68108b48408b5c9b073c2166392670be40a0cf2e6269f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
efe51ca40ff3258fa065dd245fd7d1f3

SHA1
67776cc4c112ffd9d139636dac7ff1500c33c135

SHA256
b2ff5e4cc5e78f14b8ea7d00b3c3f4e6877a3ae736df868905e5c612b9cab0fe

SHA512
e413a0e2264fc0f9e92cc3eeeccdf80399b6ea8145ec00232de41cbaa75a72a47e0fd631a29030d3f52f9f74fd1e88a325bc399e32fc70c17d3a7b9e917259ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
239KB

MD5
ba46e2f36085b4a85b44cc549501c3de

SHA1
3c8190dee9451a29ce872156c79162660acf0589

SHA256
e0d0d69235c462c32041b1b8c67d1ff7aed1e107a933401469879bda6bb4dd20

SHA512
dc4ce881d828227c9a13bd143b904358503d50ee49326497fb27c273dd1d51a2644ce10e1f2b83fb0aa4fef98a43a66b4c1c90320b3018ba30770272c7ec9260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
ad48a3a3af572321d6fcce3702c582c3

SHA1
e1558536dd4d39f600b1f7d869cd612ee8a1d380

SHA256
41b150a1fa9683ef19dfab756ec66a85e8901bbce8c6dead2217a3268db64532

SHA512
37ef4386f6c26ac62a92cf28533d2f0f2596f9e347bd395bab8dde1ce69772500417eb03fa9164943d16d4bc3aabcf0bc8f7444eb2fb220e722227181a3b0715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
e5ef1f7f0efc2e11e5537d5c7c0967bf

SHA1
183412cad9c3a2e88f00cd425225365ed95e82ae

SHA256
1f2b61728f978a55e2b0edd98af03f782c9b6228ab3a3505124f89b51e07e2b3

SHA512
f9f1243901329e84f1a9740309e71d4bb3a413a75499e5bef0951d45f19d8303bba1737b601c88ec2b1c6cbb39d1cebd689f30376ec630059b0d8aa012dc8bf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
589652dbf9ac73b02dc3c547e43ff44b

SHA1
077be46a2637f40de539e59bcb0575ae59624d32

SHA256
4865f188a8a5338c2c76e4533558822f473ce7892f1d6bcae2ea63f7b7b4f586

SHA512
cd780a3452d94ede5c1e52f610ede694c8e51456a458ac64d213c3f4783dc9b106963902ff747e43928f9d047abfffe3be461d7dc9c6b09687e36129ee60a513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
8d35c07451071d6fa060df412fc663e8

SHA1
f769ede26a7900761c872e1c2d150d818bea3f39

SHA256
4551107401e82f60e1ca6cefcbfd07956361ae60bdb9335e170d81328c9891e3

SHA512
c4b349b6679d606dee646d6ee7bf699862f68cb31e1f94b76f6b9e36d9327ccacc2bc40bac79616d33d627ebe4e4b7829570ff3795d5ee5745cbe45e17f32a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
895057b4c1b2aad994c378971dcb5d0b

SHA1
2520f1e2b2d6b77b3c28e1bc0592156075038adf

SHA256
2352748dee842892e56817e825c9c943b89c9ee61fb8c46a86ae18f704cbaa2f

SHA512
7f8527009064b232287351872e03d963a3581b80b22e06fad0e3847b8f299ec2ed74b7486214ac0e42c632f021dc3ff1c5348189cedee2c2cc69b39971350907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
672ed7bbb82dcba0a1d48a007faa6155

SHA1
45062052b2dd8a695d7de83961652db50169d4a2

SHA256
be4561e3cada8f8fd76a38648a277d0c5c100242bf9fc03a9bd7f737fb149e17

SHA512
86344b0964696b77e72a2a8d9b164dc470a58e0882c76b19052c21033fa1b9b0f9b7b6edc56c8f2737a1a867c9ac3b68a6d37a14472b811ae373e1223f484ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
555e97683d2750a718d00427e72771ac

SHA1
d62ce2ce67f30b0e465127e547e6cb05900f3d50

SHA256
1cacad62942bd7f4e0d0e0bbbbe5ff693f1712dfc50a6ff03d218649ed99a7cd

SHA512
dc9ecd58496ea42a6b353c032675dc02b66811a6b2766f232e0f4b51310861fa8fd56abdf631857a9db98b7a7acfbf0a7f02276ee97977cfc3e18e00f0d55b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
75786001bad05cc9c85e6d6fa5dc5a96

SHA1
5ac50c65a4240e7d5aa1f899c29ded05324c4924

SHA256
14e966dd8f5cb48e709125e5c6655716ac0840f299e2682bd9c98144ac3c2b45

SHA512
85beae2dd7794b4ae5c9e9a0e8ca92c68611ce736b8b95fc0ec9cde3cc52a6c3aa7717da8dec86edab132eb2f10b92e6e83d9cdeac900dc64e50471c662569c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\10397

Filesize
7KB

MD5
1c5729572e56d4edbc76bff8a5f7dd4a

SHA1
d3d24e5dcb00543bf2e8a98336cf1ecc449051d5

SHA256
9aca4a8b5756d174ef2cf143adf4a4109bee1daa934a3e16167694299cb98df3

SHA512
3f44aebc0151752d294102c1d7d1b3c4ec844676bd2c8896e8e8629c98622d86bb2e11ed7bee84fc6e054a8dba9e38fa4897112d74ac1684841083559df6b5c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\11237

Filesize
7KB

MD5
16f88b11ee08e38ff10319fee2787f2b

SHA1
c4867e034915711a84ab478fb1489d259bf9cac7

SHA256
3aa6286ded4e975395baff967af4999f201e05ad77f0738777163c83579d1482

SHA512
762214eb2bef51e07394a87972e75054a6b698f90922295a577807dce50c5898ce11ef1cafdb2f2ebfe1e9423295a3c7839e53746e80b5c5f52bf214e1d92539

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\12185

Filesize
7KB

MD5
1d09589ca4b37b180f3ba81b555e53c0

SHA1
927d62d1cabe602161eb3908efe348669a1b939f

SHA256
e278456b2b6ed95ba11cee26d49192085ea0ee424d4b280ee8350a476d825626

SHA512
16382ce05f7f12a4e7d94dcc71b76e5e5a425ad399154d503a5e207098be0f94bc5d40bd02bc08817f759c304b5bc4dbae1e5a45c28304cca05bfe448ba6996a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\14297

Filesize
7KB

MD5
b76ce68a5c802f0f0d584f09ce672e6f

SHA1
22b222e09fd20c8a3e810ca37488702fd683d123

SHA256
cf8d6d093e6b1d4bcc0ccdb0079badce8c3e57947915986245a20f3ebfcc8433

SHA512
392981f55cba2bed005db24c583a398a9d6d19485c52f35af25fcca5850dc3491c171d740212c22339101a525fe13d297c7fa40a3ee65eb3fc2acc78c80df2b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\1608

Filesize
7KB

MD5
142ece2f340ccdccb639c23185e6acf9

SHA1
60a24abf1f9f9ff6fc13d772c8dce310dfbf5e26

SHA256
a57cc3651611db23c4df89f85dd99e9e17fa63ab2023037c627a2ec241885ba2

SHA512
ac88bb46fb686171565372fbcb5055bc08cedd0e208569145883adbd2f7267775af20f8dbbdd02342c44a40ef1bdf40f95df96f83f1eb311dc60d92992fb844f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\16499

Filesize
7KB

MD5
31b8a06579766d2e890657c10dc1b27b

SHA1
963ca1aa285108c31a15b9bbf84a485a77acbd48

SHA256
e407d1c3e5cba4cb1385f6cc5973bc884bf0aba6641a1bcf730e434bd90ea3cf

SHA512
ff055b324e6ead3c026a98c65e490571adb0798be3fb51deb77649ecbf8ffbac7c42dce276f09582cb507df1df181191e89b2c9ddae91939410df69783a3cb92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\17113

Filesize
7KB

MD5
3625cd4ef7ba67d4d1384609b6cb04b9

SHA1
e4c2cef76aa39f4b7628c12f0623f0229a09ff2c

SHA256
4795e615da11a509e18db4220fe5b1bffc1e8ed8cdb161ec6c6a9b96b0821b27

SHA512
eeb06248daaac84da1aca82771e844ccc4a6e6b892110f1e07949e6c79dd62b4a3b1b8ac689bea58bdbbe597bfe8253627969cfb5644a066e7ed154f27e695f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\17171

Filesize
7KB

MD5
8624b74aa0c4e55ff24aa1a8cd7ccde7

SHA1
2ce9570c330e7d5699398694c14809fe17f36a10

SHA256
da1c7e5908b7a9d98b87365287398580538228e8501692fdef770387e8e4a456

SHA512
3b23957b2a3a47087c01c96e73e00b345ffb731ffbe39652c93aa33bc17d71b767a1a53cead27939e66a4dab26faa25cf67ab5f1eee5af50051d112990ae8ae1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\1750

Filesize
7KB

MD5
e893f48cc8e8385f19bc07fd9ace3f63

SHA1
6ca00bd2ac5d62480dca0609c48bb124ffa00631

SHA256
3b40b0e00c7069deb4693e271128aa4653cfb9efa080cf3916d97b3982047d7a

SHA512
9e1716feb45d2c426084ac086b105f835d58ebacea6e9966424fb5f6c07fea974b8a0fc902ac9527f5616341c9c752ed2b217ef3dde98d922ff3016aa0797e68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\17976

Filesize
9KB

MD5
eb66aca5c37af8212603ea790df49abc

SHA1
04828f6a029779f98d61ed6f6bdefe207019889d

SHA256
ed0042dffd0bdae9e3cef94560b8fbb041883f4fa7bd9fb5f9f4c9002485f287

SHA512
d508d7e5f5c7ae51f09bbd0edaa64ada4126b86b1bf5625246da5334a570229276114fc1c9f0ed52a527a14ea0fcb5404bc521c2f1aa6844a75080f0e7962e53

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\18861

Filesize
7KB

MD5
415d50687bc677adc37537f4011f3a91

SHA1
26ac78f26694817f8e5142b62f138fb262ee27c4

SHA256
43baaae7f5ab4c0bdd3fb918c2155a7068094a8be40c5917f99b4f38b879b847

SHA512
071ad44a9771d074ebec9a46ae9d68d2cb39cfc4252cca22e0e8626e6cf1486caf3418d0da13ef65429af2b8d51c7a7af5d7b8e0d64c54b116fdb82328dbd732

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\19152

Filesize
7KB

MD5
73120e86f5295db2eb86717683e3c50c

SHA1
3ec8679e234f7ab2c090c23f95ed23bf5d34f0f3

SHA256
f86a654ec95e50756fafa1792327a110ec1e613ba9f3c6c4cb990ede12ebdc13

SHA512
88c5010f01aef02d072a6f2eadd91b90178e58527c8be3f156637a42ade9e121d2d752e344148d06e8abc273d625da8f4f1fee4d5ed400c60649cb81df9e4a2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\19297

Filesize
7KB

MD5
4efe80bf5a4aa846a9cee5d5b4225549

SHA1
789303abbab6c43c05e108961146e71cdd72324e

SHA256
6f80f123f0ae94f6787da4afeaf404e7ed400e27762509a5f09d3f990c36018e

SHA512
f7c86a1d5ea8255f1e2eb24bc87d720f8dfebbeca3ac34275c67ad47e64cd2b8d907147c25bb50b117ad6e715d153c685792954dcb0d09c20d18e04bddf625bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\21084

Filesize
7KB

MD5
bc2257dba22a04eda490130f36b18f81

SHA1
1aacc8d9ce76a348213352826a0dde31f71f9b09

SHA256
626a142a1496b62904f88bfda2c641f9bec37bbf8313689aadb801d0356188b7

SHA512
7067ccbe94c970f07d2a9b0221b72381d5925908a3942d2059ac904faccdb79c3931903664994e07d0435840e2dbeeb6fd5426ea80609d1eff1817c659c4e9dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\21287

Filesize
7KB

MD5
e9dbed0b8b2180053d87df2f40ea82f7

SHA1
5fb0ec237dc8c43f2b258717ace8c87286a0edda

SHA256
c2a9a062a759539084aafa25d2d8113b1ecad262462d18d54ce83385b9d67374

SHA512
b37c925dfc5dfa212e76d1af813a8b9f2081b26d29811ede1fc0f843db1b991d0a5e96b7e8df1eb5d9cf8fe2c10b8d3eb76d717ebb2666beaaa8ab5688834ef3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\21771

Filesize
7KB

MD5
07b87b8f28ca0908d42b733a51d7b420

SHA1
72df9f047984089b29acaa117c74d03f419f4612

SHA256
263e734990dd5ab0e9acde80d587e73366404974c78a28fa1a52d569352e1d7b

SHA512
70f675ff47697d7a2ff7693733bb7ad85adf9fa35920f3419b089060e52cba53681cb99c615fd3b8388dcce53d21fb71d2aa6087a5728d37ea2bf1322303a0f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\21984

Filesize
7KB

MD5
4eb62ccca947a4d5de61c5dc03149167

SHA1
369983ea988253dfd97f75712c65dff91cd18ddc

SHA256
41153b8823057a4d09da4521cb982fad934c33794eb39d7bb17030cc1972c43a

SHA512
b796c6da1800d6d154a17954856faf1967e58d0c5e2096f40e341079a5aa388186548263b4626bcc66027b66fa7e0f88db8ba567fe3ed31be8249c65e7320396

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\23185

Filesize
7KB

MD5
0dca36a5beedcb700aa8dea033c53975

SHA1
f13c28949bbf167e0b675335c1f09b1ac259f6ef

SHA256
fd8c62ee1600b87a6049441e75ad826bb3cfc93e2a933934241cd11da8ab0166

SHA512
1040f8411ea1fc34bfab7974117ce6d118f39e1f91eebf8784a3da5012504c763eb7b491199403b6607daf54595bca6f464237e5154d051241ac09de4cfc6aa7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\23584

Filesize
7KB

MD5
8cadd63298ac2ec31fddd0dfff7f56f8

SHA1
f0f7fcda5e6f58fe2857c589dcb720989885b050

SHA256
1ccdfbecd87cf5fabb869fd73b6ddf538b72e89090b2e8d6d67d9930f2191342

SHA512
9cefafb1874efa55b5fda307aa87301241043a3d6240c53d5d38a5fed6ce49c34f6ea092ba2ebceffc827a4a5941db0f7d6ec11a9370a08fe488a616da4e57ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\24080

Filesize
7KB

MD5
bf437e9539c813d75a7bbaabb8ad8c3b

SHA1
13c357dc0b3a34b2ce9e5a1cecebb4262abed663

SHA256
67e5798f7f0f62768fcf10886f6d75309bc0c66c1159f2cbe34dca5cc1216398

SHA512
874d4a44f7f3a1fafe3528845f258d0d4d8bdb7ff26cfd46104db63c7969694dd437176f705ea828f7b7cdceb610726570beeb7702937bfab9b18e4432715cef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\24090

Filesize
7KB

MD5
7f53b79b6efbfa4fd46246487a0d550f

SHA1
23caeec364130c5b76643c233d263c3f3a59d4d6

SHA256
26d73cba35d48a8439d40b07a061473e4bf1927f05618684f0559865e9a222fc

SHA512
e143287eea0c3e055b32ba7ca0191a51fe18c3d99b943374e6695d08e468fb60c9427d1a33744a3ba22d58b8589a1cdd1bbda288f5bfc0e173dd29087d52a814

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\24834

Filesize
7KB

MD5
328643a6a829b573761dc1942eae6d1e

SHA1
9299e1c5d24faae357ac5d69c1e317132e23f692

SHA256
482238e048bc64c393dcdd237521b0921737b915e2c44974bafcba225defca6e

SHA512
fc6e14605c31d33a60ce405370f5fbcb7503e494c8c23abb61589e2cf6d36c726cfdd9904d9fe7d5d5b4eb8d4d8ec16c86bb5cf321498a37dbf07e217a6aca4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\25135

Filesize
9KB

MD5
d0fbe5aac61fb8fee0be7656c708c8a2

SHA1
14e24a70d44cae8426185f54bbc48a2db3a1e081

SHA256
aacbadba69e08e264ac018fb9db8f6c45a3c6e24311b816aa9b91567ca27418c

SHA512
94a65bd88a375fa3c80c7380062d5cebe20c5c9a67d637db9d1bf4cfebac2f162c3f3e6d0432aae25828ee9f39dedbe3b483e3840e2a8b4095423f3ec5f3f0d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\26105

Filesize
7KB

MD5
f70d7645e17cc613ab4d1792cb239557

SHA1
d1f9034d3f8b90b51e7973caa160f4e9ab4eadd0

SHA256
38dc32785ad44c1a05a493cbb60720f261cd42beb5435981f3cc662b35337482

SHA512
ab157a5ad72068f5cbb48e24546606d0d9ddbdf4be225bd4ecd37701a55f6ba9842b07e9b771cfaca5331c00143eac59a0b2860ad188bb67890cdb2c1352125a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\26217

Filesize
7KB

MD5
df8ce9641909b9a32aceb3d712abb212

SHA1
2905088753724a0f458ebbfbaeae2a27023ee137

SHA256
7919c5d9f2dbc4bf99e15c10dbcfda283f8d403c8c35af7238dd91cddd822558

SHA512
2c9ec278aeba1725a33b79fb1377fedbf651e438650cea6dcbb01a8ee916cefc20b33b4815be1850bcdb6ace4f1d39cea5410aef70e1b656c98b45200b2134ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\26835

Filesize
7KB

MD5
3a83ff122a05f65f96498b8302741c8b

SHA1
932ed82705904c0bf653999814163fd50a7ad1d0

SHA256
2511cb830ee27442720aa481d8e3571b9858bf1474e86a7da267eff96ec8e28a

SHA512
02365fa0d2da599138b89d47fa8caeb7d0ac8a3653e9d963601ebd835ae957bacda45b42eb7ffb36161f041b52174253e6da8c1b93ba5214118a0ced18183be7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\28043

Filesize
7KB

MD5
79a7efb2398b0a045c5a533e8a20f31a

SHA1
6efc415dd0ff702c23395a32f24ef54a9f43ea72

SHA256
ccac2e97288b59d07059d650ff7f48a71c4e3b6fa2cfba29d48752423d2eccc8

SHA512
333f618bba08bbb156e54a86087ae232a3ae8b9ebff2f783b17dce8693b7d8e655744aeb242407435c7f1787e51c54e9f4823b0d53be1f1cef1d03d137b25a67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\29395

Filesize
7KB

MD5
21ed0ea0e0d2bd283a7cce5a88ba636a

SHA1
6bba983f776a6a5bc86095e0bae36e173ca4ef43

SHA256
98e33111c9dd58683129c667bd7765b07514f5ac7faf1a2734c2e2352055d6d8

SHA512
9b4ea7a387a694e9d68cb0a98965c65cd2d9f2074dbdf5046187de302d8a2cd5e63c3f82430d84f939082c8b428f4bd8a5a4b4431ec6bc96fcabe87059fd9ff9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\29398

Filesize
7KB

MD5
ecc6c71b863f69e12f8575c40cc012e7

SHA1
b3dcb2a4780c167909884e5c1ad3cecb792ac81c

SHA256
1db0c410c167a99f298706a0a9d576de1cf4e4fd2ffb0c28db47587a24501cae

SHA512
9a252878f6fdef083bdc38ee4419b5e5d737ed7cb50529ec03dc40b657cdd42f388efb1108a5ac70109cf0119fe151dd7996f45a5016780958deb480d2b5a9e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\29504

Filesize
7KB

MD5
7342eed43d4769032b540f0aa160f88a

SHA1
3ce5ad52bda66f922c740ca7dceb34dbf3109797

SHA256
69801a038d03b97b693508704a41ae69e5ab0ddb2c27e684033391bdaf644cff

SHA512
bd53a66db1f7fa3278014fd336c604e14e55816ffa430ff1c51f732f4526da54e68deb1df86ff341f2e3e4ec40143cd4a16fdff20096d3eb3fecade74e2fe000

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\2968

Filesize
7KB

MD5
7195e14ae3aad6e6e43d934eaf2443b5

SHA1
2485540bd31cdfead5691f27f7f1eaa654d694ef

SHA256
d83ad75fb7b88142227e2229cecf8b20ef4df7cd509728229ad9a2614988cbb3

SHA512
6c7df4c1434425625c213e769756067aae60f42397367f0c3c047853f90ab3040aee6251d3f4e2be7d6a717ac17cc55ba4008977e245c2b866df115368e4a875

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\30954

Filesize
7KB

MD5
5e408417f5e9a84b3f9fb5b0ad6f9f59

SHA1
f4be461ede96b194a7c6c3237e230a39b22ab179

SHA256
ef2dd38e30ecbe19944bcfbfaf8cf5706e224baccfa860187dc9d21d30cbfe5c

SHA512
4f04072f31d501a5422efa393cff60512680d76ac23502028d2084b8700264b30023294a6d9be48c74569cba9d9ae75fa713a2f79f5a58c4877a17396188620c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\3177

Filesize
7KB

MD5
a73f4d69f799b4e40d1c23b793abb7ae

SHA1
37d10f96fcc430752073abddf2bcf511d499fc2e

SHA256
d2e75c2abc0cc49b1bc71a6a022867b5b8506268f46787e0c1680fbd8542d7f3

SHA512
f1f5f8b0a6c6376fd6adfdca2d63b72dfebda4f3ed87550e45ecda8034a6f3b1e07d233db59e2d5c1e3e9f0fc26f208240b4eef2bede8d87e368320c473c3e67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\3207

Filesize
9KB

MD5
3e2c2e6b859a89f6c742ae4064925323

SHA1
b28240e2a7325a4b045ea9cd2419f70a3594d039

SHA256
132bd2e08af51d715ead95a7912f8755fcfe860cc97e0a985dfc8769c6737173

SHA512
3d16c2c41c9a5a4fa96800764decff1360828dda72c3c46d6e55f6b37a9ff350ed402a9b43dd17fb9d41282f62080241956afecb422d014621ad09baa8552326

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\3269

Filesize
7KB

MD5
d4edb33ecba94c2cfdc34e589adf5b8a

SHA1
04f4b11cb49b53c93424c77d46ca5b9d747056f2

SHA256
123881a1e7190bdfe03bcdecd2d0444ad5fcaac12d713da6d57ada184b63c5fd

SHA512
05e1feccc310df1a62f21c61a42f90861f8817e82f2b0c8121dfb87e33447c370e3b0be4d0fd8abfe0e5c78fc90eb881d8273b214308aa6d558d2087200dfacc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\3551

Filesize
7KB

MD5
3447aedee7ad4b47ee5088893e0fe1d7

SHA1
ce7391574691f2f6f01482994459b01722f76030

SHA256
ebe548dd09821a048415d2d5bc0efe3fc078297fbed3e64525d060b36ac747d8

SHA512
a0493a1d3078e1c435d96d26f69af51869d00f5fbd40911d5454569ca80f9d366a8032312652bb3f5404d78cbfd6bb96f2f8a67284a1b36aaebc06859b752d13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\3564

Filesize
7KB

MD5
d1d23ff9fe614b81bc23c59398d0293a

SHA1
6fb9bf89aa3bc8de109af5ed8c02c89e8e785db2

SHA256
7036f01bedd430cdbb57b3d8037eee6631b866686d860369c90eaa6035cbede5

SHA512
10811027d15592e4871c25d02dde72ba99872148c39c48133acd28427e6e288a7271076efa99d05d73cbef33d9d6f7b0a2a11967d7a083a8b2a8c40003c002ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\3862

Filesize
7KB

MD5
a337a291856491a15c03ad9e524f8635

SHA1
16147994bfb6304ec231322bfbdc6f439ca8b7da

SHA256
7ba5083b469e89765939f8f772696a512c3913d979219daea2f3a5a14dbaca7f

SHA512
86ef7ea95aa6e2eac232ba39be74bfa684ebbdb8d24efaf1144bd46a981f62253026c29e0134d1a6f777580cfaf2588c796256aaf84ffbb72b18872ff4152464

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\4309

Filesize
7KB

MD5
8ad37a39147106fdaaa85f8af83cb45b

SHA1
02a783d95555a216226bd695ec482022d0c08a56

SHA256
582661ba238745d92ae3ea1dd36e63b6e2eb4a3ca489103e20e45dbe7a6087b6

SHA512
472da1a47fa2dfe0a2a66a2c82b51c655fb5a05ce2df814884e66a1e3d29b45b2b7064c6647ba3d41164b192c51a9c0cd2e74962968604ffa45ac8939c35799c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\4957

Filesize
7KB

MD5
18702469e08b8c43ff4f86217dd9a330

SHA1
a09c6cb458d5f0acf123fabed3f60904ddb3753f

SHA256
f7d06585d9f851c1572f014c2074ccd53fb2446e3e74808fb0a46e628dcedca4

SHA512
449f5ef6b743444700f7101031585484073d5d7859ca2bcc173f74548e8005507a374fc3f6279e14eabc2f8ea59c16480e93638ae7439e4d4ed2d42d06464d34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\6621

Filesize
7KB

MD5
bef55ab2707f98ea4e39da421f7b3302

SHA1
9cfbdd2371e9f40e5772798c7c20539b3ed57946

SHA256
b57abda01aca0d0b55ba01c553722b84c4c01cc448bfac987d5058c72b323ab4

SHA512
7a4985c234407b1fe12e1f0a15ff47fd573825e0e21f0c617219fb2eb43c88ece5c83e695d9d79c38263bfd4206b064f7869dca588f43a8bf84adaed8cb9e7e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\686

Filesize
7KB

MD5
dcf14583ddfe42a1770a76552e69da0d

SHA1
871c844706e8fa0bca277796c2c46b27664a4795

SHA256
b003fb553c79e89f2a43d4a3c47e444884e7c37954db42f5354106ba9a0f3897

SHA512
9552e0f9cc8b4346213106429033942d8ed540ab430feb82c6f1088fc0b9afff911fe23b867c86bd3b7d7e93b3b56120fc158f4ffcaaa8fa18d06504ee716b8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\6987

Filesize
7KB

MD5
b7fc2b6e918a986435db7b06fcc1d9c5

SHA1
c8fbfbe61a627af33f8cc876aff388daf5293910

SHA256
6170c544dfdadcfcc22a8953e115f953d8962e301b0c29c68d4f6553bec12d74

SHA512
2515874ef7cfa251e1771792e91f56e09c8fbd6e094d10a980fa051a6f699509f0b5c4ac5c39c3a50ffc2632f86738e890d8241ae366d38289a6f23f4b277f21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\8261

Filesize
7KB

MD5
f9930624ba4a492ff9a01289ba8b6311

SHA1
c929a5f2a859e31b951cdaf19c7d4d4cdd962bd9

SHA256
554fa8a85de7285d82a3fd9dede92189511207e5706123b4bfdbbd0f5964d7f8

SHA512
a4b789f1c0d3e2c534c0a8c811e8799a2eb8b501084b597f52704cea0da6a91543658ca71c3ca3aba63d5e812179e7ecb100bbb65cf0a97eb6e6b7873e004dd1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\8945

Filesize
7KB

MD5
aad4726c3e5f83fd4ec8253bd1a32b30

SHA1
6ffc4c553816b40874744231067b72317e9bdfd4

SHA256
cb4a8037b078d789e82d7467a1d8116c36ab81948d34900cfd54a1856b28b387

SHA512
641a1c8b0b10f473d5c1d0e5de8a4d3447606a3311cc1376c167a91ce5e8852cbcc9359820ecc42374eec19a89908d621ccf1cac12eef8b04834ef006243aa8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\9111

Filesize
7KB

MD5
00ce70b438d7df30ff268e308643abde

SHA1
c23346138e8d0a7dc0eaaa3ab063491917f84323

SHA256
5e3930f42ca729833a2cb97b01b66fba1cf990e0e2c80345b125ded3b76aba7e

SHA512
39d21b772ee37b65c58ee5d81972b96b151066c49590a19bd71cccd13f2c90c55de79b72732500af7bd7e80dfaf84e0da293b2cf1e9f9960e50b4dd1e1c92978

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\9217

Filesize
7KB

MD5
448b0fd0b4c35469fe0f011482ffeb20

SHA1
3273e8036190da53f6b0fe81eb764ed96fccc08f

SHA256
3b7fe1115eb4cb17659ab09df35aa99e799596b6f8fb87b47f2b04f40be4ae1d

SHA512
c9959ff2b2f1810159d19dd50c16f9869ab7767a01e9cde18ae5fce72fd4b1f77b58bdd2ba94c57aaf99ba129f94f2ee50592d56491d7e6c1dff7623ce74b137

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\9983

Filesize
7KB

MD5
9d3bb8a3ff556ca19096baa848f67e13

SHA1
97ea71fa8130b457d8a3f85cd2eee85c238086b4

SHA256
8afe0f70411390ed234b801b5c718abc0f8b330ad2d099a7580e6880037645c3

SHA512
4b8d47e78f71539391449650e5ad487b2682d6778b1314398ec41ef92ed92c2700e0f7ae3694c01469bd6adb69879d3b019704fa30a197868d0297c3df03fd2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\15520C82D22206B61577FF4F38779D8DFDCFE55B

Filesize
2.2MB

MD5
2fcc675830265fe1bb5f4eeca3d358c2

SHA1
9e4d6311426c3545de63320a7c51e55635e72813

SHA256
2027d039550275f973d59d8c55c8a97058da8e7e10d3f61514272308309bc2fa

SHA512
644392aa72575c690f37bce18768b2680be0d5e94c1d889eaf9366a1114c0fdd1aaf81734e2e0a705e4e36da27bb2c280d8d9bb1e6bd35fffa97cb0d36c7a23a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\335ECA6806549CE9982909CF673DAB874F57E722

Filesize
22KB

MD5
906ec2e2cdb2cd4a872d9a4322e22956

SHA1
3e29237172cb1273f0b50867f06f07643db4c0a2

SHA256
928cb640569a703ae5c03950cc18e4886da7592a99ba2b81b1ba9d40579be73d

SHA512
7cf6c4fc64f236048b1ddf362795b92141f180b0d3fa391e8404dd4ba83b765054fa905c5e944e360032d888715deb2c228a9adfe2e37d3e08fa8b74bd1ba071

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
a4675113603c8880ff4ac9e9a64a4683

SHA1
d535dc30285485a63bb075b6497970b6f5dfd6dc

SHA256
fb9650f25e8b338fb11811f8802e30e8b082d8de64b4ae22b542f7d20e472386

SHA512
faac9d3b15a2d6544338091b9a40f11308c2a852893abb0c1499168f2dfc6305c12bfe983f5c8a1bdc94c7b2ca681eef38cca596451fb2a2211510ee4cfaeb75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\8CB2109AC7518CC127DA3C912AB95959D53F862F

Filesize
132KB

MD5
fcf44356f6227c807756d3c4fb1a18fe

SHA1
849782de1fe170f5c43b81f4d7ba702ecf5112d2

SHA256
528f03604b31f53763c9033a015bdf7aba3d8922e55fd7cb5991588a5a196e31

SHA512
a4d708b5ba4038ec87ab3f39d74d0210a461e3cb37280dd4ec6914bd7faca81f9edce631928166cab58780e2f701a699303d9472728eed5e68e91953577053da

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
de34a6c69ebbbc3e1a3ae0c4d4b413d0

SHA1
58f297b505177959c424d7247443671f904b5d58

SHA256
151cc6a546dc14c6de1ee4985ace2f93eaf7a40a829fea0e8744298e8dc8a7df

SHA512
f87669272e7b95f8b436c01f23563e0f23a4ceb25018ee516a00c51beeef4d8164230eb554d74df805b0869d589d9b2f878f71f43324ed3df6ea4a9e0018e042

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\Code Cache\js\index-dir\the-real-index~RFe70e7e5.TMP

Filesize
48B

MD5
9c5898dd8a2f439d1be47e7af7b5e6db

SHA1
f927bdc3a8c07283e42f3fb73fdba7c1dfc70ae1

SHA256
eeaa3f0a0fbd83d30c3ebd61b4255b385aedfce7ffdc8da52e98ce292c37ddd3

SHA512
d0b2eda95bf2be3cc99354d1c36177d48a66b1b2dbc838294c526119e400d670624b3105372019587aa8b10f72a0d7865c4051fec29468ea96dfc220d2db30b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\Network\Network Persistent State

Filesize
1010B

MD5
a2d1abe0311e4ae017ed04375b3fd7b0

SHA1
a3f923844ae6e61fc9a06c0fd62fc5e5e680ab8d

SHA256
72326713ced3e6c86560b845652567b6ca918a9c211f1c8a13024b6faf4a1225

SHA512
21e90b5a93145e852052d500a21aea4eabdb9853c4ad9274cc64a00eff5968230dfe45c825edc88c21794f8734a956292fa161ef34eaab59aa1630dfe9a9a128

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\Network\Network Persistent State~RFe70e805.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\Browser\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\LocalPrefs.json

Filesize
717B

MD5
9e118d37ac1a445728b90712b37d1166

SHA1
9431e56df78476dc8bd81f700d085b63792f1bb2

SHA256
1a692c99e5151fefb131532013a916e6cc86e539a73124ef346af61eab36bd68

SHA512
233cc0354209b185389e04df4fa27368cb6fd757faddc3fcb412c899ce61bf4f763f1d2ee5132b9abed77367dd2c8f1529f456672c0c3bf40bc9f8c1d92384f5

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalCache\Spotify\LocalPrefs.json~RFe70e7e5.TMP

Filesize
529B

MD5
204c3c392bb8d8dd2e3be80ad1642c69

SHA1
83ddee857e38ce8bc82b492a28e9e9ba7e611724

SHA256
f318c7fb58d44794d7a14ee6a074ef070c7fa523c1dbc438997bb0049917f582

SHA512
ccb92c51224080f59de77bc477e816129cad1919f6c1d71c0427c5d956d741ec42aa4e081f340ef19ba95ab36b9e63f956a60d80092d8d6c5975c2f84928f076

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalState\Spotify\public.ldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Packages\SpotifyAB.SpotifyMusic_zpdnekdrzrea0\LocalState\Spotify\public.ldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\stub.il

Filesize
1.2MB

MD5
46b71446728474bff066dc2c260b1882

SHA1
93b24ad8050ed64833c4b2bfdaf1c5b2392e859a

SHA256
151b5a11758763bef3400d103bc546c7c2d5b946a45ffab4981c15ad288cf7cf

SHA512
024c6791e77540cca223ee6b5ec9f1a6498a483febeba2f5d5fd3c7d30d8ff9491e9069cfe99178a35ebe7d8c1328e7f12e4eb032f717ae141f8f27d3140a415

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\ngrok\ngrok.yml

Filesize
74B

MD5
9d2373a47940b64d00403de5b09b15fc

SHA1
ece217b86e94b77fe7bf97deb9e289776685e534

SHA256
b3825036dc33daf7856f47c639f7a50e2074c533948fa1c474676bbaaeb21ce2

SHA512
d70607ed5bb58a2c30fad689b9dbc263f629cca8682608315e18ac4050e74a9103a0561e90244e67ae8b8282456d3cfa819d2b72bf16ac4a1231dbabb5f23d26

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
20KB

MD5
0161e905211bc8f86039e95054b335bf

SHA1
c866d40bce0826b4542db50985a652ab4928526a

SHA256
038f95b8f0fe7ad67f55c451c51bcc68252b1e6109f0087a782a6c670793e98f

SHA512
4dac6ba31d8541e4fbc9f13aae2e5f4f93607522b2c541a1432d78a8730827a335301661eaaad01ab8a6aa5503fcafe579f035bce1a1a7a15ed861f520f037bc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
e2c3e701415b8e336d082f898a1e9a3d

SHA1
fdbe5d968eb87c894f0a3df009a34869124eb83d

SHA256
a5b86ab427f99ae9cd42c0efaf8a55a5f413d03053e8770733ac114971f51d97

SHA512
3eef1eabe6ab160323e358fd2e556d798409361f1205faee5496bcfbb8c6e2ae5ee56b09732d4865d6d005827328371b2cf27a5dacdc1679e98b53881601adf2

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3d73ccd2f87a8b6945f0bf89c620c887

SHA1
0c4785f6e35a5bae5660db7bfc9a30d233a5475c

SHA256
bae9f5034f82751b57d3645ee00cd62b2a696f259f791dec99aac5da0549d70f

SHA512
0cc34a0daf24ab93816ba3fda5595d9f2e618b7c0ed070ceab374d4afaab15ccd4f64c4f949f888f0b60754da6e09d7ed7dd8d14a773e2e29d599207561164b7

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
decc04247e53ee63461c96b7db1bec6a

SHA1
6841250c5c47b29732efa71177171437540a138c

SHA256
5b7ffef94bce0ffb56d28a92c91d22706fc052dc17469a6b0f6368b25d2b31a5

SHA512
c2dfe25855e9ee4aa7fccd7ea074360010d669768aeed86e881631a70519d06027d141549ddedae90d06f607c5dfbbf7d09bdd55d0b7f28b10080832a11cb850

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
b89d2423f5efbdd435ce206905e228ac

SHA1
820194b80bac2c717cc6da41bca4e21b0daa9391

SHA256
43b2662f772e7c59c27e7dc50b52d1865629c825b7ba3fddd3a14986e645c2fa

SHA512
5b026b91b4cb1d029ffead972464a4f67839cde8e1f49a39396234790b1a26aaf73da237896be16e99bd3221609c53f9cfc0951bf5e621dd8a7b0cada46943f1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
65d13d53121dc23dc019bb16d4aba919

SHA1
764717f90fcef8362efbd2873ff1a85370c32a07

SHA256
eb008c0c0f6dcb884eabb004de0efec9e21022be3dace4bb2c005ac51f63158b

SHA512
f33c61cebf7f57811db877fb917c52e55bac7c1d252d80d62c2b1fbdd5bd3248996d692868b6158e55290edb4dd51bd4bc9032a137d82e12e6bdcf607483021c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5d13be98b90828d507f28340d0954da1

SHA1
4a702cf65cf796df0e96d8925f8aceb602079e0d

SHA256
b19dcc60a852dfe2fc3c7530964f46a865dcb82d1f0ae00d51b403cdf86e4da2

SHA512
90139154839a8e470020c0921ec3b13004b7da6319e2d0222ed773465e1093076a28ee715f8d752fe8916da2ee8d4670fee0ac1cb4f4281bb90a0f162bb26655

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fabdd9b09cc572c51749aae60b78daa6

SHA1
091a2d0935b519992bbcd34b558a047508c625e4

SHA256
3bbb77b3d5f563715af405259a3a8a4730332be646c39c6652e35be193b60f1c

SHA512
0928cb31e37ae582ee9e59ccd91e344e72c6e1504276a066ae32803dfac532be7be734d1ce3a687466114ac596b2af1850caca40b907d76feac3087ef70cc745

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5ead9460d120b983614be124c8e0c801

SHA1
89b84d5ccabf50950527e9343df0b95a693917ac

SHA256
3420836fcf48f0316ed209f7a2b017ef457098aa345f8c821d96e561f7d873a3

SHA512
7c49aeb490aa8a0a55d002533f43ddbc03839c0fd455604a896e029cf5a3aad078ba11c54a94b71b24ea3be13d32b3c4edd7f08c6c4bcbfc4400f6ebbdca411c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
06e5be2ae2e0a197c574cebab2d58cac

SHA1
f8157cd1a59688f7d02e66adfa95be2ad086bef2

SHA256
c6d50c7b6a8b1f169fe510e10f0173aa0ebb30781ffb11cd31a0036a96480e93

SHA512
d242f5ed002d8ff1e0ca8ef2bc0eeb85193f0518b7c7ddd960ebd205a2e90b52e6f3c4c6e02b917521c00756a77b17878ddc5bb23fc1847e196df9c7e9536eb9

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
48c0d5f272ba48ef10f958224228f188

SHA1
594cd27dba222615e99d57564a52ef3f7f3dad30

SHA256
fe8daa2ade81eb09305f8a84f04f89075d182d8b559f3733a46e334d67b2c1af

SHA512
2365c3a8023b8f8e9383bb79c10d09477601ac6c22ae288a59bf135c3fac9f85660dd188a559ebf060eb72b8c91229116effca67b70e14f9252512156becf10c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
9fb133445839aa16924224b27e4d5aae

SHA1
ada52d0dc40ce3a1daddb5e7d292d16530d4ef83

SHA256
e15a4f2bd4b36489617231d023a48c825f020ecf6faaea38ad3c2642afc9abd9

SHA512
0d6a6fc1fce7f29f55af2be35eaf7fe1c3a7ebcc871c58a6b7f6eadf647ff16e6a5203379d2b7d1b38184f298ec26f52203e20435be36d539ced0a15ca7bdb58

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
d15cd7e4c78f4d83c9903ed93397c5a8

SHA1
f044a948f3023467deb5c05b122a271119e82cb5

SHA256
82d9c2de4c7a3d6af03d289e01f72d46fa7e3ac8cdb56967db093e7b88631c66

SHA512
9778ec020c964b48a4b9e239c0e058d51f27dc30eca2cba307a31d4fd5660635580e79c615569890d965ec5912bcaef65a7b3f000a93f2b99eb83f2818f91b50

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
70885306a0a905bde111b9599e7c91e1

SHA1
632e544a050cef4874a7743b219548c0cea84eff

SHA256
785547c7a6d7b354314d7fc7a8a3431b43de5372ecd3f686789207dd12dc13ef

SHA512
f481ba4f2ba279ea3279c94cfdbe72798f7367e96b76bf902e9f951eea986cd21661e34c0da91a153588b7301e619f7a9a4898136f1e62d04c061e692cc6cf3b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
89f318fceb1bb022cd8ec60650c0227c

SHA1
c76f45334f71f673c17f3b6057613315b1a9b61c

SHA256
cd3a71fb795ad0058d1bd59e9a596cb7e30acb3bfa5a9f888225eb8614fd3bbe

SHA512
56cea9701a927929159a90980329827d32236eb7580122785453c489723cc2c16cc7ed59292f4db32711fa87c6cb760bacdf724984d85d47cde00ec17b4f77c5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
a0395736ab75b1e12f202084170d62bc

SHA1
8f23bff7ad029a3ea3640d4f37b9b5707317c325

SHA256
1209b9621fd6ce5b5f652baccedb856a5ffe120e371d3fb4b1611f785064a53c

SHA512
f136a8558d061ef658bb0cf8b081afdf66b95bea4bc08ecc1c90b00d57b91b0ab5246b542bacebc13325dd8bb00b51951dd5da3925ed1250731d448d7dc07b91

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
e731e09b74712646227850d4d0dcd903

SHA1
95755201d65afc80eac9e9b7734e44e3bd82ce34

SHA256
480d9e1d2020fd71594f61fd1a4788bf476d369b5a05f4766df2d884cb092508

SHA512
9a49f2225207849aad2c71779eaafaec85a75058a20bc3dd0d9765924f58eb9bb1c3712e955c123077d9e9fc47b347b715beb6c0aa80b279df4bfb645b8a7eec

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
71f8244b8a37c392d5060881c100ea20

SHA1
c58e5533a625621bf175598f8e02e1963caed06c

SHA256
22044bd2f387896b4acd075750cfb055669cbf728394b6de862a8a7fd28544b8

SHA512
43afa4644088efda19b93734d1a0f1d7f6c7a8a8d58b0dad7413757e6a50be71ff3462d669a484c963f6e6718e3807ce6ea92730326c92ab805ea183cff2ab31

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
3705fbc80df39070bc889bdf4e5220af

SHA1
8a92703d3839fe59e251a3fb80f7352ff480ac97

SHA256
c5434f61237eeb835751773fed259df435b1a4d824dc6bbd28c3725db6d526a5

SHA512
4e667b0c19f74838b162ab8d5c07c632f9247e20b3b40a7f719b69da1ccb1baa829d4974fd6fc7a9abe718495c6cbb7d593da0e1bb43a97a6065c0c5cdf669aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
f53d18d23e92a8ce22886e28bc07c474

SHA1
b7850c2e9e4dff062d50a91ea32d977dc1b53b59

SHA256
38e074c7c9e3853befe3162c9db49ca10f567d695c26d28390131bb723ff31ea

SHA512
6ec07019ded45cb0a182f15848716eb1f7faf71625fc0e745e123ae2bcb51a210420a620539dd536b21c6908157d4476de32b9c158923c42dcb622cad2468221

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
107c38d54b7aa90008d8485dad9019af

SHA1
54b539c8b35b78b163644f8d69bfa8fe38731ef8

SHA256
c53ee289cb9b77f5aac422b55a85448c3979f8a8a40a99f2344855d85c72a631

SHA512
30d972be00b0424fa6e4bde599681efd4bb250ee1d679c0fb7139a846c37e28f2c42613495456aea953a2e6b5c9593509b28fbbb59255ef5e42c09bd4d673128

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
cecea0f3dd7c5ff762b84a6eef398c6f

SHA1
9ddda9a3aec682e7f4d598bab0d0e9f9bdd71381

SHA256
b17a3b39e02056b6102b7a62bb5a8f7ba19b344cf433631b0da9cafa814044cd

SHA512
d9fbd2093365868f0967ee8b6a1436a1e9c5ff3064df58705a3994503ae151e9fcf2227b5a54e2960ad39a4c7c54af3950182e1fe2665105333a53dd23fd6745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\SiteSecurityServiceState.txt

Filesize
459B

MD5
324d19980ce42e5321f6f054b0ecfe02

SHA1
ab7a56a80010574fdadf5b07a0aabe645cc4ee84

SHA256
bbc23fac701a40856dc2461ab7e8f0d4ae3c328e9d22aa23097940e89ebb786e

SHA512
7358dcad49774874ee0f4400c2f81f97198f183a34060f43d6807d496f5d977c7902c08c442ca7479e8efb303007ab25545bdc30e3366c6aa2a72b72b25c96e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\broadcast-listeners.json.tmp

Filesize
216B

MD5
2eee11a8cc90534be02137fb600f446a

SHA1
a9b29deaff2201f699e0e1968e7b7b6ff44db025

SHA256
fc12b2adea04a52032483cf4660915ad6e335dc2b9a2d0a67c013324cf9a25d7

SHA512
641de46bce154a45bcff1ca28bc5067521c8d7bf4df1bad1e1f58fc4c985fa4f35e916e4e7fe3db58097f08270f5968542cdf468ddecafbc2a3da26cd58daf66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
950731f3d4c70d3e8380a04eebed0136

SHA1
e427d1a14361cd1f5fadf8b6dd2cdaea49dee5fc

SHA256
8a96ce50cde412527ca106c05643a9a03ada53ff6761cfbcc405baaa9da4ca87

SHA512
ecde82fc67e22e8ce66effc461f52c67acf7cfd10d16967b89bbc28e3c845709e9a2fb1096d0a5e79f9c7e56d7a18142ebe1ee774db4f99de3df3e7160195271

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
18KB

MD5
674836dab5a1517134a1672dd6ee02d2

SHA1
653743557cf28873c66b2042516883179d7e079f

SHA256
d88dac177fc982534019bbfadd8d90ed6046dc07fe1ddd7ee4a9bb0adb76e7bd

SHA512
01fee561381f096add1746221332aa8869f8fc2bf56fb7bacb341e767c5b885f97181e7afa42cc2bd62c3d5264d3307af70151acf154f06bdc26fbffb90b61f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
a294c253c83421b15cda2b1b61027e83

SHA1
968186012bdec3f23e5bf5a7b73627e16c340d31

SHA256
e4d2ef07fb6305ab62c8fe074d9879c4070fc09865cafc13544ca0ab36592e3c

SHA512
19dbd5a40a55c32697c2b3a9b802e602226aac161b23d930a55b545aa86dfec799afa6457f593195bff79334b8f9af56d3a11a3c2dcbb5365ce8628f5d6fc95a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\1bada63c-68dd-414a-92ce-a54082279134

Filesize
1KB

MD5
4815e15b1a8a2ea145574c3f9d66adf2

SHA1
392990913f5b3dac17a8b365d41d6ffb2906456b

SHA256
f39dfe3eefce9f14b9bb2916604dfbccbf0ac71b583e59bf494f5e802f4aa535

SHA512
39f33630356a5967dab78ee4e4b1119a713a448f7ea543b653aa5febde5103052e947cb0d2f8f4585f8f0e18d3fb993d5ebd3ca4f2f2cc883b92984fb676ed35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\9b900846-fd07-415d-a0b8-b01c9b8ff572

Filesize
841B

MD5
b1477bb31a39f8b3a1a2f8e2a729db66

SHA1
7dfd61d6ecf1e99484e560804c21072f613977f6

SHA256
00a47225f07acf8909a0fa7c3f5d4f5d0aa5bc48026099b8bcaeac41965641b1

SHA512
ee0c874deb6e930ee5b933a4cb954c289d7eecb2cce8d2239185ded6f498e74cbe984dc97fbdeb1b2661675f036056282ff1245a5cc3483e0979bef5ce069f5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\a0f568cd-698e-48cc-8d18-c08260620166

Filesize
713B

MD5
6147512a82ddb27d7b5d1bb9d295ab3f

SHA1
a06c40546be01e951a1dbaadbe10e62a91913ddf

SHA256
93321e08391a65dc5ed83afb4668596394cb05211930fde985fb15142165e7bf

SHA512
3594b4ee73a0e160ad558079bcc6305f6561d24bf4494d029879e412c148166633a11bc22907253b6e1e8b8a5b5bb2cf82624ff448296245dbf29cd2111c2c43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\e08cdc38-83cc-4094-89c6-e54018e3c7f5

Filesize
11KB

MD5
453808190661754e72214903bfd35373

SHA1
a26d75c5a8b2e31750fe70c23168a0dedddb70fe

SHA256
8715c9e19fd7ed00c02da71fd0e64e74fa3939648448dc23bd4235a0d3d149e2

SHA512
4a96f2c691b1f33be4bdc9801c7087f86b81e73cc1fc87bccbeea114399b30b8f9cba97527db6f12614a243388c84df41921102c66cadc12ca328df5933ab7c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\fd435339-b13f-4994-96a7-03a689b15c4d

Filesize
746B

MD5
1d6b62cf5df98b3095d497f798630d0d

SHA1
8d910db90c0a9f3f6f0d7231f1184e84b7f9a520

SHA256
8ed4a5b4228c034fba552685f593c641a5b253940b412d71fef6f50549ee1acb

SHA512
c103934b4df0b496899f5d4ff030e60791cfcba539aadf63dbe7ce3d24aca4cc4be55c1e53a13a6e740b338bee6dbe09a88ca97e1f3bff07c5c4539f94dd5cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\fee993a9-2f0b-4bfc-8463-159bc845a3f0

Filesize
790B

MD5
50db72384dc91301341995e48d97549e

SHA1
31123fddb8b503418bcde828cf849b5dc33068be

SHA256
9a0f6cbb1d18b20b11e47dca795441813558ca8a7fcbb638cfdcf17969cd3530

SHA512
75b94b0338ffbf2277fecc9e4072a119a3ce51b4f6bcae4b4ed68a2e30c964254dcebe5b6d3a959f283f1f6ba85e2337ca9e7ec445b6f372fee0de09c7305c7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\places.sqlite

Filesize
5.0MB

MD5
ae881ebd312bff31975a392feaf16666

SHA1
46cb2b3dcfb1beb592fe5270b9cb709d00d84b48

SHA256
025cc951c6a3b5ce9ed08d50c19185df8e824c09d530495647ed21de81f96bfc

SHA512
4799e4a3f66ee6f2d1f32edb911d39f4d47d26315cb662d64bfe5637b1059d751695285946ef22ffb379a64f70f4cb19326249d43cc16f486e61083fef580a65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
e8dff84862154570d440c489a9153801

SHA1
aa449c50356d0b4144a2ea0243bebaf2e8dd2685

SHA256
a903485a7f56ca60b890e4fa0061e72d4c482d2fa5de326aa915fa2395d40ee2

SHA512
bdcc056075cd18d37ac0868c1a6259b238fc7d1a5979ef1bfcf44ebbd10894d2abbe96d29f3036c692064d4f9f7d7e7b69003b35d820d70c7ccf13816a43b902

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
5314eddf3a893c88a4d39bf12e856215

SHA1
c4f657c63dbe46db5418381649bb2f8086eb9676

SHA256
7398526aa3d8b34b87a56aa2c58622ec8ddad9d7d53d85dfd403a501f6919b30

SHA512
603f36abc722a519b2f6a49adfcf20d87ddb843057108b7accb49874dc647819fc717270f0a60e3c0132de83203cd7db5f568724fa650b661e7798828e7aac80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
6KB

MD5
07c903816a1964c13d48b1c9299d8354

SHA1
d51e74fdf65637785f13f8a48ccb83db3eee1287

SHA256
909656e9a64cc42bd7501cd806d7b0a372978be545d3d57347cef1ac74f6648d

SHA512
d08673de4810b1242d7b88fd2e3fbcaeaf1e990280b66487258c117a2d7d32b301066adf8c4064f6a35f94027158e8fe10f8864cb34fa267f152be2d2db6e8f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
6KB

MD5
e95c635f76d54decac74e054fb93836e

SHA1
5abca70e2003925f7a5f08cfe63247714d916d15

SHA256
1e30fca7950cda92b46290909bafc6d005d6088c71ab2f14fde372e27b6d33e1

SHA512
89379f4de64f8cec740a911e5dd5d19172f4b615692482ed9c310165b404a9752b64f7548150a4f3bce496c22b3f37a2bb0b2abf5d5e93ab16b5e27b884e94fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
7KB

MD5
2b4e847a5d7710346a2e4a567326a88b

SHA1
2cdecfd7716a07332b1c6630e7b9431906b01b51

SHA256
bab2658ea8d87c33d357460bf2f5eaf23f9c3842e1e22d23445df59fd89a331c

SHA512
3a2818a4f4d7ce4e619d5a7aeb0f5f71c7d52ffe9850d13c36eabf4858360ed83b4d837da6b27aaba286b73a259c9440a79c1d65a3c363385d4a4bd6d410431a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
3c6556a2ea13e16eaf6441dd1cd044cd

SHA1
baeec5da9f19d583211bf5e273291936139d26d6

SHA256
726b68cecd3510d62bcf8119f44a5e15e969299242d985526041b549421b5e84

SHA512
a70e54d70fcf96306fec83d816ff4c32860ad9e68198b0984a264a1273845c4240bd42a44820c9dd12b3078aa5113c1904d8ff950ba4ff81671b80930440755d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
b766c4003166ed667298fba3c8d0b0b2

SHA1
be54ec3c9f60c0a2bda8094b859435b5b40178f1

SHA256
4802c5893e4f40b9cfa14f8e1e120d476d42bd50e9bfc5f5a50ca08cc2397f9f

SHA512
f0e672c3a12c0b33311ad5c83c1d6fee7105e9d4db86f6983e802d3165f92f323d64e61513359e95c29c7c69e8c533f808ed8d3f5a93dd2bd56cb35f875ef9e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
c19f4d2ca3d39fad1ed5c0ece378d0e2

SHA1
46888837af3abf16fda7102fd86cfe98b50bef42

SHA256
6019bfbdae0c70cb92d6837ebfaeebcdce652e560f754fae18c52678caddc1bc

SHA512
dc251a6cd2cc1938350a87c6aec7b6bd565164ea38d308757677f71f2a97cc4dba8efe75d9b2f47c016459405c914f069a1bac77a5aaa40d9752e454888711db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
10KB

MD5
cdb404a413a325f0bfc8edbb41acea06

SHA1
2251ed60f09c2087e1ce605bca80c12edbd840e8

SHA256
eea3f02863e13cf2f974815a2cf38d2501bdb8dde7ee7222f576365fa85aad09

SHA512
e130ab9de2d89d524a641d6c97b97d74719f00401574711625e34eb996235a85e1d4156d09680bbb3c7f1192b6b045148449d69a606fb4ac4abbe22f077b8362

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
068333800a8e3817a52e16d435b23516

SHA1
02f511e987b8ba6c113a9f4307406749edd9dc0e

SHA256
825109ad21a87621ade96a5abd89fcb01f3eed5f1737b21bbcab457796b7bf80

SHA512
0c99716315c4704d279bb5e57ed2fb566de6951f27baf18b1356397bb701a5f207536567db2b462c212da26175666ae68e1dd379bd19c7001b164e16d16b512b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
5KB

MD5
06c699aa0ac1f2ad7bd2a652bfa59b1c

SHA1
44298f95ba6fb2abba33a7b08a684a466aa7e90f

SHA256
407aa2e73c73317429faf48a5e027e513b828b264a2d45c95f76e6ae3aaa0dfb

SHA512
7b71a3b10ac9a5c51f630c2a396871eb1522d20a1384778ef23ecd0fec79ff7ca1d75e60ae9ceb18596e11f476e2d788ddca52da8fb01ee09fbd0e57efa99851

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
94d99959bf598f2a444bd0353273dd10

SHA1
e0bb863e6ffe76a80c67e64ad1b662041c755b06

SHA256
42ec931ad4b014fb59368f79abf39e24b6d82cd4a69deb48c4d2928817cf0347

SHA512
a7073a9b0d2f02afb6498cf4df3c827b45b66568d959b296f80888a4108491fad1ebd68868b180c19105255e7aa2266249bd2f6d59c82d721197e99f14bec296

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
8cbb3147dc03af75ac294dd0632a8462

SHA1
8c3fdeb6f6f2e0a422411ddb200e9ecc3048179a

SHA256
336ba3f125c40490689a64679719823885c94536a80a4c2d0980b5ce6beecb31

SHA512
84118edd3a9f692cdbc4dcf2a6b1c45c80703dce308dedb7c2653845ee1f96df0e08d603d7abcf9fc6746c34d978170cdcf2e00070031b184b79657d9b49708c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
11bb0c2f68a78c39c4bc9bb9a3e2548a

SHA1
a6261a16e87c08beb7a448318a072ddab0812b11

SHA256
99755f5b03d92ac65df612f61e617c4aac3c3acb126c78884730302a6d87432f

SHA512
689bac8565ca7cc3b92c494590dbe4eef3998843df6298affb451f2dd3afed74aa0cac7cb0ed9625cd8ecc2e7b9847f25d6f02db64149fbb09ff4bce6ef15812

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e888270750d988b087a402954dde9f27

SHA1
100bcdd8eb1b595f87f01cad9afb5cbedfa50752

SHA256
f4a09ae138a16184e86c3b613b254e74e3005a8ad8d39111bc27e7381790b3f3

SHA512
816a18f6befa8ad6fb303fd1a87fab7e386ce3619c3be89a45a0df92f42d048a7a69c4a3af2ff5ad15cc325fa81d4e4e56d33f382abd05c90407d6babb79b81c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
c308570cd4febfa677aadf7bc10a92ec

SHA1
89caecfa79444237ed2cd69abd6303fe164daa8a

SHA256
f113e850fe1e20cbe2046a04cb0a5f0fe9bbdc95a8b7aef233a26832a6b5a364

SHA512
17911fa8375f001ec3cc8ec5d4a9349706a1610f789c2522023d34b2ed2e151d81734aedef37b904f7b53919e901d0e27865307698b0b3cd000a600b0e73d50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2e9489ba9312d94cc9d231fa028d9835

SHA1
836b671ae44c002c604ee084822b5145029e27be

SHA256
b9dee9be3a2cc5df6159f7210967c3a6a855c0be06fbe0b8e4566f37f8d19816

SHA512
bfdd91e8ae671e620328e473e9a083f67897a9af41d82cf7bc7d920d3bcd6a60a3c780b20f68ac899e946d3ce03b32b27e81a8836a5ad4976a8b5690cf474c11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
117c414619f83f5dab5ae8e178545995

SHA1
caeadde83c573cf5423c40fa23dd93792656be51

SHA256
5a0b7d18e41763bbbedea2cc4222a9c46342101c70f6197251f2bb833b467fe3

SHA512
8c2c6cae3e28e59bfeec31cb167d5401e42dce563877ceef9109efcfaa994c3d1f82042af34aa5681e2ff5d514a24a7bab0cfaaa998ad98fc992729859b76c04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
081143ad44ac5750fd0d3cd235d4639a

SHA1
da102eb2496840ba9b4428b95fe2aee4eb5fa3ee

SHA256
f74c5322667102bd5202a129c468a854fc8e6fa985109c25a12b6871e1a3250c

SHA512
03d7958148f80a7c5ba397c1369fb6c8e22f0ebeb77df1519c2661edc0dbf5461412fde9e7c6542130bcd8b559c64fbf8255cad6178cb624cc9a120597178ee2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5928cf012e233fb4cb40e10b4cca4d41

SHA1
a9ebc70579a26d8f71b40bf6b230a5bce94c982e

SHA256
a3a3c759231ed006b397cbb223b90d42e60ee6bfb1195d37af457890946f1f2f

SHA512
3bb3c707f15c17bd04a57a466b5889fb243330705efb8366c87d2e180df8535542e317fb2e59eee85f077eaa469ffe3d5c53a72cb2f00e0303efce7198425778

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
028ff3d8b5384c5eb480de1626d1d031

SHA1
28bc90c94011740b3471489fdbe268af95b5cb52

SHA256
67c881839bd37eaa3f323a35de8625fe97b21403c2e5067fd0754e0a5fbd5982

SHA512
68a3d842b2b7fe4de390d18b8144a82d851e9be61c29846c7ed451c13def993e4b54e1a48504b2caf0002073a224d311c027a1c463c6a8c02c2aff0d1ce662a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ae1646740613d1ca1b092f44baa6af07

SHA1
0d4b088fb158d140d71be8cfc9ae0ecc9da29e0d

SHA256
469ba0552b5cde27ae1c5086e855551fbfc631e0ae732e2287e22cb77c188e98

SHA512
415ac9560bd8949f680d8963245bfe5e78138c876702030be0352499715fa5c61ccd4adc0f91b00b31137137c961a0570255fb9c6050e5b42749ff8beb99f392

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
839046da512daff18cb87264c2e33af0

SHA1
eb59183f5b0110aa4e38f33aadd30e52b9ec39f2

SHA256
4726f6c13572bd598f3a95acfc5cc5f1cc0e139c6560c96dd6991ff9cdfdb712

SHA512
aded2583dd6d00d4d943b66dc85935d376d94fcc77da432c0c030eb0c29a8082bed3d1dc3d8546fb01fe0353ead4e6a5ca74950f011a3c461dde1cd9e9da3422

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c4a9871ca7e14f6e2cbb80d918613481

SHA1
0d0c09a496171ad698845a930da5b4882bf8a2b9

SHA256
8f55609b7fc4aea4280c9d6887b0a5219e200b939ba12c8ee0ced4b413be382b

SHA512
22bb780d51f84f4de1077dd802ead58d02402f41c63110702c474c935ffcce0189419b8573218fb023940a47671e42f175045f2cd2f9836edc4de7ef4b0cf1b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
743c54c1eb8e6e63db8cd9e1376a98fe

SHA1
916c8b69a482f0a6e274bebe985cbbfb57a3b5e7

SHA256
53740db12377a24719f824241f19dcb0b9fd6f7d90157ab7ab818e5e023ad660

SHA512
d6a51ef9b1d983c4fa85e98c2e0ada217819dfdc4e356e8424f88d018c88a0968964876ccca38d005e700a39190d7149b0a9722dd0ae8a41ec560c5d3cbd63bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
608f0e9eb27d3c8acb4592b30b908432

SHA1
6462e9a4e86522216952e4403466cf571b57ceec

SHA256
4232e0aeb4b47cfaa0aa60a771c9438e1c9da3a3a34d14eddfd2da625e34b339

SHA512
477a45e89b2d5995edfdfd150efa5a6944bffbd087156c294bd99367be4b0bac76c16eaf0f55b7881be82a96cae3b5564c391032714ad5851c4d6f68f5474dcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
4bdbc37598a33dbbe1cae6c430769138

SHA1
8f667baada869617a39f68d849b77efd9ee5199e

SHA256
8f99dfe6890b1c1728e52fde7bcb00b11bf43aaf888bca8d25ac1fde3b93fa0e

SHA512
525b84abe6afba253ad1c3c4ec2ab3d28928600685a72b934d42ae2618a1217d1c6e6acf62eb11616cebe116841ccc6275fd114e85f23a6194d7d17dd4b5c435

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
ec23982b9df254d882ce96dbc59f0025

SHA1
52a17f520847cde886997ba7f8b5bdbd2516ec1e

SHA256
6d70ca5a9ecbce8da02b268464553e5fe90125ddd95e2a0ea8fba5180682969d

SHA512
129db5b5d77cd4da5e6782c5738897f03e4d080f3b26554ed74de8aa63c1b432cc0b18985ec99988f57ebe50f7ce4d7191ba4777c451dfb060a96fbe59766038

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1e551f77e9ba8e4e72070809d81a6ef7

SHA1
02a60a5f8c406cc1083629b267239e7a5e955d46

SHA256
48c4e44407894516c4d7264e4ff9fca0d500dc7479d24e9fdd39794931f719f0

SHA512
5143b0228e927de946a58b7b39b42df89d64c0b9fe5d7b640b3944674fb52e2045c91fe6a42f8083f5f011c28ead0e3ba9f49d1da8165afe611b4f3e01d8e354

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\xulstore.json.tmp

Filesize
214B

MD5
9d556b40bd70fa7f3ec4b1cab67491b0

SHA1
370f01ed578e2dfe68f66f9a0433a87743133793

SHA256
2b90d34a735d5a2e81b8a14b411d7be77ceadd83833a7bfc48896ca1513d4c9b

SHA512
ce805ac88d0f6924e723bc3f0d7e09436a487471923f65040f3dd296bfb9fada3e75498630800c21b9add96dc7ed8ff2588192a63ef7f591c0a3d6101e3d2a70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\xulstore.json.tmp

Filesize
138B

MD5
78c80def0173e588c323dab4cba515de

SHA1
c8223b02f993aee7109d95c4500936e58ae99335

SHA256
afa0cf6ecff1f4658bbfeb8d9e8297f0d95179a3d6ed7f859f93789bf5c05e20

SHA512
811c387dce8cffe7db151105debe0f1fe8dd2664e2d39afcc1506ed2da896221298e30d25065d88db9a3594de427a2cd6aae20add5c28a10ff82c19ed6957467

Download Submit
C:\Users\Admin\Desktop\Server.exe

Filesize
93KB

MD5
993c9fb295549c9277f6d944fa8550d9

SHA1
15e8a3f08c086726e3d7e16ac12685109560a9a6

SHA256
451ad96a4a080c5f610385dbdf6fb5be5ee93dbed77baf7b9d61c208db4bdbe1

SHA512
6580a1c2ed87ed6d3feb837acf36a2388558e13a8cae7a5cf3bd60bb42eeefcc50426691e9f1aaa6e9e8c2de9b4b815b7e52be0395e6518aff2bc67fdad8b3da

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
5.0MB

MD5
a21768190f3b9feae33aaef660cb7a83

SHA1
24780657328783ef50ae0964b23288e68841a421

SHA256
55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

SHA512
ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
1.6MB

MD5
67313d0dcd830acf14c2c4fd83517f42

SHA1
828301e24e1955654d65a890efeae6684a5e0783

SHA256
c47a2df75f2de5ebb64c27d8574f8062637973fd85e6e6bda5b284dbf39d3487

SHA512
57c8d59796692d60e91e1dc3fcccc8c6c25e0d6a918d15b38f791b29f01697b44e915d238cecb3dd52142d5eb82ed652f5dcc5b66325c563247c498dff38f7fa

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
2.1MB

MD5
d4d5e576ff238296ca07cd3052b3ac9d

SHA1
2f75521cdec5c6645c08284b8411e75f679591a4

SHA256
18c064b369cb9492808197a90e16b0fa11b97c54dfe807b01a1b6a2d5e0366f5

SHA512
43c1620bea2de33c7ecba0e52b3a37672b477b47006f345f1a616d9628c1fb0e5ddef0fd156f00170d0bc1ef5712e641c5962a49ea47a6e1389d5b45f76be43c

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
2.1MB

MD5
fd34ef6640e491b89a0a9a99eac9e7a2

SHA1
5e09b2b2ce4a4256450e0c45f29291c3ba3b4072

SHA256
dffe788c121a781b3c481f6ea4485a2c8f161d6513fbaab45751a07adbb5b3ef

SHA512
b94d4dea67b21f114477221ea44e2a23e971de52c02d061d05ff816b18b5e341464395849ed68328ee8e09597232579fb415accbfd747c7e402ed8098e214d79

Download Submit
C:\Users\Admin\Downloads\AnyDesk.exe

Filesize
2.0MB

MD5
d10066c48ffa596747240ca3d3b72f28

SHA1
d3707faf9298d4bd258ad98a508b27a5ee3060f2

SHA256
22df0c2f74a199d655f42209a80cdf6432b9fec33789948c98317570449fd884

SHA512
5dc52edeae554e4606aefbe21e4dc8d8cc8268f9f7ec236eb27b2dbde82c0fdca5d43d98ba5172c4ff2ae11cfd48a758d5228221bcab3e74b7ad068f6e3ac1d5

Download Submit
C:\Users\Admin\Downloads\rats_ez.g6RIaGDS.zip.part

Filesize
3KB

MD5
f530ba092a68f56a06647e3ee70924d2

SHA1
709e82420fc436e2948e3d5b31150b98887efc51

SHA256
58e04e67305e8d5e7c68f3cb98ac3bbe8a8e21d53eceac973668d3162e212040

SHA512
d0671e5c11a82efd5f8d3402b8303f46eb571319bf3be5433956ef26ce97f5a7e2f824663be83ed79b6bd3800f216663976f2bbea84c0a5ac1aba0f56f62b552

Download Submit
C:\Users\Admin\Downloads\rats_ez.w2-Z0Su1.zip.part

Filesize
2.4MB

MD5
dc43d0a81195e3327b72df02f1dc5b08

SHA1
c776a42590482754087fdf7d8ace5abb75a9df4c

SHA256
aa123cf6be189ef1d5c1b8b25239779acce6c6f5a05f102d3c34a065f9cb72eb

SHA512
75ff738b552b36d64638d7a5f9e48a148a3bda3c9e749a4ecc9b15339b64b9d3f4f4a74cbd4d9088e4c57853055cb8027bacda22da98642efc37ca2a120ef3ff

Download Submit
\??\pipe\crashpad_632_OEISMOXDXZWUTHLH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1284-370-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-366-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-388-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-333-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-332-0x00000000745B0000-0x0000000074B61000-memory.dmp

Filesize
5.7MB

Download
memory/1284-334-0x00000000745B0000-0x0000000074B61000-memory.dmp

Filesize
5.7MB

Download
memory/1284-335-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-336-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-347-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-351-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-365-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-358-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-348-0x00000000745B0000-0x0000000074B61000-memory.dmp

Filesize
5.7MB

Download
memory/1284-349-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/1284-384-0x0000000001360000-0x0000000001370000-memory.dmp

Filesize
64KB

Download
memory/3400-3826-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/3400-3093-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/3400-3087-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/3400-3365-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/3400-3527-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/3656-3106-0x0000000003B30000-0x0000000003B31000-memory.dmp

Filesize
4KB

Download
memory/3656-3088-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/3656-3526-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/3656-3367-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5320-3154-0x0000000005C10000-0x0000000005C11000-memory.dmp

Filesize
4KB

Download
memory/5320-3157-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5320-3131-0x0000000008100000-0x0000000008101000-memory.dmp

Filesize
4KB

Download
memory/5320-3148-0x0000000005B70000-0x0000000005B71000-memory.dmp

Filesize
4KB

Download
memory/5320-3150-0x0000000005BA0000-0x0000000005BA1000-memory.dmp

Filesize
4KB

Download
memory/5320-3149-0x0000000005BE0000-0x0000000005BE1000-memory.dmp

Filesize
4KB

Download
memory/5320-3132-0x0000000005B60000-0x0000000005B61000-memory.dmp

Filesize
4KB

Download
memory/5320-3107-0x0000000005B20000-0x0000000005B21000-memory.dmp

Filesize
4KB

Download
memory/5320-3185-0x0000000007270000-0x0000000007271000-memory.dmp

Filesize
4KB

Download
memory/5320-3180-0x0000000007230000-0x0000000007231000-memory.dmp

Filesize
4KB

Download
memory/5320-3075-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/5320-3072-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5320-3071-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5320-3198-0x0000000007260000-0x0000000007261000-memory.dmp

Filesize
4KB

Download
memory/5320-3187-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/5320-3199-0x0000000007280000-0x0000000007281000-memory.dmp

Filesize
4KB

Download
memory/5320-3200-0x00000000084C0000-0x00000000084C1000-memory.dmp

Filesize
4KB

Download
memory/5320-3201-0x00000000072B0000-0x00000000072B1000-memory.dmp

Filesize
4KB

Download
memory/5320-3186-0x0000000007210000-0x0000000007211000-memory.dmp

Filesize
4KB

Download
memory/5320-3179-0x0000000005BF0000-0x0000000005BF1000-memory.dmp

Filesize
4KB

Download
memory/5320-3160-0x0000000005C00000-0x0000000005C01000-memory.dmp

Filesize
4KB

Download
memory/5320-3156-0x0000000005BD0000-0x0000000005BD1000-memory.dmp

Filesize
4KB

Download
memory/5320-3155-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/5320-3206-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5320-3108-0x0000000005B30000-0x0000000005B31000-memory.dmp

Filesize
4KB

Download
memory/5320-3153-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/5320-3350-0x00000000072C0000-0x00000000072C1000-memory.dmp

Filesize
4KB

Download
memory/5320-3370-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5320-3182-0x0000000007250000-0x0000000007251000-memory.dmp

Filesize
4KB

Download
memory/5320-3181-0x0000000007240000-0x0000000007241000-memory.dmp

Filesize
4KB

Download
memory/5852-3869-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5852-3493-0x00000000022E0000-0x00000000022E1000-memory.dmp

Filesize
4KB

Download
memory/5852-3509-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/5852-3498-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/5852-3500-0x00000000059D0000-0x00000000059D1000-memory.dmp

Filesize
4KB

Download
memory/5852-3501-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5852-3502-0x0000000005A00000-0x0000000005A01000-memory.dmp

Filesize
4KB

Download
memory/5852-3617-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5852-3510-0x0000000005BA0000-0x0000000005BA1000-memory.dmp

Filesize
4KB

Download
memory/5852-3833-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5852-3503-0x0000000005A10000-0x0000000005A11000-memory.dmp

Filesize
4KB

Download
memory/5852-3491-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5852-3528-0x00000000002F0000-0x0000000001A27000-memory.dmp

Filesize
23.2MB

Download
memory/5852-3511-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/5852-3512-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/5852-3513-0x0000000005BD0000-0x0000000005BD1000-memory.dmp

Filesize
4KB

Download
memory/5852-3508-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/5852-3507-0x0000000005B70000-0x0000000005B71000-memory.dmp

Filesize
4KB

Download
memory/5852-3506-0x0000000005B60000-0x0000000005B61000-memory.dmp

Filesize
4KB

Download
memory/5852-3505-0x0000000005B50000-0x0000000005B51000-memory.dmp

Filesize
4KB

Download
memory/5852-3499-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/5852-3504-0x0000000005A20000-0x0000000005A21000-memory.dmp

Filesize
4KB

Download