Analysis Overview
SHA256
44351a40b74e96ac46873045badd2debe01b281bc3686375320c9daed1c768af
Threat Level: Shows suspicious behavior
The file Рахунок-Акт_№_5748259_від_01.06.2024_по_договору_№_Х2_1-2448,_ТОВАРИСТВО_З_ОБМЕЖЕНОЮ_ВІДПОВІДАЛЬНІСТЮ__ПЛАРІУМ_ЮКРЄЙН_.pdf was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
Detects Pyinstaller
Enumerates physical storage devices
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Suspicious use of FindShellTrayWindow
NTFS ADS
Suspicious use of SetWindowsHookEx
Gathers network information
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Delays execution with timeout.exe
Uses Task Scheduler COM API
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-06 13:55
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-06 13:55
Reported
2024-06-06 14:12
Platform
win10v2004-20240508-en
Max time kernel
932s
Max time network
853s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Asia\Samarkand | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Pacific\Chuuk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\platform\config\Modules\org-netbeans-modules-favorites.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\America\Eirunepe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Antarctica\Macquarie | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Asia\Omsk | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\pgAdmin.PNG | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\pl\LC_MESSAGES\glib20.mo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\ro\LC_MESSAGES\gst-plugins-bad-1.0.mo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Europe\Athens | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\if_export.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\jre\lib\ct.sym | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\platform\config\Modules\org-netbeans-modules-uihandler.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\America\Indiana\Knox | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\msgs\mk.msg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Etc\GMT+9 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\rr-full\plugins\direct.pl | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\solr-webapp\webapp\WEB-INF\lib\jackson-dataformat-smile-2.12.3.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\fd_dataSourceFilter.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\plaso\parsers\chrome_cache.yaml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\America\Moncton | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\America\Rosario | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Pacific\Fakaofo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\zmq.backend.cython.context.pyd | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Etc\Universal | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\rr\plugins\autopsyntusernetwork.pl | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\data_source_integrity_add_ds.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\linux_macos_install_scripts\add_macos_jna.sh | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\bin\gst-typefind-1.0.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\lib\gstreamer-1.0\gstdecklink.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\id\LC_MESSAGES\gst-plugins-ugly-1.0.mo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\plaso\parsers\winreg_plugins\mru.yaml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\content_viewer_context.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\platform\modules\ext\batik-xml-1.14.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\ja\LC_MESSAGES\gstreamer-1.0.mo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\modules\ext\commons-math3-3.6.1.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Europe\Bratislava | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Etc\GMT-12 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\solr\lib\jetty-security-11.0.15.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\solr-webapp\webapp\img\ico\block.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\portable_case_unpackage.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\platform\config\Modules\org-netbeans-modules-masterfs-windows.xml | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\CoreTestLibs\modules\ext\junit-4.13.2.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\modules\ext\pdfbox-tools-2.0.25.jar | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\America\St_Johns | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Egypt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Mexico\General | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Africa\Porto-Novo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\tzdata\Pacific\Easter | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\solr-webapp\webapp\img\ico\slash.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\personas_cvt_accounts.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\reports_case.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\jre\legal\jdk.internal.vm.compiler\LICENSE | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\nl\LC_MESSAGES\gst-plugins-base-1.0.mo | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Europe\Kaliningrad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\etc\security.properties | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\docs\tagging_image_one_tag.png | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\jre\bin\api-ms-win-crt-private-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\America\Goose_Bay | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\tcl\msgs\en_bw.msg | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Autopsy-4.21.0\autopsy\rr-full\plugins\null.pl | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e5d58b2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E12.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5E61.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI71CB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5d58b4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5d58b2.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5D74.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{2A4C0A28-0E75-421F-AB76-B872FCCBEB4C}\autopsy.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{2A4C0A28-0E75-421F-AB76-B872FCCBEB4C} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{2A4C0A28-0E75-421F-AB76-B872FCCBEB4C}\autopsy.exe | C:\Windows\system32\msiexec.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b7d72a8ac39dc2e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b7d72a8a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b7d72a8a000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db7d72a8a000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b7d72a8a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Gathers network information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NETSTAT.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D1A1DAA61C0451544B6DAEA561F7AF77\82A0C4A257E0F124BA678B27CFBCBEC4 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000adbc178a40a1da01d53ca08c40a1da016197d78d40a1da0114000000 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\82A0C4A257E0F124BA678B27CFBCBEC4\MainFeature | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\Version = "68485120" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\PackageCode = "A4E9A51DEB6C1974A8803DC304706DD0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\82A0C4A257E0F124BA678B27CFBCBEC4 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\ProductIcon = "C:\\Windows\\Installer\\{2A4C0A28-0E75-421F-AB76-B872FCCBEB4C}\\autopsy.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\ProductName = "Autopsy" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\SourceList\PackageName = "autopsy-4.21.0-64bit.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\82A0C4A257E0F124BA678B27CFBCBEC4\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\D1A1DAA61C0451544B6DAEA561F7AF77 | C:\Windows\system32\msiexec.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\autopsy-4.21.0-64bit.msi:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\System32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
| N/A | N/A | C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Рахунок-Акт_№_5748259_від_01.06.2024_по_договору_№_Х2_1-2448,_ТОВАР.pdf"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2351D21228181DCDA8C9BA61D85E8B46 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2EF37671CB5286130E8B99806574D796 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2EF37671CB5286130E8B99806574D796 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=44BA52CF10DC1B26D8CCC05E704BF4E0 --mojo-platform-channel-handle=2280 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2120F4C1AE18D441AD61C14320DAB279 --mojo-platform-channel-handle=2496 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A8E8F8646A058DF774D643A97BBF86A7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A8E8F8646A058DF774D643A97BBF86A7 --renderer-client-id=6 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AA5779713AF8B580730362FD0C7D45B3 --mojo-platform-channel-handle=2692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4124,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.0.205603629\1364296261" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20d71b38-d242-4aab-903a-d93d0dcf7e3c} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 1896 2411c1f0358 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.1.320852209\390918207" -parentBuildID 20230214051806 -prefsHandle 2452 -prefMapHandle 2448 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11fd6fad-002c-430e-9a5b-32a0f356f5a4} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 2464 2411048a258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.2.59490874\1677719749" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bf9f676-91c4-41cc-b50e-3132ad55d9a8} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 3132 2411f9efd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.3.1053473547\1056583224" -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e19b9a8-06fd-4580-9b3d-305bffb57c6c} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 4220 241225bcb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.4.417421345\1985183238" -childID 3 -isForBrowser -prefsHandle 5040 -prefMapHandle 4976 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0fa4fe1-e85f-4886-a051-4ce6ad55d24a} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 5060 24124976258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.5.1029535936\1769094673" -childID 4 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca00a459-fc78-4375-8d2f-4d3622a72a0d} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 5080 24124976558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.6.2081543461\1830468605" -childID 5 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92d9f361-3c34-4bfc-a5ef-9b269a64c62c} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 5424 24124977458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.7.401932288\1271512811" -parentBuildID 20230214051806 -prefsHandle 5764 -prefMapHandle 5812 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb41265e-ec8c-4560-8fef-dd709ed04999} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 5860 24125acc558 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.8.417756331\486453977" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {149865ab-51ff-4e07-86ac-525593bc38f7} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 5884 24125acc858 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.9.1337186209\1435053468" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 6136 -prefMapHandle 6132 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b57e9781-d3f5-49fa-8b71-1736cb0ab033} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 5764 24125acfb58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.10.1641794278\2136795190" -childID 6 -isForBrowser -prefsHandle 6160 -prefMapHandle 6156 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {330452bd-71ec-4e48-9830-4c21c465eaaa} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 6264 24125d95058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.11.1261101082\179117454" -childID 7 -isForBrowser -prefsHandle 6652 -prefMapHandle 6648 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35853b29-bd20-4621-9ff7-5e660bf3ed9e} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 6660 24126bcc258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.12.687922059\1048541887" -childID 8 -isForBrowser -prefsHandle 9832 -prefMapHandle 9836 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf8544f-82da-4dcd-bedb-45b32c8be40a} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 9824 24126836558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.13.690392161\962143559" -childID 9 -isForBrowser -prefsHandle 10716 -prefMapHandle 10712 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f50bfd19-ef42-459d-a1df-170ca714faff} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 6792 24126b06658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.14.1427824552\249568070" -childID 10 -isForBrowser -prefsHandle 10524 -prefMapHandle 10516 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc1b1969-23ff-4d7a-a9ea-a75c8cb7697e} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 10532 24127170558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3292.15.1449905771\128334592" -childID 11 -isForBrowser -prefsHandle 6260 -prefMapHandle 10468 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df73b15a-bec4-4a1c-bcbc-77f378801259} 3292 "\\.\pipe\gecko-crash-server-pipe.3292" 10292 24126d71758 tab
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\autopsy-4.21.0-64bit.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A063015C05DCAEF2825D55F2DC14ED84 C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 94C9A71E4A8A42206ADD3A33A1E8644D
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=12D718B7F757DB2BDA4D954258ABC2D8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=12D718B7F757DB2BDA4D954258ABC2D8 --renderer-client-id=10 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:1
C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe
"C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1704,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3168 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Autopsy-4.21.0\autopsy\solr\bin\autopsy-solr.cmd" start -p 23232"
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -version
C:\Windows\system32\findstr.exe
findstr /i "IBM J9"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Autopsy-4.21.0\jre\bin\java" -version 2>&1 | findstr "version""
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -version
C:\Windows\system32\findstr.exe
findstr "version"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netstat -aon | find "TCP " | find ":0 " | find ":23232 "
C:\Windows\system32\NETSTAT.EXE
netstat -aon
C:\Windows\system32\find.exe
find "TCP "
C:\Windows\system32\find.exe
find ":0 "
C:\Windows\system32\find.exe
find ":23232 "
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -server -version
C:\Windows\system32\findstr.exe
findstr /i /C:" C:\Users\Admin\AppData\Roaming\autopsy\var\log\solr " "C:\Users\Admin\AppData\Local\Temp\solr-pattern.txt"
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -server -Xmx2048m -Duser.timezone=UTC -XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch "-Xlog:gc*:file=\"C:\Users\Admin\AppData\Roaming\autopsy\var\log\solr\solr_gc.log\":time,uptime:filecount=9,filesize=20M" -Xss256k -Dbootstrap_confdir=../solr/configsets/AutopsyConfig/conf -Dcollection.configName=AutopsyConfig -Dsolr.default.confdir=../solr/configsets/AutopsyConfig/conf -Dsolr.log.dir="C:\Users\Admin\AppData\Roaming\autopsy\var\log\solr" -Dlog4j.configurationFile="file:///C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\resources\log4j2.xml" -DSTOP.PORT=8079 -DSTOP.KEY=jjk#09s -Dsolr.log.muteconsole -Dsolr.solr.home="C:\Users\Admin\AppData\Roaming\autopsy\solr" -Dsolr.install.dir="C:\Program Files\Autopsy-4.21.0\autopsy\solr" -Dsolr.default.confdir="C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\solr\configsets\_default\conf" -Djetty.host=0.0.0.0 -Djetty.port=23232 -Djetty.home="C:\Program Files\Autopsy-4.21.0\autopsy\solr\server" -Djava.io.tmpdir="C:\Users\Admin\AppData\Roaming\autopsy\var\log\solr\tmp" -jar start.jar --module=http ""
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -Dsolr.install.dir="C:\Program Files\Autopsy-4.21.0\autopsy\solr" -Dsolr.default.confdir="C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\solr\configsets\_default\conf" -Dlog4j.configurationFile="file:///C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\resources\log4j2-console.xml" -classpath "C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\solr-webapp\webapp\WEB-INF\lib\*;C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\lib\ext\*" org.apache.solr.util.SolrCLI status -maxWaitSecs 30 -solr http://localhost:23232/solr
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c chcp
C:\Windows\system32\chcp.com
chcp
C:\Windows\System32\Wbem\wmic.exe
"wmic" process where "name='java.exe' AND commandline LIKE '%-DSTOP.KEY=jjk#09s%start.jar%'" get ProcessID
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c ver
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c net use C:
C:\Windows\system32\net.exe
net use C:
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c net use D:
C:\Windows\system32\net.exe
net use D:
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c net use F:
C:\Windows\system32\net.exe
net use F:
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Autopsy\test_20240606_140511\Temp\Рахунок-Акт_№_5748259_від_01.06.2024_по_договору_№_Х2_1-2448,_ТОВАР.pdf"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=568174B1698F85DB324761CFEE460F54 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=568174B1698F85DB324761CFEE460F54 --renderer-client-id=12 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Autopsy-4.21.0\autopsy\solr\bin\autopsy-solr.cmd" stop -k jjk#09s -p 23232"
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -version
C:\Windows\system32\findstr.exe
findstr /i "IBM J9"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Program Files\Autopsy-4.21.0\jre\bin\java" -version 2>&1 | findstr "version""
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -version
C:\Windows\system32\findstr.exe
findstr "version"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netstat -nao | find "TCP " | find ":0 " | find ":23232 "
C:\Windows\system32\NETSTAT.EXE
netstat -nao
C:\Windows\system32\find.exe
find "TCP "
C:\Windows\system32\find.exe
find ":0 "
C:\Windows\system32\find.exe
find ":23232 "
C:\Program Files\Autopsy-4.21.0\jre\bin\java.exe
"C:\Program Files\Autopsy-4.21.0\jre\bin\java" -Djetty.home="C:\Program Files\Autopsy-4.21.0\autopsy\solr\server" -jar "C:\Program Files\Autopsy-4.21.0\autopsy\solr\server\start.jar" --module=http STOP.PORT=8079 STOP.KEY=jjk#09s --stop
C:\Windows\system32\timeout.exe
timeout /T 5
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c netstat -nao | find "TCP " | find ":0 " | find ":23232 "
C:\Windows\system32\NETSTAT.EXE
netstat -nao
C:\Windows\system32\find.exe
find "TCP "
C:\Windows\system32\find.exe
find ":0 "
C:\Windows\system32\find.exe
find ":23232 "
C:\Windows\System32\Wbem\wmic.exe
"wmic" process where "name='java.exe' AND commandline LIKE '%-DSTOP.KEY=jjk#09s%start.jar%'" get ProcessID
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 23.62.61.147:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.24.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| N/A | 127.0.0.1:49986 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 44.237.65.238:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 238.65.237.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49992 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.169.6:443 | static.doubleclick.net | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 172.217.169.6:443 | static.doubleclick.net | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 6.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.autopsy.com | udp |
| US | 141.193.213.10:443 | www.autopsy.com | tcp |
| US | 8.8.8.8:53 | wp.wpenginepowered.com | udp |
| US | 8.8.8.8:53 | wp.wpenginepowered.com | udp |
| US | 8.8.8.8:53 | 10.213.193.141.in-addr.arpa | udp |
| US | 141.193.213.10:443 | wp.wpenginepowered.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| US | 104.16.137.209:443 | js.hs-scripts.com | tcp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| GB | 142.250.180.10:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 104.17.223.152:443 | js.hsadspixel.net | tcp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hscollectedforms.net | udp |
| US | 104.17.223.152:443 | js.hsadspixel.net | tcp |
| GB | 216.58.201.110:443 | youtube-ui.l.google.com | udp |
| US | 104.16.111.254:443 | js.hscollectedforms.net | tcp |
| US | 8.8.8.8:53 | js.hsadspixel.net | udp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 172.64.153.27:443 | js.hs-banner.com | tcp |
| US | 104.16.111.254:443 | js.hscollectedforms.net | tcp |
| US | 104.16.77.142:443 | js.usemessages.com | tcp |
| US | 8.8.8.8:53 | js.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 104.16.118.116:443 | api.hubspot.com | tcp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.137.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.223.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.111.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.77.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.118.16.104.in-addr.arpa | udp |
| US | 2.17.251.40:443 | a1916.dscg2.akamai.net | tcp |
| US | 104.16.117.116:443 | api.hubspot.com | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 8.8.8.8:53 | forms.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 104.16.108.254:443 | forms.hscollectedforms.net | tcp |
| US | 104.16.108.254:443 | forms.hscollectedforms.net | tcp |
| US | 8.8.8.8:53 | forms.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 104.18.241.108:443 | api.hubapi.com | tcp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| US | 8.8.8.8:53 | forms.hscollectedforms.net | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 8.8.8.8:53 | api.hubapi.com | udp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | udp |
| US | 104.16.117.116:443 | cta-service-cms2.hubspot.com | tcp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| US | 8.8.8.8:53 | photos-ugc.l.googleusercontent.com | udp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| GB | 142.250.180.1:443 | yt3.ggpht.com | udp |
| GB | 172.217.169.6:443 | static.doubleclick.net | tcp |
| GB | 172.217.169.6:443 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | 116.117.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.160.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.108.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.241.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 142.250.187.206:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| GB | 172.217.169.46:443 | youtube-ui.l.google.com | tcp |
| GB | 142.250.178.10:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| GB | 142.250.187.206:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 104.18.80.204:443 | perf-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| GB | 172.217.169.46:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 104.18.80.204:443 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | track.hubspot.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | sleuthkit.org | udp |
| US | 8.8.8.8:53 | js.hsforms.net | udp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | udp |
| US | 104.18.141.119:443 | js.hsforms.net | tcp |
| US | 8.8.8.8:53 | js.hsforms.net | udp |
| US | 8.8.8.8:53 | js.hsforms.net | udp |
| US | 75.119.201.247:443 | sleuthkit.org | tcp |
| US | 8.8.8.8:53 | sleuthkit.org | udp |
| US | 8.8.8.8:53 | sleuthkit.org | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.80.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.141.18.104.in-addr.arpa | udp |
| US | 104.18.141.119:443 | js.hsforms.net | udp |
| US | 8.8.8.8:53 | forms.hsforms.com | udp |
| US | 104.18.80.204:443 | forms.hsforms.com | tcp |
| US | 8.8.8.8:53 | forms.hsforms.com | udp |
| US | 8.8.8.8:53 | forms.hsforms.com | udp |
| US | 75.119.201.247:443 | sleuthkit.org | tcp |
| US | 104.18.80.204:443 | forms.hsforms.com | udp |
| US | 8.8.8.8:53 | forms-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | forms-na1.hsforms.com | udp |
| US | 104.18.80.204:443 | forms-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | forms-na1.hsforms.com | udp |
| US | 104.18.80.204:443 | forms-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| FR | 23.200.86.251:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 251.86.200.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | files.acrobat.com | udp |
| US | 44.198.86.118:443 | files.acrobat.com | tcp |
| US | 8.8.8.8:53 | cloud.acrobat.com | udp |
| US | 3.233.142.19:443 | cloud.acrobat.com | tcp |
| US | 8.8.8.8:53 | 118.86.198.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.142.233.3.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | metadata.google.internal | udp |
| US | 75.119.201.247:80 | sleuthkit.org | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:23232 | tcp | |
| N/A | 127.0.0.1:23232 | tcp | |
| N/A | 127.0.0.1:23232 | tcp | |
| N/A | 127.0.0.1:23232 | tcp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| N/A | 127.0.0.1:23232 | tcp | |
| N/A | 127.0.0.1:23232 | tcp | |
| N/A | 127.0.0.1:8079 | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | b30d3becc8731792523d599d949e63f5 |
| SHA1 | 19350257e42d7aee17fb3bf139a9d3adb330fad4 |
| SHA256 | b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3 |
| SHA512 | 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 752a1f26b18748311b691c7d8fc20633 |
| SHA1 | c1f8e83eebc1cc1e9b88c773338eb09ff82ab862 |
| SHA256 | 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131 |
| SHA512 | a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5 |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 1580aec1d0f66829dce6ccef68934695 |
| SHA1 | 9d89dfa872528cc580f96c58a015a0af2bc3434d |
| SHA256 | ba365e77c092e3a229ad0b6da6614d7aca96a1a5efa3db4a82ffccdd0101c4a5 |
| SHA512 | dff76812bfae945749809158c1c9e4a5421c6a71fc428d6f69044bbfeebba2492a9a2dc4bdb397662fb2f7bee7135547ad89da162e7ac319c3f7d67932d5f881 |
memory/1440-123-0x000000000BDD0000-0x000000000C07B000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 728cb206b90ede8d1cddc0f955d5f385 |
| SHA1 | 8a2b7622e1efd815463ea09741c1e5056d424de4 |
| SHA256 | f9202df4376322c2840d1ffaf051ba56086232d3c835e4e6bccfcbc64ca28cdb |
| SHA512 | bc7102735b7faaeb1b41288292df1145b27eb58269646eb78f74debe5b53673ffdefa79d366a706ce0273da9e0fdeeb2fc08cb805a3ea3af4a3c12492932413d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js
| MD5 | b412e8e0338b9a474d0561a269b7f469 |
| SHA1 | 91f21cbed0907e70e69032e443a601c3a1ddf69d |
| SHA256 | 623ab19cbe1ae914d9d8a6df1948cb6dfe02cdb44db2f03899bd13376843188f |
| SHA512 | 883191a9075bd2f77ea964c2f675d60a60f8c15126cd0d75003d5ee49d20590ef21d83d447861500fb001058fc8c306da9460b13d4a92626b82063971e5d6fee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 52f7e941d6e29d232fc5c9335dcbe0e5 |
| SHA1 | e953cffd3592fa4566c60ad2ae9b647ccebf5c43 |
| SHA256 | 7924414403c470f74038d475c3734f8471743d8636bf84ab6f88e51b7ffed4cd |
| SHA512 | 4ef420d3b18fafc328b6307b380feeec333bccb6257b57beb3ccc0fd8b53b4dbd917eb9040f81197688b8d86b787483c2366d779c58a9ac1f6ad875d15f41d41 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cautopsy.com%29\idb\358272571LCo7g%sCD7a%t2a4bda5s.sqlite
| MD5 | 9725f8756993cf6298159a80d7899ff4 |
| SHA1 | 0431e762d6e7e291079e8d777da36313afb879d4 |
| SHA256 | baf0ee04b03b6ba66536aa44dc62d5d81a7740ff893bd988955a71a604083627 |
| SHA512 | 7d12e487e24f9735c109fa121b386563f41fb4b031db7cea8a89b8b876352eee5b3c5f8e849bb47cf7d2602296eb25806d5b0477a15d515bff08fa2e31e811c3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\doomed\2070
| MD5 | 53599ed7d2c8f74c733f4ffd2242686c |
| SHA1 | dfb5d5a2a903bba772f7e2f70e3ea0bc957ac1e7 |
| SHA256 | 631f5254cf72fb50843ec994d4c075e384cd25195e8bb7e9ce397f23aadb7b55 |
| SHA512 | edda9c4346df6227782983e0a892224d615905ff553802864800c08c2ac66d0c934ba0cda5123a37332ae35f40b18a6eb4a16ff69e95f713810a0c7e867fe380 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\1DCD060D91A612651706AE8FC96D842D60460D22
| MD5 | abf2119ffcc478db0dbca9fdf8e76790 |
| SHA1 | 76baeec7e7239960da03189c58eb09f65a09ce9b |
| SHA256 | 79eed2f8de914a7fbfeff133fa7a97c16ac393c287bf8b5437985f7f34228975 |
| SHA512 | 9a23547a479a83c232365fcf5017b7ea261134439d588255318ec76c6121e4f52834499b1c3037cce5e6106aedc42b9b513f73609da14d4cb328dd7d9d7aa49d |
C:\Users\Admin\Downloads\autopsy-4.iKPAMCo9.21.0-64bit.msi.part
| MD5 | 3e7f51febfd9a2e34fbb3db4dd539d4b |
| SHA1 | 2c778faecedf04a16515656d05d7bdc96fe8f30e |
| SHA256 | 3f2fba48e03b4c947bc14d12d8b9f65c7a8eedd61737aec803945b65e92a2838 |
| SHA512 | 2680ee49d63f63fff169fe2554c700916cc1a3225d72eae5b290f08a266ef31145415a7414dbc2a826a60e7130a5ab1e54f1ffea2021f6b09a5c338f8040d64e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8a7dbf69bfb7a7994f2674065c27fec6 |
| SHA1 | 5ecefe1c80c30c47f8a6fecc026b4f37dd551b1c |
| SHA256 | 2c0a5fca69f38286432599d45b2929c15f952fece28df10ff21f348b16d80c47 |
| SHA512 | d912f58b4ef20955ad5d48968c7b9b29312f7bf6a4a005a60e73e1c246ecd79955165bae9ae9574dd3167506f7b3a8bf00a0dfd11d564fcddca7d6f6f42bef3b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | 8378998365cc21f95d0a69d239eb9377 |
| SHA1 | 744e2d21ca058d0bf4742f3b8460922a001413db |
| SHA256 | b3d9e9d974cf3b2589b837b5a314b639efeb57173044b31815c7c1acbf908d7e |
| SHA512 | c22985390609884eeb111f7337f2547a082e5dd77babfd886b8ac4d4655451f278fc9e8723b34a29323a771251497376016d2aa2403f668adfe08e9763c266ea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f3b6101b75d4bd0c34d2924716d2faec |
| SHA1 | e583e10fae31eddf04bb4823ce22d60f6cf75d03 |
| SHA256 | af366c42c994437c91a84b6811c9b1e17cfd1559086da357483dc02364165c28 |
| SHA512 | c8d835b51e001243be93c01a8d578953659f6c71a7f2e499c3a66e8c6cfbcfc7c17c912e8af3a1a91af82259deb943f85868891e04f73263e92bf466cf63358b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | 376bf9b483a04aaceed9bb28b6ba9333 |
| SHA1 | d2fcbc5a38f6b191af9232de36cb29d18194216a |
| SHA256 | eade26f0ed5ab972acfe773567afff7365c94c9cb030acac15a81bb963b668a5 |
| SHA512 | 4f2dd373a692042e037462991f58e99ae038088452b94b5233ec7b861f3d8490f7d49ba0e5e667cb0dfbd3fa61227f65b547a8fe8cad6dcbb897cea94d093ec9 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
| MD5 | 708f5ce7543f4bb913fc3824353bb5ce |
| SHA1 | facd9c290d1910474c095f893690a8b9c1a9c7f4 |
| SHA256 | 0a2972510c8ba4ac914ae9924e70bad9dcc8c48c9b47f0ffab33eb6ec383e12a |
| SHA512 | b4b759fca0cc2d28cf18e51cd8ae6ed73a3303843d54c32d0e8b815d7b2690c0884040e97a34da6ed5a8c1f2c642ac3bcb4d9d92e9961ecb8f6c44414d3ccd13 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Local\Temp\MSI2C33.tmp
| MD5 | 317d2dfc6244a981ef100b8312f579a9 |
| SHA1 | e35dc1a7316c8bcba4cea481daf27b36ea3cc383 |
| SHA256 | dc3516c65036e305964105e11f6865e1d5a3b171d8d2f765fde18c8f36bf727c |
| SHA512 | d2e4182c88aebfc98b653edb902c74beac38694b7cb9fad13f78a814ffe2f8babd7c5244f59b865a2116dec8d58466a367199ad99f1bbc836210fa63f3d59c96 |
\??\Volume{8a2ad7b7-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{fc5513df-694e-4758-aa80-b32c651ad9f9}_OnDiskSnapshotProp
| MD5 | 134bc6573cd6f7ee9cb1503ff42d232d |
| SHA1 | be00f755d0fae2e79e038342778d340657d50b60 |
| SHA256 | 108fa00f3b9a1eca86f446fc324c9773aaa7fa75f599df42e2495b2f1de64327 |
| SHA512 | a647c449493c2d0a7cfc258e3534009124b8ed4043248915781989f77e4963f3e0f3be2be2e0315b2ab591e0c2c8fad614b9c1781b77230e58617ee28cee425f |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | c97d0f08482899c118c17425202b9766 |
| SHA1 | dd2562a891c0eb911c4de62c02a8472c71d72efe |
| SHA256 | 9b494c22d83328ee03efc4d039a8b9f8ae2f067d18d9415ff56dd242343eb573 |
| SHA512 | 9965926fc59b4a9b7dd47f0e1b88fcf4cce3982df01ac4d7795bd58120b6744bc92dd467e86ea83daf584c09a1ee7b749e3e19eb4cbb53346fe57fdf08832d40 |
memory/1440-3222-0x000000000B900000-0x000000000BA4D000-memory.dmp
C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\fr\LC_MESSAGES\glib20.mo
| MD5 | 914d78ee22c22e53676f05c25ef1fc5b |
| SHA1 | b7111482400b411bf3268b29773bb81c16f6701e |
| SHA256 | fa69c478cceff65b3728d4e33bddd0e1cdecb5c8643115ab75e69364d9919d0b |
| SHA512 | 7b1a017e99f807af0bb4e90eb3a2145cbb83c508ec7f5d2a8d164b95ca1d3f028234d9ab2b366b93e6f03f23ea93ddb19569d5d3c41fc1f505a9f44e8c61a4c5 |
C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\id\LC_MESSAGES\glib20.mo
| MD5 | d004f45d7002fc19fa7c041fd3715380 |
| SHA1 | 98dbb3dbfbcd030774424c132d5dca6d253647a8 |
| SHA256 | 1cfa8c942a4964e1ffc73058b58e8937675e1eecef22f53478b1fee428b30d47 |
| SHA512 | 7e0ebc08cd861886d059300f602ef3f3cb3a62371ec8e34417e453ace965a5de57a949d157120cea3f4695373f85be8189af1e29c174b49a0eb87ce1e7b6ed04 |
C:\Program Files\Autopsy-4.21.0\autopsy\gstreamer\1.0\x86_64\share\locale\ta\LC_MESSAGES\glib20.mo
| MD5 | 3c26bf67c50b0fb701b2f9fd4d932706 |
| SHA1 | b93b0cf8031e07ec41886fe8d4f0bd54d83810a9 |
| SHA256 | 292ad95287dc58eb45ab381b6b5a54a5ee864f4177b16721428e05a95dc9224e |
| SHA512 | f6527c66917fbc33e644539fe641c8e343c1875a2f494fdba62a77cc651faf6b16caa594d4dfe0324094dfdc0ebd7d6dff7cbf3395f460d7a30ccb0296b7593b |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\licenses\LICENSE.dfdatetime
| MD5 | 3b83ef96387f14655fc854ddc3c6bd57 |
| SHA1 | 2b8b815229aa8a61e483fb4ba0588b8b6c491890 |
| SHA256 | cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 |
| SHA512 | 98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\licenses\LICENSE.libewf
| MD5 | d3aa5e7e614a71f77168ef2d78dee29c |
| SHA1 | 313f0f1bc7b06919fd30e711c7994bd4e83dd30e |
| SHA256 | ff9ed2eae018d242c1f222c2a22c1dfb936ba053d92e11c3f6f88a4df025fced |
| SHA512 | 9dccf8f5d375b2efb87dc40086a1704625ec362cdec5d85b131ad4e7cb1a76803987a65ebf3c10ad99899d30b308165c7af4a25616e8359401f267ad6b148c32 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\psteal.exe
| MD5 | b7e726274c6f354149782937146e2836 |
| SHA1 | c14227e94e83f5b85aff1fb45c2715b1e5f596ad |
| SHA256 | da0f5167c6a21d704623c7fcc2e2a5d6afb9c368ba47e9457af09240fc3b17b1 |
| SHA512 | 4e44f51b00664e925cf15d23ce4bbb7acaa8626a75d96b75f95cf596c25d07a16476e1350252d9e4a5f91dcfa9a3ce48a780af69bb33295d91c3be071bdfa458 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Africa\Dakar
| MD5 | ea536f3401f1154cd0fbe55d60fb1919 |
| SHA1 | 2761dd20ffe255714f9005b59407db9bc75b5f08 |
| SHA256 | d5ded126df8f693ce1ff83e85aa4d44185c2bdef7da1f915b214f53deffdee47 |
| SHA512 | 57a60cbbf067bc6d41c359a0ea23aaad3325652a7fefb33dbf015de41d851afc182c1472f651b4f562fe8b42c74e6aabb45f2f8d3fc8d496a9c6b2050cbb7ca5 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Africa\Djibouti
| MD5 | 25b7a0eb842dcbbbcb5144542d3263bb |
| SHA1 | f4c36cebb3a7e69dde1a4af0775a40b0f1e0397f |
| SHA256 | f143bcb83b80bc1ad0bbb8ad736c852e62bbeb6b3134412bfa77684663ed222a |
| SHA512 | 3faf66286b864dfaecac12319802acb3a23e2de64ad71d91d53ec933ad80c21cd14070df2d098b28d4604280898836d6e890caa8b6a23bf532c0d36d6724c6d6 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Africa\Kigali
| MD5 | 6b109e5e08cf0d1f15c2809afe1da830 |
| SHA1 | 2f6afbdba37f364f0eca9ffe905d0abbcde401d3 |
| SHA256 | 3d7e6d17cabdaa1814a56dddec02687e1087bc3334fe920ad268a892bf080511 |
| SHA512 | f53d5fbba83c57e35976b14cf072b0257d22b155161f9592a64f1bd5fb0492dfbc26f665c0c544a469728573602ed13111a1d99caae311af29b68e1d051a7a6c |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Africa\Lagos
| MD5 | f880fe97beb11acafcf088263b83d1df |
| SHA1 | 6fa3682d860ca2a88e2ef1fd01e081138b945221 |
| SHA256 | e40c3386f3a5cd88a03c811fa30ecac34f31368f960ae79e4a90de295c5b1938 |
| SHA512 | d10fde671f390c57a0caac342c26ab9e3506367bd358337cce8c4d89decd8d120da2c95d74ca0766f5851bbae5b2b8e5c648185e9e417aabc3eecc7bce279414 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\America\Guadeloupe
| MD5 | 6a95f4e0602e0869a03a18a7501c6675 |
| SHA1 | 0fa20e8413a337c1d603389fb46484f1cfa5d71e |
| SHA256 | b2659c267f7555c0640505660234cbe0d7feead3a5e29f41272e28a1d7d18962 |
| SHA512 | 01e5216822bc00070c7728249ed4443b070f901f6337de4ee72b7f4b6623b2638be69f72e5eb0838ad3c78e70618f1c839e681928316305f9b0ab9922c039f51 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Etc\Greenwich
| MD5 | ad900f33830dc2a74a8f627fc0857683 |
| SHA1 | 0e94823baf3e5865c79f728bf51191bab399070c |
| SHA256 | d7b39879094135d13efd282937690b43f48bb53597ce3e78697f48dcceaeb3ec |
| SHA512 | 819a2e25d2fe633867989127fa374ad3efc733af375b9db669a3372e7883a2ee5965d557b852a09a71762562cb38947405891f2176d97e3fb45eaea9224761d3 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Europe\London
| MD5 | 0893552f7fa23c170ff0c8ce50280840 |
| SHA1 | ebbbd8852b59532ffdb5c32b1623afdfa8231780 |
| SHA256 | b14c486019e3cb259cf8235a0d6a4bc3ff6cfa726a165f1ea2df403c8ae31b86 |
| SHA512 | 461f6c4a14a723d7cde06235ec067899800db3f3729a9d7327fe2f75da8e9c9e2897f0eeaff3a732dd8aa078f34a798065628319ba25c15daef25f2ada29e1e1 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\Europe\Skopje
| MD5 | 5c54d192481fed74b0cc90352ed5de3d |
| SHA1 | 44797e1d8343743f9f77ee24527db98491c1609e |
| SHA256 | e957543623baaba84999b40188e7e0948471b75a8ff4f88abb267e773feb8e5c |
| SHA512 | ad52f04fadebbc8a44a5c16dbbb8b049420853e451538b61a8556b0b2c47937c3e11738852d9c71cb0eee1431bc9110f10a6d8b5cd8b6d3ebd46b45967c90c7f |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\PRC
| MD5 | c2b2749e486441161bf61d6fec4c97e5 |
| SHA1 | db79f6be81fab3de51442b36cc3cbf1b627385df |
| SHA256 | 953622bbd7eb9eba8c3b9e8cd5d5ec98cea6a085a9deb1c43e49e889a154d344 |
| SHA512 | 05d0bd34a102a3029f5e2a1e2e90ace79ce2af87e51f36962c89d662e2d495233b5d37abe857dfb7b3e1a85e69fb3c7e36f7b08225e55e7b95973e3f2d5a31d0 |
C:\Program Files\Autopsy-4.21.0\autopsy\plaso\plaso-20180818-amd64\pytz\zoneinfo\UTC
| MD5 | fe9ad2d5c4c79122a99b4d5ed44fda0e |
| SHA1 | d7948ef155843e0c7d055bdc3632877b49873864 |
| SHA256 | 3c71b358be81e13b1c24e199a119fd001dbcdb90edc7d44c2c7ae175321a0215 |
| SHA512 | 793bb4d4603a238b5f1c3dcb07e5f42179d40e8df775831cd466bff699444788894fa3e916e5da9de62502218df027b6f1b95ced8c2b05b96a07ea50f4c71cc9 |
C:\Program Files\Autopsy-4.21.0\autopsy\solr4\lib\ext\slf4j-api-1.7.36.jar
| MD5 | 872da51f5de7f3923da4de871d57fd85 |
| SHA1 | 6c62681a2f655b49963a5983b8b0950a6120ae14 |
| SHA256 | d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0 |
| SHA512 | f9b033fc019a44f98b16048da7e2b59edd4a6a527ba60e358f65ab88e0afae03a9340f1b3e8a543d49fa542290f499c5594259affa1ff3e6e7bf3b428d4c610b |
C:\Program Files\Autopsy-4.21.0\jre\legal\java.logging\COPYRIGHT
| MD5 | 4586c3797f538d41b7b2e30e8afebbc9 |
| SHA1 | 3419ebac878fa53a9f0ff1617045ddaafb43dce0 |
| SHA256 | 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018 |
| SHA512 | f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3 |
C:\Program Files\Autopsy-4.21.0\jre\legal\java.logging\LICENSE
| MD5 | 16989bab922811e28b64ac30449a5d05 |
| SHA1 | 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a |
| SHA256 | 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192 |
| SHA512 | 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\Autopsy-4.21.0\bin\autopsy64.exe
| MD5 | 206bab4cfa6d4360c50ad996f0a1555f |
| SHA1 | 6ac8ce495b870fa8341ec39a84df838b33822460 |
| SHA256 | ee790adfcf8436d7b128ddb43d6f6df1a8404df7612972b2bef7022b4f27bf69 |
| SHA512 | 5e38f57055aab79130a4cd4c141d28d9c59862fd6b6e238bd2b2569d23296cf2012a0b6a714c0ede6fc108daac927e5ea4bc50c5499c65992e7f739502fb05d3 |
C:\Config.Msi\e5d58b3.rbs
| MD5 | 78f705e2b473abde0eb0eab5875f4cc5 |
| SHA1 | fb3a8d6fab6bad11191f8a38fb1abb2b83744821 |
| SHA256 | fc45aa2d807a5247ee76da29123ded50c28b4e1d6eb7eee0274138abd157c9c2 |
| SHA512 | ab037c081b227c59195fd067da5dd6be4394cc01a673592a495c68ffc8eccda16861dafc2ebb28ab076ecdb0011068b197a2e11fa5a58407ba55104d64da5096 |
memory/1440-8583-0x0000000008DE0000-0x0000000008E4F000-memory.dmp
C:\Program Files\Autopsy-4.21.0\etc\autopsy.conf
| MD5 | 9fb4c436b9dcdca7bd051b146ae0f614 |
| SHA1 | 445bae7190be56387a97777fae9297545732ec71 |
| SHA256 | 5882413a1da59f3d8050c009362793c96a2cc707d903b3e794e176dc271e0698 |
| SHA512 | decbc620247f77c3631f762c2a520ce0a2d35d06050798d4b4c96b18dbbe0aff745fe1107bea2adef05daf836d579d931c4381c5f0f6abbdf126879501f013b4 |
C:\Program Files\Autopsy-4.21.0\etc\autopsy.clusters
| MD5 | a63b7001c60b705015b077af7ae08510 |
| SHA1 | bac71127e5398d33104679658269a57c6843effb |
| SHA256 | b3136437c638226bd2f0412ebade4618b3cee5a6df3af298f57c54aa9de2edc7 |
| SHA512 | 30f69e0736bfcfdf417c65604c3dbc81af22f56dfeae72d357ea2d410c79573eed236aa989756d2a4719bcfb04aafaf320d05c7fff2ef7f3ea529adb5f01072e |
C:\Users\Admin\AppData\Roaming\autopsy\etc\autopsy.conf
| MD5 | c2cb8ae924838df41784e20d738d66ee |
| SHA1 | b2614c80f2eb0b3b960854f8d4c8be02891b6ba6 |
| SHA256 | 912b04fdb630f5f62167b136f397da17adc63914e45f5d07d44c63d54d394a9d |
| SHA512 | bc83e67259f7f98287223565a685e2e745d85364231cb12bbdfc8f74949dfb4a479755adecfd8d15e4b32fefd660b45b0b766f5265a14a4c5a17df2c821610b4 |
C:\Program Files\Autopsy-4.21.0\platform\lib\nbexec64.dll
| MD5 | 57a6761d19c0abce284606533305ef84 |
| SHA1 | 030e2a78e3536965325764fda0e3ccf456877b61 |
| SHA256 | 4f2bd7ff4e40fb18dccef4a5d21d217e23af4a9db2d079f36c2bcca61535a2a4 |
| SHA512 | f395b3cc61717b5ffec08ab0bac59466f8efc6048774f4f8d36323e04ac86d7a7bf6e180fc8c24446decfb2fb78e036b0e19d3b24311da5a2109e2bdc119e46e |
C:\Program Files\Autopsy-4.21.0\jre\bin\server\jvm.dll
| MD5 | ea66102d0854d2c2478a005048340b74 |
| SHA1 | 6b2075c1c6389999fd7d30ffe1bf65892db93a75 |
| SHA256 | 10b75c4bc3d9b733652f9b761d950d184b2a0bb4ffd5350b5b47236b44be08db |
| SHA512 | 713b988c274dee776455425061d6de9c85ac9e74fb2cc34849a4396972a31e02294a9c7edee1313c4c2a31ce1cbf308a0f42dba9243befba8596f7eea2474ffd |
C:\Program Files\Autopsy-4.21.0\jre\bin\jimage.dll
| MD5 | 91078808871648430ba05cd1bebeab23 |
| SHA1 | c340dad3402c20f9cf74bc7a1f5fc81f1008879b |
| SHA256 | 669647452299085cf1d4c6a6aaf4e792792e0eefe034a98d44be6d4f0f765886 |
| SHA512 | 5e4dcf962428e7e72f7d1f3ff77e62aa4dcd624e412691cae21704c313c3024f726e54ea9b4022e19a2046c6df7d6545ae85bb00a51eeb67f0b9749a595ef721 |
C:\Program Files\Autopsy-4.21.0\jre\bin\java.dll
| MD5 | bd19a3738fcacd1e97d10c476a5ebc02 |
| SHA1 | e9379582f779ca7ee0c9f845adf1dc3fbe85498e |
| SHA256 | 62ffc7a48edadac928386008627586a6393a207d3a60a3b6b7cb371132d24ecc |
| SHA512 | 662130b2967a4b4e4f0b0ff89461ad57b7d2254da9fd07f91445d5aee4b913fd993cb1d87c87c064f5ff6efc95a04e950eab1f8fa232700eb4341b35f7f0b39f |
C:\Program Files\Autopsy-4.21.0\jre\bin\zip.dll
| MD5 | f16c5a2fe5b01acf8309bdc916bcdf90 |
| SHA1 | e9edd1583c845bcd2d92017da9fecbe2cf8a0f5d |
| SHA256 | d57d9204e1e5973b92708288f161307b82c12b373aa894f33bace9f42cb6c0d0 |
| SHA512 | 17360e28b5f390516bd5006070d512bbd67ced8725f11023f16ff4f50b807b9b40226ddc444a1083e319880041662d954c470dab0d164faf343444ef369f5592 |
C:\Program Files\Autopsy-4.21.0\jre\bin\jsvml.dll
| MD5 | 2f8c3114677807c37c8c3b1b26ed9234 |
| SHA1 | 716652c6943bbb4751b870cda2009edf3fa52b6e |
| SHA256 | c460d645282990af9b0aa3f33d8a397dc0f895646fca3a37329ea648cbba6f3f |
| SHA512 | 68cc05f61192ce80d2c77fe70f84379f2620fedd54d164854e4eb62cb6f686651eef4ac77597ba0e91f6f59260f9dfeb27eb8ba298d13cb9ef49d216a166de6d |
C:\Program Files\Autopsy-4.21.0\jre\bin\nio.dll
| MD5 | a56d9921fa5aa0c75652ff41f98c9311 |
| SHA1 | 317e30b7a3646f4a9b16177b3a66eb7d49dc2d34 |
| SHA256 | cdf0e159dc013b7ef799924a7107f96896fbd2efe0b0e6e6ed4a6032a5f2f77f |
| SHA512 | eb3d4d43930bb716792513c61a98dfa4a57206f4978d49c7026c38ab46cd99418144d85fde21632a6603c311c4e2907e6b66bbbb94d8ee1f84a9261575a3e6f1 |
C:\Program Files\Autopsy-4.21.0\platform\lib\boot.jar
| MD5 | 1fee4c2909f547300f0e0cca400e3358 |
| SHA1 | 4664ed505a45b098ed9a596ed359cfdf9642547a |
| SHA256 | d667d5c0d16c13d0f99332d0ed4eef88d7c470754d2646177c46a810003b32f5 |
| SHA512 | 41c4ea8ca678fc0b7f109fcbe52bc097ba10ce63272275c95b3c5201702b7e7d2c2d0ba4ff1537251150a90950c96f7ed64b953924711e1b0e51732763b343a9 |
C:\Program Files\Autopsy-4.21.0\jre\bin\net.dll
| MD5 | 2f8b82a62e9f8d81ab75cd5486c741eb |
| SHA1 | 3887a5286bb80ee65d2372ca3c153e6dc7388a19 |
| SHA256 | c3a54b42b1c119222f3d8d9dbef473a6287399c1266caf8ce8fa673366b9b88a |
| SHA512 | 071f582668bcaff4421fece9d5056f011d6c4dba0d47ac014e0de8315ffc58e09a5ddb51581df18b291b7f60bf1f3cab497117ae4badf97c24fe81074153e861 |
C:\Program Files\Autopsy-4.21.0\jre\conf\logging.properties
| MD5 | 0f00ec3e7a7767a4efeae1875fb5f3d4 |
| SHA1 | 167808418571e9209b952188ddab2f4e62920e68 |
| SHA256 | b62d2733ab99556b108a1951d894c5a8d76b1ac7a00c02c388f9eb9be046c56f |
| SHA512 | e869f4a3b821a9933796dc9a56ee00483493369dfbfe07b3b1d895cb8318c6821cd44134eb37513f15b830c25861b596646824ed56672d08b678fefe6a4c7504 |
C:\Program Files\Autopsy-4.21.0\platform\lib\org-openide-util-lookup.jar
| MD5 | 2fe9008bd835b2f5f303bbd854a12814 |
| SHA1 | 46431c7467f39bc8239930f68ce47787f76939ae |
| SHA256 | 7f555c62404f0f841394fd60c88d25578061a17f31cbf1f0145e129051325096 |
| SHA512 | bc08745b72d3fbaa829c461586785b5604b400c35c785badc46c9d1a26598ad090fd6cf4691b14a61619b02daa1a7fc312db9c17457c381370a5fb5d7d981e83 |
C:\Program Files\Autopsy-4.21.0\platform\lib\org-openide-util.jar
| MD5 | 1e748c74679dc24e68bd70622808366f |
| SHA1 | 145ebe3523b0d7c976b7d1e447f60a0f9b75b6f6 |
| SHA256 | f4f605bd9785f7ec8d6d8dd54c91104fab31b1118ca8cef89ddf85ceafc6eba0 |
| SHA512 | c83932d88c4f23b748bea4fafc526664e9e5d47cda25af5598289e057c6930f4573b7a4e2e9fc76bf29172e71275e673d479c9284db2f506e8b5f7516b09c7fa |
C:\Program Files\Autopsy-4.21.0\platform\core\core.jar
| MD5 | 2594e6c00fa8f3884fe64d2184fe2ee3 |
| SHA1 | 5fbb1f6b3268c2d0a4debc20c8906fb0b20fe013 |
| SHA256 | 9d9091bb7977771bfadf92fee7cdf7d5dbdae76225f396dbddeccaac07164169 |
| SHA512 | 9f38a3d053a056f32ce79679b16e569f713ae0b1aed275da80cc89cd4e26cbfeff9785a9fc821db82287dbfabb5409c7220cb7af84e672f6a2de16926c4cbe47 |
C:\Program Files\Autopsy-4.21.0\autopsy\core\locale\core_autopsy.jar
| MD5 | 207a56c785e5bb8b7ba08919e3ae43f3 |
| SHA1 | 9fe9eddcdab3f7bade7e43882226add1046e0601 |
| SHA256 | 6dd6aebefac0177cf90b4c2d8b7e7ca9847c5b97c5b486b37e67582400b683a9 |
| SHA512 | 6b630daba8ebd14e097147677b1c8a7558a0b8ae1aa10ffe0fc731e1b2c398905623ea6a92eb31811a53ba53a553a68c2d4060899724826f4edec185c5786c88 |
C:\Program Files\Autopsy-4.21.0\platform\core\org-openide-filesystems.jar
| MD5 | cfafdefef7180cfd2aefd1c15b3a9f64 |
| SHA1 | 3a9a4981531246ada42802672584229e87f19f07 |
| SHA256 | 04d3f807a597533d24ae55b3f5646357c6247f5bfc2f324332135fcadd75cf9c |
| SHA512 | 97bdd073449e5265c7389c78dd686a5502ae88c4801a6ac74e2235d31defde3bfb0b230fc12890dfdbb2d9310ff9f1e5835305e32fbe624674e776c03cde8cbf |
C:\Program Files\Autopsy-4.21.0\platform\core\org-openide-filesystems-compat8.jar
| MD5 | 2102805eb3f24e5c73492856c199dbc1 |
| SHA1 | 401ef08fbd7a23b037758ce6e2cc1e2204cf017d |
| SHA256 | 868e3f1c002ab8b1e6b8522bb3a35fad019baedb660c253e24cc2b3c8bcaf4a6 |
| SHA512 | cb56c921a0b4fb5a59921a38607fdad373c88973fc8a73d1fd8068666bfe44c2f6fd8b1cc92a4571042d2654de5f5f0480727a0f6a776977d1e76d149b5237dd |
C:\Program Files\Autopsy-4.21.0\jre\bin\verify.dll
| MD5 | bfd8b59f2c168920cf00fe1c326f7d4d |
| SHA1 | 69b09cc0fbc8f231fe389b337e0a72a53b44fd89 |
| SHA256 | 3f368d429a48c254bbfc9223de4d66d2f3cdf7f7f5714e95cfc52f2f876dea06 |
| SHA512 | 41e868504601ba914ab1abdae91b08c4138015c27dcfeef07369c08ffb0350f4d6ed6171dd4ae1daecc6706746efc04ee5e6a97540a5ccf9810b16d52097ed84 |
C:\Program Files\Autopsy-4.21.0\platform\core\org-netbeans-libs-asm.jar
| MD5 | 099510686a56eaeccaee49cd8e75053f |
| SHA1 | c2ef76b5b00f577d2814fe8d2a704717564bfd93 |
| SHA256 | dbe5f377bdc7d089bf32bf540eb5c6b3ca2fada8fe17f9943bb6819bbc7202b2 |
| SHA512 | 47a57c55ca4f0b1003ae1a429ad45055c71a7a6e977ca26dbb0c3aee27595fb9dd5ae312aaead409455d837fece4f969b3dd416b63f64a33a15af15259b598f5 |
C:\Program Files\Autopsy-4.21.0\platform\core\core-base.jar
| MD5 | 0720eb4b155fa978809090cc9b539e96 |
| SHA1 | 303673e949eabaa19ae20e8cca14a94a99287ee4 |
| SHA256 | 6356989c0aab619c9f0db38dbcbc5f3a1071b4606c0be8c9c9a2b4b1b50b77ea |
| SHA512 | f73139e7c48150c4bb2b648c258df9aa8751d149cb40539c10931339d4ee6d2819a80abe9ffe5f65b3bfa9c30aa4900068b2c8cb9c138ffc3ef8bb9f60539c39 |
C:\Program Files\Autopsy-4.21.0\autopsy\.lastModified
| MD5 | 81051bcc2cf1bedf378224b0a93e2877 |
| SHA1 | ba8ab5a0280b953aa97435ff8946cbcbb2755a27 |
| SHA256 | 7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6 |
| SHA512 | 1b302a2f1e624a5fb5ad94ddc4e5f8bfd74d26fa37512d0e5face303d8c40eee0d0ffa3649f5da43f439914d128166cb6c4774a7caa3b174d7535451eb697b5d |
C:\Program Files\Autopsy-4.21.0\platform\core\asm-tree-9.3.jar
| MD5 | f087bfb911ff93957e44860de3e73c46 |
| SHA1 | 78d2ecd61318b5a58cd04fb237636c0e86b77d97 |
| SHA256 | ae629c2609f39681ef8d140a42a23800464a94f2d23e36d8f25cd10d5e4caff4 |
| SHA512 | 666318e09f4ae02652a64ce2ddd4dd51275a1917108061155aa8d1d9956e9d54bc259d0586ed7cd745c6ac00ab54fbfdd577f6ce915a158fc2eef373d65d445c |
C:\Program Files\Autopsy-4.21.0\platform\core\asm-commons-9.3.jar
| MD5 | 16e6ac17d33ad97baa415c42e9d93d38 |
| SHA1 | 1f2a432d1212f5c352ae607d7b61dcae20c20af5 |
| SHA256 | a347c24732db2aead106b6e5996a015b06a3ef86e790a4f75b61761f0d2f7f39 |
| SHA512 | 0bd9c61553808b8a12822f009ea5622918033a9fa8cb6e3ef319bbff08dda00cf439b5653f25d8f3362f02166530a0eabe2664f1169bcd63e2ed93a603c13874 |
C:\Program Files\Autopsy-4.21.0\jre\conf\net.properties
| MD5 | 385443b7e4a37bc277c018cd1d336d49 |
| SHA1 | b2c0dfb00bf699e817bdd49b14bc24b8d3282c65 |
| SHA256 | 5bc726671936e0af4fdf6bed67d9e3a20a92c30b0ba23673d0314baa5e3ffb08 |
| SHA512 | 260afc7671a1dc0c443564f1d10386f0b241bb53c76df68d8d03f1d0b1ceaf3f68847ab3477732c876c2b01c812ef7521744befe88e312f3aa63164b608b67a1 |
C:\Program Files\Autopsy-4.21.0\platform\core\asm-9.3.jar
| MD5 | e1c3b96035117ab516ffe0de9bd696e0 |
| SHA1 | 8e6300ef51c1d801a7ed62d07cd221aca3a90640 |
| SHA256 | 1263369b59e29c943918de11d6d6152e2ec6085ce63e5710516f8c67d368e4bc |
| SHA512 | 04362f50a2b66934c2635196bf8e6bd2adbe4435f312d1d97f4733c911e070f5693941a70f586928437043d01d58994325e63744e71886ae53a62c824927a4d4 |
C:\Program Files\Autopsy-4.21.0\jre\bin\awt.dll
| MD5 | fd9d949fe0a3375be676f828b6d39bd2 |
| SHA1 | f9993e0472ea62753de9ea875b4123f623c79455 |
| SHA256 | 94d8438345a09adac1c4a43b0e86149480ab7dc49051f94c7e796446de8ddb87 |
| SHA512 | 481fe5b9a27a2a9c6584f45f6639f294a2a02a1c402190f50338163327ae5589c2d7f413ca603473403020cf14df026bdab87b31b6c02a25d27f185bd2d44c65 |
C:\Program Files\Autopsy-4.21.0\jre\bin\msvcp140.dll
| MD5 | bf78c15068d6671693dfcdfa5770d705 |
| SHA1 | 4418c03c3161706a4349dfe3f97278e7a5d8962a |
| SHA256 | a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb |
| SHA512 | 5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372 |
C:\Program Files\Autopsy-4.21.0\platform\lib\org-openide-util-ui.jar
| MD5 | 1c3ffc9de77cd29763c2394ba30e9489 |
| SHA1 | 3dc781ddc17794328222cfd6d3405864e5671fbb |
| SHA256 | f7bee77e33be8a6916bbbfe2b94bdc832b110da982f88449aa88baefdddc61c7 |
| SHA512 | e1bb0fd6362389f4039d210ff7f516f7d405e509bc585d43e51b2763b3906a3c94b1251c826538505478b53853e61757457c0b231b0fc60c14b95248ecc6dea5 |
C:\Program Files\Autopsy-4.21.0\platform\lib\org-openide-modules.jar
| MD5 | e4e8f595806e4724e807dc24126f84a4 |
| SHA1 | 26cfdcf3483979dc532e50f85aff88ea4861f606 |
| SHA256 | 4ee260355ddc1aa93de34cf9ff6c2a2329085790e2126ac892d30d5b93f0f002 |
| SHA512 | 1a0560fd0b76ab4a0f1d47818875c04228984925bb4312d877f6dba44035e00fcf04f233caa1db8911d832d60f515b5965dda70d19c12e8c6ef9271cdf4c355c |
C:\Program Files\Autopsy-4.21.0\jre\lib\tzmappings
| MD5 | b02ee240a8db902961fe886a19beba16 |
| SHA1 | c52c42d591f4c650b629e6b374e967e211fb5aeb |
| SHA256 | 36dc51c4bf787f640a4b45cbb84ab6954f6e595cbd3617c2f5a4e1e607b38bff |
| SHA512 | 024811961511b7182860ed03a5670f82412a45d005a1db0876f6b0c9af7e96c104566abff0ebbded11a780349444214291f439039d20fb92071c7dd24bda0e23 |
C:\Program Files\Autopsy-4.21.0\jre\conf\security\java.security
| MD5 | 9de4139494e2c62f18b76e5df12e2dff |
| SHA1 | 9f3b4e00dc585f09b098247463f0165ee3f34740 |
| SHA256 | d3869371d15a199e17e227a45b95e6b78b69fce329dba03c4a2a42cd3efff20b |
| SHA512 | d4d150b28a2154c5c4474cf0289b66cd0dcdeccbc0cb943b98411efefb76af61211dc528820b753ffefe3a6d5a7272dd6f27e78e93bce776d258a571c0e7a90c |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna5882915219919032381.dll
| MD5 | 34d12b1e2af72d9bb267bbc8c0d53e4a |
| SHA1 | d9ed8776645f6b4f52df16132450863c47ea92d7 |
| SHA256 | 13b2cac3f50368ab97fa2e3b0d0d2cb612f68449d5bbd6de187fc85ee4469d03 |
| SHA512 | c0a063477cf63a8b647ea721842968b506d70ea22c586a412707d7293b46c218b6a510f34b7dbedd3ed29a9d4b5dc5c6a1995403d65884b17348a9545e580a10 |
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna17357335816786576145.dll
| MD5 | cfebe457d00a97c2c5f8930bdbaae1f0 |
| SHA1 | 526e95d2afde5ef07dd0aca671261dfbc7fcfa17 |
| SHA256 | cf8e552ee05cb0e872797ecffe0f9d3dc67e513748f3cd957f79e0f2f3d66ac2 |
| SHA512 | fbded4dc03011e58219f622e724c0737475ce95a1a3619ca5e68babe5b734afc664523e93f96047e20d4d82411ccace0bac42f1dc77a2da2f94886ba04fab8a0 |
C:\Users\Admin\.openjfx\cache\17.0.7\vcruntime140_1.dll
| MD5 | fcda37abd3d9e9d8170cd1cd15bf9d3f |
| SHA1 | b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2 |
| SHA256 | 0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6 |
| SHA512 | de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257 |
memory/2224-9091-0x0000000000090000-0x00000000000CD000-memory.dmp
memory/2224-9092-0x0000000068DC0000-0x0000000068E00000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 25a694739f3d2805dff65edc3a627403 |
| SHA1 | d990a8a86ed8d4b914fe6e7696835f37f55b96d7 |
| SHA256 | 860c2af48f9e017b9682ab4f34f32f8c2af201bd12e07c561ae0cff5a4241680 |
| SHA512 | 62bcafc023fbc09d63be5e8ab52d40a25adc933a16febc57dce55815e8ac7eb52559cea181b9fc0a9824830b66cb7277eb3da54233dcf12a0ef065349971dce4 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0df45895eabfa9829a0c692812bf919b |
| SHA1 | fb18db968eda09bb1c18913ab45800fd691b2838 |
| SHA256 | 632c65b12f29dbe905bc7a779d7a1bc1bfc8b80f7da1effaa011842e08e9a66b |
| SHA512 | ddfc68b6eea77403b979209d422d5c1906abd2834937d0a773cde14bcc2820bc1d2a1db7966cd11a00d8e291bbbedf9517cd8fdc4d46beb6deed2c017d8969d3 |
C:\Users\Admin\AppData\Roaming\autopsy\config\ModuleConfig\CentralRepository\CentralRepository.properties
| MD5 | 548e14025bb99c176001f6835baf7615 |
| SHA1 | 3fd5840f6704836e7a4b9a15f2b3e2fc94df16b7 |
| SHA256 | 47cbf4001e025ebbfaac6160fb1b8bae590fe0d724f5b899a2f3e15dbb282839 |
| SHA512 | 4dec5b75bd2502dfb82e544c97d8210fef74243417784c216766d4962074490c0ebfb1d7405dd635de656d1a099f4efaea35394a30042570d3e0c973ba5e4790 |
C:\Users\Admin\AppData\Local\Temp\sqlite-3.42.0.0-8630f1ed-be1c-45d3-a2d7-25e47bdefccc-sqlitejdbc.dll
| MD5 | 16d165c26c43d841b5ec73d8e0d6fc9d |
| SHA1 | 2673a2ed3c7e269abf2b3203cc5bcbb52031f93e |
| SHA256 | 451e319b14cf9b35b99cca2d245e50e97205b7dcabeeccd8fec6bb54c8a2e84c |
| SHA512 | 694d5261d09a03e1967d41cba5f36a855a0fb9e4684b918ee35d62af9ff671635590f07f1a709de17b7672f2939cdd78f0c0e6c683e90762dbf9e12283c45686 |
C:\Users\Admin\AppData\Roaming\autopsy\config\AutoIngest.properties
| MD5 | 2035c4f46cae8a8f99397d7e50cae88b |
| SHA1 | 3a8af80574ab1725bec787e75a7e4ff769e47c8b |
| SHA256 | a6c03fee5791105f115090162004c582cbdac37703a3336590f2a74f62ba4a05 |
| SHA512 | 3c64387bcfb3575e0ab7859331630b728fef87d7229331f9740bed6377099a4f615320bc5c9d09c478e6f15d62283b04e69ceef5dbff5c7d9b7180082118aeb4 |
C:\Users\Admin\AppData\Roaming\autopsy\config\ModuleConfig\CentralRepository\CentralRepository.properties
| MD5 | 5a1d7b06cdb02765f77290967ae810cb |
| SHA1 | accea9423d89a5b84d456ffa3234d9dcb68bf426 |
| SHA256 | 50195062488bea2bef1a614a767cbeae180b2c4c665a9fb6136adfd34ad0b732 |
| SHA512 | 165ea5f7b4a5aac1ae73edc1b598394f0ab3236b333f95d2ff935ba7295fbfb78644c8c4cc829c3e9163033be9ba38b7439a8193a948de74e47be76c98b4754c |
C:\Users\Admin\AppData\Roaming\autopsy\config\ModuleConfig\CentralRepository\LocalDatabase\central_repository.db
| MD5 | 105c7427f543efde37dbc07e9cb6d5fd |
| SHA1 | 12d407ed2c2e5e980d2a2440c9d5f1e96b7f1f73 |
| SHA256 | 278e3e639af0ed304b8ab868919e772618e52254ad96b2c295881ecc83aaa00b |
| SHA512 | 45901d194186971f950356240550916a194ad5568e543294d8bb9996b8181acb7c75a7e7d0ddfbe7e4a74c2a6fe05a5ce13e72ce623cc9f55976dee70b8a02f9 |
C:\Users\Admin\AppData\Roaming\autopsy\config\KeywordSearch_Options.properties
| MD5 | 9c453010ccf01552f94869ef0b9696fc |
| SHA1 | 17931039d8722270b64d3c9888a7362fe03b0ec1 |
| SHA256 | 816faf29477c0c1686f8be082a822bd1a980a4c4a12f63eb0002a3ed19c50b2f |
| SHA512 | 4648aeeb89fd8238d1119d8a957d1f61b3c45acd2712431a4606a1dc4370b25bb94b9fd201eb9d08f0d2c3b4ef3986c6d6789a1e8647a24ec1061121fdbe594d |
C:\Users\Admin\AppData\Roaming\autopsy\config\KeywordSearch.properties
| MD5 | bea6984c3c14a39793124d911daec82e |
| SHA1 | f5d8e9ffb4a476479b48dd4c0843508b829bc37e |
| SHA256 | d2cf2f3eb78bcd3b1a93b1404d60cdf7531033bf54d03b402004d59702888234 |
| SHA512 | 10a01c5ead19ac6e493435adf10c321603c91b62eefb6f17b21890c8804216265c56460a061e1e76961b7d8bd30207a2ea1cd2f825f24dbdba6c0b84acc64130 |
C:\Users\Admin\AppData\Roaming\autopsy\config\KeywordSearch_NSRL.properties
| MD5 | c831aa1538d4f8cf06fd981cda840b81 |
| SHA1 | a2ea85c9c2c140443b97be5b780884044714ff29 |
| SHA256 | a9d7cd3ff1206a5ba285c5f4b742f51746edea4b4a6aa17f605d8d460b3a6e42 |
| SHA512 | 0fa10552586e292e374cb76a5216b6f29a8ae91c76f7020cfa735fe48251d64118c6262591f63c20923b1331cc34c694b9802499eef43a52e3c1ea0c76f40681 |
C:\Users\Admin\AppData\Roaming\autopsy\config\GoogleTranslate.properties
| MD5 | 796ede5a792bdd5b925df9945e6bbfe0 |
| SHA1 | af84f5ed19a1f69c431b4888efb7ea0fb22aee18 |
| SHA256 | de249227b10d550f3524cf0dfcc1d527b5c6ae14ebe2651259f3d9c00ed39ff5 |
| SHA512 | cade536048b48258787525d3fff3d6e13249b751d76037f375c49bce55d75ae14abec4afe149cb35b0885b5fc56cc5f96bffba5d89fcfa9d1ad5c93e5a8291d4 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Preferences\org\netbeans\modules\autoupdate.properties
| MD5 | e3016d31f61b449b75cbb16a941423a4 |
| SHA1 | b9a15fef2d57f2509eb5d8d5982c8c84cdc4f261 |
| SHA256 | b17044a68044fd08e4d19813e04d70217c630473855f2d41644f1c9840dd004e |
| SHA512 | d92eb76b098dca2b4c4077c098a83c97f29a717f25524754ffead917e5ef68fe56416513a023505de8564f6bbdcfba09b44d6bdc7edad3fd913843fd975ae526 |
C:\Users\Admin\AppData\Roaming\autopsy\config\BingTranslate.properties
| MD5 | db2546ba2737ef6d3c5c34abba8e5906 |
| SHA1 | 4f9f9c22abc1cfdc30c04bac6fbed0b8c6e65f44 |
| SHA256 | 985c9e9654e83bf1b399c76eb4355ea1aa0456b6ec3396422f4af4c16e46b72a |
| SHA512 | 704f6f84f68226e39f7eec487d875d3904b433759bb4b22d120a0891deae304f4c8279248e8c0963e5ce4e2277d834d0cbbc2f34656f3ff492170340a3840b47 |
C:\Users\Admin\AppData\Roaming\autopsy\config\KeywordSearch_Scripts.properties
| MD5 | 8545f9dccba284848ecbb7e44deef51d |
| SHA1 | 0f717bd9929a28e23578c07d1849c7fb302cd6c7 |
| SHA256 | 4d03bcd7b41640c95d8b7bc276b48ded613314d14ef3a9257fac2918d8fad0e6 |
| SHA512 | 3407f099b6fceb160922bb190750a5bca8aeeea05f939e4fc8ef8758597d83ebf2cb4feeff2c22bae26db3a72d797aea8d2e82a0cc5127458918f268b5ba2d06 |
C:\Users\Admin\AppData\Roaming\autopsy\var\log\solr.log.stdout
| MD5 | bbe118c74e1618d11340a5afc01309b5 |
| SHA1 | 963ab54defa022dae461dfb5f7e800e949444761 |
| SHA256 | 65b6e8d3fb3357587e71cb4e4daf4176d29af0aa55057943dec6d5a7ccb2b7c7 |
| SHA512 | 4d63cd5bfb4bcb9cdf93548893deba4600374dea7792bc58775d1734c1824cd1b8e8358e0b809a2d39af27781b45cc833e8956cd21c06c9c219c4e13900ce93d |
C:\Users\Admin\AppData\Roaming\autopsy\config\Case.properties
| MD5 | 5ed4faa6cb56ff5e91e1253b75908dac |
| SHA1 | 9acaa62eb16ffa03aff7c409ab3dd219359b3ecd |
| SHA256 | 2f50a52d7df8608bd3a0a11afbc90f423a264bf8f5d3a6efcbaff239a7faaf77 |
| SHA512 | 2f3ea5a66d809b6efcfc97403b80d624b8950664b47af595559b98dd4f5181f385abbb9a51d4993de567602b9108d554c3e2b49dc2f21642b094647df5acbe66 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Preferences\org\netbeans\modules\autoupdate\org_sleuthkit_autopsy_core_update_center.properties
| MD5 | 1223c8960937979bba282ea787f3f695 |
| SHA1 | fb303d6de1b2821f35e9ea648f862ac31367a61b |
| SHA256 | 82012f0cbfb8e635cd954eb9eae1e8c73aec5499ccfba85df71b257476dcc237 |
| SHA512 | a2969fc4a9414a9f58982375fc884eedd83bedab04f62a3e40f473acb831701accb7d3f39b1803e3fb9dfb33c1d9290926ca29bc1384eba25262ab51ca411936 |
C:\Users\Admin\AppData\Local\Temp\jffi2171062112944879624.dll
| MD5 | 5d80b61c1f9e31860c17b3a410948e7e |
| SHA1 | 5ca292116336ee4ceed00d10e756afea580e62cf |
| SHA256 | 58398ba5cda1b7cb89ad4e03dd4a658006956f81acfef4efb4e7dd934e2733ef |
| SHA512 | bd97f9b96c3d831bb6988878408dd6a26e4a64791b540766fe578e4c79fee54bca9af87447ac4c3392c1f0c4cf4f14278ba102fe9bf9cf8f96b545e2908f7346 |
memory/2224-9899-0x000000006E4C0000-0x000000006E4DF000-memory.dmp
memory/2224-10003-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10002-0x00000000075B0000-0x00000000085B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\autopsy\config\Case.properties
| MD5 | 5047357ce4ec64c59abcfa130fbfb769 |
| SHA1 | 8af174cbb9e4ed0222473eda4d54350bbb23790a |
| SHA256 | b13252ea531eba9b10c492e67f46dbac33422f8f39a5166db23929135076c662 |
| SHA512 | 3f0bd736e638be6f5df230eddef1e3a802450c8cf2a4dbec3a03189b9470977bab36104e2ce521e61c69be62b19afbc29b4ef15349bc0540fc65be14ffe127ab |
memory/2224-10022-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10023-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10025-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10024-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10021-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10017-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10030-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10029-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10031-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10033-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10034-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10032-0x00000000075B0000-0x00000000085B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\GPX_Parser_Module.py
| MD5 | 7c90d60374097f9bd2801a37d5fbd14d |
| SHA1 | bcccf7ebb6637318321c13f1a87430fe01016890 |
| SHA256 | 6695ba8e7e2868641a129f21f024a20d8985376b378c4fa679a85fbfa3b022d4 |
| SHA512 | c59edfec60744b4797cb034173a98fbc5c82d93e25b7775e2c94df9b4f92918a64ecdb5bac263598cb24e971c03761252ef5a0be6e6cac96ffc879f4781af9ea |
memory/2224-10037-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10040-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10038-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10042-0x00000000075B0000-0x00000000085B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\autopsy\config\keywords.xml
| MD5 | 68547416a0796740df3d9b90d987f2ff |
| SHA1 | 430cca99b42fb4e44d9e372eb06e0d256bc26d2d |
| SHA256 | 1a7e00b6b315a7b20f43bcb27708af9ea828c4a87db617977d3a3900ce3c38c2 |
| SHA512 | f665f4485dd21a66486b353e12843bace95dd9593d28141dc08d50e488bff40c55f158407a04da8d8fa658938e9b1413049ded6fd683fdccd61889d2f46c57df |
C:\Users\Admin\AppData\Roaming\autopsy\config\Preferences\org\netbeans\modules\autoupdate\ui.properties
| MD5 | 251ed043c60887a99c5b59eedb6cf5b9 |
| SHA1 | c064894a2545d3aad93763726cec82124dc1e267 |
| SHA256 | 3295d0c7ae26b614f021b45bd716bda88609e925e7968ad20b5a69e25a5c4fd0 |
| SHA512 | c7eab2b51c68bde687b092d50063b60fc25eb30d4a277816349a116d640d0e8b789f65ef053795c7884e846ed0883748e56e7bdb7aab8f14c2a1f38a1eeec55a |
memory/2224-10064-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10062-0x00000000075B0000-0x00000000085B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\autopsy\config\Preferences\org\netbeans\modules\autoupdate\ui.properties
| MD5 | f83e4541a9e2f388fa76f6434cae0ea5 |
| SHA1 | 0293d88c37bf78631c052e40c2fa26a77a4c2c54 |
| SHA256 | 27f9bdc102b59b7e86a87018868a4fa9398a1b40f5af6ecccf966a57b380b206 |
| SHA512 | 4c02a6c8a516ce5a2712aba8d6fa70f73112780a1cb396cfa57a0008f386d76d37749184f2774c018bf8ea2a96b152cce929ef4d4b7f88abc42017bee1ea30e5 |
memory/2224-10063-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10074-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10076-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10079-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10082-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10086-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10080-0x00000000075B0000-0x00000000085B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\gpxpy\__init__.py
| MD5 | b2d2e38af79ca877e6bd003963662727 |
| SHA1 | 130115f16c07ef22a093563ca7834e4850d843a1 |
| SHA256 | da30a7c5154d216632bdfdf03c4c8cca4c0cc16306b6d1f1ccedbe318c2be306 |
| SHA512 | ad67d8dcb42b399b565745fe8fdd961f95eb4430d6ec5138ba62f230f8efead400c744c8df99164326ae460aab189bdec7b5c198cc178b0195637f19a0735cab |
memory/2224-10087-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10091-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10090-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10089-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10075-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10078-0x00000000075B0000-0x00000000085B0000-memory.dmp
memory/2224-10077-0x00000000075B0000-0x00000000085B0000-memory.dmp
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\gpxpy\gpx.py
| MD5 | 1432bb1761139cfbc5811c3f010d2173 |
| SHA1 | 540b057e89f7c2a0d03cfd3ba54a3124df411a0f |
| SHA256 | 937bf05e2d658910bed5508c555d644c6d214c235bc97d24484b5e185e2d1dbd |
| SHA512 | 7836ac6f1100ec282cd8f46cb360d36e68743600979ffcef23449af925ba00cd6a5e644e8cbc0398192656b4ec48b4c571319576a410160796ef745264809ebe |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\gpxpy\utils.py
| MD5 | a7b1fecdaa340809739c32de1d4f39c8 |
| SHA1 | a32e62d54fd014bb3d656523b7dd43ba46600fad |
| SHA256 | 1ff182e74ea15a56db16661b497abdbd00283c4ff6c0ba5c5afbcb4976cb5e56 |
| SHA512 | c8453cbd52e25a755b9e849db9e7b1f12c2be6f68002c606319c5d64a820ca537a8ac23e7a64e2dfc48085a0c0bb9e783f698fbbe2a51a15ff67a98499b196d3 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Case.properties
| MD5 | 9128f3bc1bca26de4878ecc796de2f00 |
| SHA1 | b65750c3e8783f50a34ee8d88b9e95581dd5ff91 |
| SHA256 | 84580546c58758896cabd060eb015c4cb2cabc7657c43e9944ff0bc02054792f |
| SHA512 | 64916b44a3deba230469d5a9cca8690d9b477131928ae01da8863ed9f37700e0bf1015ff037b4c3e727ce8d5227eeaf7284884876367bace8c689059389607ac |
C:\Users\Admin\AppData\Roaming\autopsy\config\Tags.properties
| MD5 | 352d21f9ae4fbdd67d20124473154edc |
| SHA1 | 86e3cf9ca4dd48019d522ae79f6ad95892fd4422 |
| SHA256 | aaef350dbc60ec3c05645ed4637107b8274938cdf3cf2fb953d2289cad8c1c72 |
| SHA512 | 1ccb8c1481596b18060da199fa5450c4e490391c73dfd42c5b2f2efeddcd11102ead323ac3003ac7d62451291b949563f6fd9e0a092e90073de6d70938701909 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\gpxpy\geo.py
| MD5 | 5f4ed131e7231711f695140073a5bb08 |
| SHA1 | db5efd64e6b1d1eb60a0c49d4a7d3d4d0def1a93 |
| SHA256 | 6898bd52e7907c092074d849c24e495c57c71dace5a487c7316db162f7b17edc |
| SHA512 | 70f15e69f83d38f0966c8f4491b6330eb4df12b879d0069d8250ed14ff07fd0fb8bed53285b3bffd8a0b6baa1ddca9ad6f10cdfaac6c356b55bd98fa2085ccd6 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\gpxpy\parser.py
| MD5 | 8bca17474edbd8759ea21fcf43c8591d |
| SHA1 | 6ed9d2e98a4a383de85cc42642f1c52502d525c5 |
| SHA256 | 9d8585ed0678a559aadcea47677e38065f0529c6ff91e5434651b39bebcab04a |
| SHA512 | b8a0af5d45ad4bb89f0179b55576313242aeae3bd863f9af0de307e402839bf8877b1222d632dad6c1301b74c1db31b248e1bb97a019aa2d9c1b14a80261d76d |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\browserlocation.py
| MD5 | 53d0b8c9012a5342e3728bf1fe29e67e |
| SHA1 | 52c82e14e0905e16848201d60b363870f08a8222 |
| SHA256 | b9a163cc5b64c902e5918babd3fe771697396ce9c15341cf0e1c5a057b6234e3 |
| SHA512 | 3b2d7baf00dcc0075ec7625bccc84a34e7a489db1c1b38adb45ad8746d1ac065b236c89e12682c7338402265c0f0d58131875a3c4ec911bcbb75a4a28d1df05c |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\textmessage.py
| MD5 | f7342a3ad91623a1f4880d986088ae25 |
| SHA1 | 9d1c6b741e362607b08e01e172613cd24a27a315 |
| SHA256 | bb0b5fe1a70c1cc871ea28eb615af416c604366abfbd9e91770d3f777035bd7f |
| SHA512 | 400ff7fae35de41d4f9657781605bce22b94928acad2ab7f2d74f1a3eb83fbec035770e9f5bdee8b106f28a0c47e444ea3b50539b615d5d68f60147cc74b55e3 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\fbmessenger.py
| MD5 | 6f0a4a1b55a66fec1ff8794c4cdccfba |
| SHA1 | 5fb32b814ba1103fd862c38d8ba6a30589b2e5c7 |
| SHA256 | 4d8b6918bfd8824bc99d0622e0e630bffff05fce95af686118928ab7b6089cac |
| SHA512 | 18d7703f8af698e731b75a4f493e973de08d32317fd69bac4c24446f1511ef5a8e22f89f0084c40b2e3cd75a88eb9d611dca33fd1f2a4a294414707e95a2af52 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\installedapps.py
| MD5 | 6315a70ce306a32a661d7335da6b1273 |
| SHA1 | 48227a85e4bc038b790edb9f00aa47e7be5e86a4 |
| SHA256 | 425a30a56d837944432604ac3fc8736824e6c521d3b1a3d687f14764ee414f1d |
| SHA512 | e96ae8a17cfd22930b4e5abd74e285c487c66727e305dd73873102f14ca69fa1f427d2e706d9970244ffdf0bb108a7001ad7d162afc70af2fb6c8e4ef844936f |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\oruxmaps.py
| MD5 | 5558c71f9c800f09a23582b26142ba2e |
| SHA1 | a904fa0b5ff1f00c16b39402cb1a0ea14734e143 |
| SHA256 | 74a8daebf7a37a05f4e6b3cd242061fab5c0551973566651baa62b77183d0fc9 |
| SHA512 | 69d7ce4f28e41e2aefb620b959d360d0b9e3595599a3900428cfa55f0886c99ac56a701bde9dee7a454fc663fb595d04cc45eeb4cc78ff6392644042b86d5199 |
C:\Users\Admin\Desktop\test\ModuleOutput\keywordsearch\data\solr8_schema2.3\index\segments_1
| MD5 | 3e0596f48a9db2571187f4a30cdb02c4 |
| SHA1 | 7a32e09d896178f61187ba3edfd3ab09ebf5f7eb |
| SHA256 | 3625561b5a815da940a6493b5c188fc7996ed08dd16600931c61b3c4b896e71d |
| SHA512 | 3081815c97cca082494cac4e495af1557ab7167114c2188b975b4fd07a07c775ecc48430d8a3ffc98c61934e9978f6995de1450971598dd3309f64f55ab8a862 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\operabrowser.py
| MD5 | 9ffa79e5abce57a56a8d2bfe66bcf65c |
| SHA1 | 0a8148a709011c3c27f0c1d2b6f5e98440a079f2 |
| SHA256 | 1bcc418e40b32c8713d62db6035271349aa598a1733b4f09144619bc1e8423cc |
| SHA512 | 1b4b7610a384c9e58daa72f82e309b841e5a7104ddbf0e116c3bf163142da9c0ca86396c4537204437ab1c192003276b24a58f9152d45e8272aac97ae271524a |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\sbrowser.py
| MD5 | b702b3532ae502f8e5a43d01005f5d66 |
| SHA1 | 8be77d1816c8a421082d435655b877fd38629c42 |
| SHA256 | bcee36034f79774500e10d69df0c856db5de5354ff0fced42410425047a57e82 |
| SHA512 | 209cd787fa33dc2958078900246eb7ad0292404f625a8a3da5f195c0a3d85e2ee31a38debff6fd9f12b6ffc3117e793e99debac2262897191582cae837dae063 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\textnow.py
| MD5 | fb995feb37df4e43a6179c59f2b69ec3 |
| SHA1 | 4c86e2fd34cb3b440e5bef0b0b0f800fee795510 |
| SHA256 | 829229ca1124f3b70e1078f08bb9223601812212b94ea13e363e00f8f97c33e5 |
| SHA512 | dbf113c3143a48e3721209fa60e3a892243e97ba0c980be616b1884e7da309f82f6d0748d99a176e4d052f4b3be79a4148690a3091e7238a9820ccbddf3577a3 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\whatsapp.py
| MD5 | a0340169ede0b157b3291c252be36e79 |
| SHA1 | 080826820a0a7a52223c9be79778b4d492a9db42 |
| SHA256 | 07fde65c010b6b1787090544f1a50999d8c4b2e15a8a6c288cd21ba137d93667 |
| SHA512 | e86c3a874a350b78083736f78c287d6a0b73d027b6ab720b9abb51766213285b510c4c3a8823688db094c73034eb2c7fe81558cda7f8ab72d0f29500cad841ec |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\line.py
| MD5 | d90d30c1f503f4f216753180e9503748 |
| SHA1 | 95d77013523c3cf2d96175c39174869594773b4f |
| SHA256 | b08d2407d67958ea6938146d51c0171a46292e4d5a56d2cf0191644fdbaaa776 |
| SHA512 | 3eb76a2c9e88c95575316bbd37a09c00d011a777c73d13e0768d24885c3cb5420030a4db6b9c0c429ada727ee6d002b542791034be2fe6e6aa3da0e779dcd40c |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\skype.py
| MD5 | d2b230e8745f16cab316245cf0d567dd |
| SHA1 | e2a9f2fae2c13551d1c673664eccd98ebdd04312 |
| SHA256 | f781581675e790663bc00d90c39cdb9678f3890e9dafa0c18cb7a0fd744040ed |
| SHA512 | 5fec922ed852269cc1447fc34449ab043d5fdd6336dd41f45931dca734ec44e0fcd700e9b05f265429c3d0339d87fb14069bc55a5313bc653eafc2627cfaee1e |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\TskCallLogsParser.py
| MD5 | 662f4dfdcc0ab9d7390b770409f5b4d3 |
| SHA1 | 1508c98ee89ae99faa5869d9ed46ac558080ceeb |
| SHA256 | 1d705909890c90d9a0db8ab355c0a22fbddd0cb72b37b6f02c3c794580c28334 |
| SHA512 | 14d58e10aec8137c1327f604d71db46a1b53c3b95be6eef752c1fa7823f0730adb0050081e7036da3f0b7d33e9d99f192b2c2b8526ced3f093a3f9b50291fa9d |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\TskContactsParser.py
| MD5 | 4f4414b8e86c0a9464aa6728a7c0f26f |
| SHA1 | 0d36d7d0dd4c3c5b4710d94b71b20871787caccd |
| SHA256 | c8c9f749467dc5341ea64b1afb1f6f82fb01d94d2294db04850d408142d64e32 |
| SHA512 | 11d09b770a9099f9dae2f919ca7998ef41328be7c3669b5b71f86cba981ecb596b87b85b6d454507a601b42bfc2b0d7649cd918f53410d3cb9b15cd3f36e3870 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\ResultSetIterator.py
| MD5 | e9fab5b58a16ec08cac39ba6bb9e5fae |
| SHA1 | 37e6bd7f527eca52c5f8968e7981d2a0f6248945 |
| SHA256 | 5c38f9d48898e8466f1119841147a6a9d0dec4094634665b21144e7560f59b71 |
| SHA512 | 7b7307a5f83badf5dce8eb71d52c158260bbab953b2bddfc6af3d501f1ced6900e615799a70ee9a52823371eb1ed9007354dfdb06364a13bc02a2deb64c065c0 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\TskMessagesParser.py
| MD5 | 5ca1c1b3199925e2f32c712336a68456 |
| SHA1 | 905a739c25ca1e6e8bb35fce6ea714466b032edf |
| SHA256 | 2c40f107ba1d6cbe3a03beca817fb71b625646c57445146a2d88db6aa1335bb1 |
| SHA512 | 21b3096338a0041ba45b5235981319a893ba04d02efe074b3bc0e71165a6be44f24670a6653fd292c30467d3580c75ef7bef00e8ff13f10879c4fd9fd711a8e8 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\viber.py
| MD5 | a2a729ebce7b3bc16bf64af450f06cca |
| SHA1 | 9af2631882dc43765ba9906113e7a9b14e763f43 |
| SHA256 | f9c1b7b799419dc53c9666d54a9553ff7a4eebb296f60e36d48f68d339e69ef0 |
| SHA512 | f6c01623d194a90275de60fcf33fc1502069ba37dc699e7fa5613d09b50aac46aa7fff7d3aeeef561c90a44562a5fcbf15c61e264824c6f762663dfc3c475dec |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\shareit.py
| MD5 | 37bbc0a170d7e791f47c3ce5a8995602 |
| SHA1 | 3e39f39a8e2d34a6901a27d0a13a647f706231a7 |
| SHA256 | 6bd5e5a56a6238ac4a908cf233ab65ad343506b4b2ac88dccbd3ac7de1cea71a |
| SHA512 | 1071f5b58b44de52cc3a37fc7a2a7406ad9d5472135151e612f0b3ec25de253a6b6226160b4bfaea98a6e8c8c1a00a66ee7f4f24704233ca1986298a0750fcdc |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\zapya.py
| MD5 | b2e213a1d642d0d1ca65b46e416a6d94 |
| SHA1 | 74cb946057f21bf590af77052c6c9ad65463952a |
| SHA256 | a6b9a31b5f8654853d2efae5f95e87932278e56823311bf54a6a461f8b7f6f9a |
| SHA512 | 50cc6101dc160bd31a0ab351e4026cb3c7943adcfa01b7e84cd8843950b6df9ddf65d1e3a1de2803127c8df0d91282800277f931f508fbda744d360151d9b6a9 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\xender.py
| MD5 | df01f913e248faf83394a9e29af59484 |
| SHA1 | 4a81ca4b518c950b063dbce9ed6f7e8956677ac6 |
| SHA256 | f73e98dd9c603df7995c493586ffdc12ccce765ae7566fb57044bb51be584368 |
| SHA512 | 4cbfa094fcd5a39a0fba11d40c48397949c115b04c482718292b5fd7ad145786eeb5767061b58594d42ee5c65f1e11cfd4548a32fb0483e3747ea29a660c1ca1 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\imo.py
| MD5 | 930a24460a6a0526d4f08533f4d82be6 |
| SHA1 | 466feaefbde181a7fea4387a00956d9f79dfd878 |
| SHA256 | 17e9bf7577bcf4c20a1498e05f4c9594379f970f89c6d7fab2ab9779611a6096 |
| SHA512 | 546aad83fb37343ea016c1f9b6082495f2e28b7072b15da318e13fce204471973c87c7dd6413bd40fd259fdb17b4ab6a1d91aedf24dc4cbcc6fa3057754e84d5 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\wwfmessage.py
| MD5 | 259b21c2c3e39fed2a483d55e97376dc |
| SHA1 | 3e167546556903aa14baf39d252ce350b05216fe |
| SHA256 | d597e40df83b90e96869ae3bf20793433b81c0588b1bc38958b133caac3a391c |
| SHA512 | 3a988e03289a8995c612d730d45314f9aafa86b51f1699d269ca29c83bf10ca8584006d79c7d30379020be396bff2d60342225af04913cb32ad4d054537e8e19 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\tangomessage.py
| MD5 | 0d8359d6755ed436abafacac8dd660aa |
| SHA1 | f8b39bc1d28365e051d9ca01a3df11ff53bc4690 |
| SHA256 | b83f97e56bf2f30c1424e132a941f8a3f0cfc44bd751fd97b898fb4c1485a3a6 |
| SHA512 | 068c8265eff7fa9b4e5ad7211392956e8632c7ba58432cfba86e0cb7e72e81a14d6ccd921b9fff4577babc7f3e9bbeee8b7ef2df539c5497e0cafcfd3be7ca4d |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\googlemaplocation.py
| MD5 | a5689637997de73dc7715297af864281 |
| SHA1 | fd04ec9f0ac25a40b8b215b9cc97c240565ea5a4 |
| SHA256 | ca86f3e77fed97f9b185626a564a0bb49dd70073c9dd0a1a96e31f57e4bc3f7d |
| SHA512 | 0cd527e970ef4c8c1a60020986c34d8cb32a0d2d0bc7efb034b13faa5b8fc68a632cfd059f6233c5314b1809df75288fe476e441d3d0ba4811e33af8dbac28bf |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\contact.py
| MD5 | 1a1d1f5f9d7475d41a4143375d9fc81b |
| SHA1 | 9bd07410233877c13a230a4696fba57a3673fce0 |
| SHA256 | c00e5f04595d2cc3ccf770dd09d2b3773015c120e092d9843b4c34b538d07826 |
| SHA512 | 780c107f40c0a2f328d6d73dd58b4ea3cb7b1304517220f307a6d7558119674b5a9257d77182b69de85cc42f118e8464caf189a314ec4e8965e171941435983e |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\calllog.py
| MD5 | 1e06326bdfbc8756357ad368aabd9240 |
| SHA1 | 2f69b99cb57b82e4c4e6d2a1aa77b522d98731df |
| SHA256 | b105491c2a9974d89a0a24924151e443a725ee5aaa7256290178ded4e6bc7549 |
| SHA512 | ae8643d67c65bb024df39b301ced00fda60faaac63a679de49405606b8998aa1ae3912296b1239ea1f3121c571fda058373c4ec39ef638adee9562129edf5faa |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\cachelocation.py
| MD5 | cd7b1b22cac623b5175e9df233463388 |
| SHA1 | 55139ee91feb3ce1b3d516873a3233e1bb97535f |
| SHA256 | cd7e9530545bbfa0ce9c364a84cbac5e5fcc749909366a69494300071cbb0ffd |
| SHA512 | 6fa2a4fa7bde1d50107141ab895aec764ec2bf80fc7a0cef3e24fd30abe26b932ee783a11b2da59788accf27ede74b2f1f31e21795592bde7ff864fcf1790cc0 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\general.py
| MD5 | f8389eb3cef9caddc7bcea4c5e945bbc |
| SHA1 | a7565c771d0a819f338acdbeaa73a6b17b0f55a2 |
| SHA256 | 68607d0ca511723467dc373a26a09003a55a68d4080cf4a24c329bbf755b3b75 |
| SHA512 | b699ffd38391cdb62914b87e847727d7e5e6c4e182ba29eadae75ae970f8bf882c500b3b13138e5f78c237bfeef83b5c2fc5d40362aeca61efc11dedf567426f |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\module.py
| MD5 | f80d8b3600222ac492ca79a5232f52d0 |
| SHA1 | c2c935da1bdf84dd72b3150c10cbe52d078573e5 |
| SHA256 | 1e15ce3674294db9066d3affdbb27f156bcfca8749c8a6acb7c82fb41b7f6c57 |
| SHA512 | c8d36143bff162368c6e6ee1eab840df260b1418e012a3fbaea644d8010bf5235a90814840f59081d5f4adc4a19d363caf34e651699332b853b8b8e3e512039b |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\gpxpy\gpxfield.py
| MD5 | 844fd2971daf80cfdf57a7eb3ed33bc6 |
| SHA1 | bef7b3a766263b86ef972e0ea4fc0098a9315ab7 |
| SHA256 | 58dc89237a356188da245fd89ad6c7babd5706475f2f5814e57e76b5dee3eb79 |
| SHA512 | 6d7b3004f3b342657e77c4ff5c595e293a39cf73eb4d4fd33c7539fbe0bfc2d1231df5bd289aaa9ea5cc695aa1b0ecd04b24db91829698c4a1c7fabd24273768 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Case.properties
| MD5 | eeb009f5a97bee06167f8eef8e3c111c |
| SHA1 | 40b833d504e655433e55ecd0988d0c53f3983ce3 |
| SHA256 | 8d0e0dfe62ef4a5f04650bee22334c43af239c64cb8c393dbf7946e8dd780e27 |
| SHA512 | 6d1cce6c728d08b233aeb35f63d9c083f205a6df5b7ef0a5c047827b9c7559997fbbd5c08254fe3ea477c757b9690823e2f330c5a4c790eeb9cd7f878441e231 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\ImageGalleryTopComponent.settings
| MD5 | 5ea7f55d3f8dba4cf1a210a7667c8ce6 |
| SHA1 | 3adbc99ec7baa19db1518c2238a02085082230e2 |
| SHA256 | 01860aebc08557761cb0d4aa6ff034423acbc1caf24f216eb0d82085b8a37263 |
| SHA512 | 7a292a3d242e2d71a8293339bacf27e7303dfffbb30032ad894721c2d036834861abd5268ce9b10867038830396fa8b02fc041ce697f0e86db822e74791a6ce0 |
C:\Users\Admin\AppData\Roaming\autopsy\config\ModuleConfig\IngestSettings\org.sleuthkit.autopsy.casemodule.AddImageWizardIngestConfigPanel.properties
| MD5 | 4b14e3a4f0eedf87ffd61dec23a3b32f |
| SHA1 | 554064b7be846e1879faa8065d71dfc57ecd5073 |
| SHA256 | 28ef6a3c40be40f637da441487c3f56a938af4eaa6f70c3fe6580989a741f350 |
| SHA512 | 8c1b8a8e72e94297516fb68526a254789274670e8a4f9af026ab2aac5e8a6bb33bd34525f4f843d2e7108420c166ec7b7cb3cf56f8e3f5a631f363742a0ba030 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\android\module$py.class
| MD5 | 600c1c57bcbb5b3c197d0e4f7cca34d2 |
| SHA1 | 93d98a828e706d72379f1f709237382119a67f11 |
| SHA256 | b6c41368db9831102d9b806bb64deee81a46ef3434f3ed0446e9f7b90ac403ed |
| SHA512 | 870f0a4d54d7633dee9bbe90951daf3d4211fced0f9415283ec3393bb46345742526cf77ef56202bec53dece5eab967d9f8d1421005d0ef23df314b283ac1414 |
C:\Users\Admin\AppData\Roaming\autopsy\InternalPythonModules\GPX_Module\GPX_Parser_Module$py.class
| MD5 | eff6d99c94baec8a7a069a2726a732e6 |
| SHA1 | 41696c191223aea7ea13fe150ad8b95cd4f6b761 |
| SHA256 | 6e2c7ff6f4b1e0fa848ba80c4b131eedd2d7f5f80be61dd953b402a0d7d2d14a |
| SHA512 | de0a2e317ec46b6668be068bc1ddc1f2ece641349b1940273e33daf787652388e99a4e3851842cd6eff941b2ecd5ed3f717807a9becb4d9be5cbea6710a6b165 |
C:\Users\Admin\AppData\Roaming\autopsy\config\ModuleConfig\IngestSettings\org.sleuthkit.autopsy.casemodule.AddImageWizardIngestConfigPanel\org.sleuthkit.autopsy.thunderbirdparser.EmailParserModuleFactory.settings
| MD5 | aa1d37a17cc12951c63cc2360fa05dd2 |
| SHA1 | 100bbd96e6fcde264e2aed3ab22782f3092a13a8 |
| SHA256 | b0ae6221d2cd68232c3235b9e2828d578e021fb33da7e9727d68728e2c4ad1b2 |
| SHA512 | c4474e763fca79aec2cd314b9294c290e99f686fd8b47ee71de2896a0802be1464f27d7f28c5e35b22a165d0806839ca2c8b96f171dfcc9f87cd80f725be31e3 |
C:\Users\Admin\AppData\Roaming\autopsy\config\ModuleConfig\IngestSettings\org.sleuthkit.autopsy.casemodule.AddImageWizardIngestConfigPanel.properties
| MD5 | 2ba8f443e9e1fce46c5acd9fd6076e24 |
| SHA1 | b6b22f167d07c0d000f3335320f7dd3e7b9d6c02 |
| SHA256 | f36666fdc7b68dc31bba7d1afd7958d9ba1d9b18bdf7338f29ec8cbb0b1469c7 |
| SHA512 | 862b444b803a1c6816628ab143ca2f7922ebf0b058d8b9fe48415d81bfeed5cfc298f3a2252bde6e6ad42868fe36206303b7dc9169541fdf88c0a5e2310053b5 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Preferences\org\sleuthkit\autopsy\core.properties
| MD5 | 0738988fc539c97e30ea4403b5539de2 |
| SHA1 | a4cd19edec86139b2ac302212b987957bf53a07d |
| SHA256 | 1e8b1d300bdb5e482c620521fa64c51f492e87ce1067436d553b754106b48bb9 |
| SHA512 | 2bf04e3e47ff85c7f06fbad1b7a6dda9b492dc959f609ba167a43e8c77157366cfee622f8836809df4d4e034a0da32c44b9129a57d85853dcd4b65e4dc428bb5 |
C:\Users\Admin\AppData\Roaming\autopsy\config\LastDspUsed.properties
| MD5 | 20fa96137a21fc40c4d07e6c2287ed9e |
| SHA1 | f346e80e3ddc7dc71fb7e5c309475ebf560df746 |
| SHA256 | 96993bbfdf5de8b0aeb564bd7db85deea8060b834d926659d66eb872ca24793f |
| SHA512 | d584b199d81ad4b5ec33e7f1adc1aa55be0ac7ac99a82a6de823002d751cdfb8826c57eb7a4cbe998e6eaeca64b01e29fe78e5aed44e13bf2b260da31a9d9bdc |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\GeolocationTopComponent.settings
| MD5 | f43be684f79f7602b6fb2a8f56e60e10 |
| SHA1 | 3aeffe0431a399c6da9d5fe24362641fedb6b597 |
| SHA256 | e0810b6bb1c6b636e6d949c5c9fa93557f7ddace7ba6c9d6c503deec4d2e3cb7 |
| SHA512 | 4bad5e58e40b627085fd26ab2588e9ce7100ecdfd0abf5429be01979f4378d8e273b6af8fef8b1bc1a0b626ec71684cf15f6a4b51a9c6fafc876a23a53bc142f |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\properties.settings
| MD5 | 3b58e2b094fafa414edb6900cbe34a73 |
| SHA1 | e93230a466bb8c1cf7b52f96bdcc643b4d4f2af6 |
| SHA256 | 3bab0e4e9e9ac332ee3e23758b135ee998f642fe9065f46b880a337d8caadf65 |
| SHA512 | f709f18b159fd3ab0bee3931aa0cc39f1242f474e2dc53e8bba7b1b66b502ab31c3a1b1f1b3c11346696ad8b376322d101665730cd2644d6081d926cca89d1cb |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\favorites.settings
| MD5 | 938befca94a2ab18d4432b06e199009a |
| SHA1 | a03c99c4e6c703819fefe4214c5d0d1409a29e01 |
| SHA256 | 4f6402043e73b3af9d41c8bd5dd42054d91b426943a1e26243ab92a98f02c83b |
| SHA512 | 158e6d9b2f00279657e1a732226c0b6e0d2c9342640f10f3f016a2ea64a0c101ac7d24377a4b48c45319199ea93dc782cadb5204b0a36202706923031d567e5f |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\DiscoveryTc.settings
| MD5 | 06fd7b34f1d5a826bb74be4ba530ae87 |
| SHA1 | 94081aa8ba61bf783bf81a51f4131f7db2baf49b |
| SHA256 | 4bae1e6a585b5d37f1c02eda6a01ecc16a52821ed38ae4dcee971a840abd99ed |
| SHA512 | c72732e6b56b010537c4d9e9e83138ab50ddaab71740574cb39588f6378aa8700ab56468c151d8521bdf79bc46ae3fe34bf0c4a5dae6e61cff3a94e23556bd2a |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\CVTTopComponent.settings
| MD5 | 1d44d20f8f7d4f67ad6a434da764c892 |
| SHA1 | 71914cdc74e778c1524a2ecaee77af7977dc290d |
| SHA256 | 9b0fbae077aa7c625684b7495d72f11e4d50d86b71ce45dd3f61b677e7ce4fdb |
| SHA512 | 0ab6bbfe055d3e8d999983e87754b8cffe5ab92a6cac371932c087c84c963cfa5cc7faa492e47809390486e3146ce4a0ba635469d66f4ae8fa93a14e15cf8fa0 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\TimeLineTopComponent.settings
| MD5 | 29d8d01bd63c73e5967a8ff019411ced |
| SHA1 | bfdabe000e33c912ee52dd5b5bf08b716308cdb0 |
| SHA256 | 508c10bbb3f0e1dcf14e080ccf5dc55bdc1984641754ecb28dc6e59335ce1673 |
| SHA512 | a7a42c6a4aeaddc81fa0024760f351dc9adcbb8be3b1a6fa5309f8fdf9f0ab8392ea630e9105490fe9225083ca2e9dbe2cf544272c55166195566d6f375a1ad8 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\output.settings
| MD5 | 5c7113fb3d125db5c225aaa90284d25f |
| SHA1 | 62cdb5b43add156e5527e886141baa5ab25ea729 |
| SHA256 | 92c78bd1969715e72d1de997cfe1a9573a973f815b27e85109ea0357f886f607 |
| SHA512 | c25cf3927bd115ae107f947e0e75a560e4cb31a2decba02eab5a12da367bd0521c9fd5b34b6c0cbe2f1d65655efa63bf67697443a0078d6b102e443fff7f4fb6 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\PersonasTopComponent.settings
| MD5 | d1e2734a763afd5f25105224cfde1979 |
| SHA1 | bd7782a63b43d759ba1825bce3c60426e1ac67ce |
| SHA256 | 340dc42fd08b6fd6409e6b6482daa9e9f40930fdfccefbd3b8b7c31b06d1ea8c |
| SHA512 | 584a20369b27c93d40d782adc16e07f76959497a88daec44a75109fd6ce559c79fa4c9841e839629820161e85fb26fcd22c46d4d9eb8075313ed86e0fbae64fd |
C:\Users\Admin\AppData\Roaming\autopsy\config\org.sleuthkit.autopsy.casemodule.ImageDSProcessor.properties
| MD5 | c4c214a98a9e7c0980cae4a2e300c90d |
| SHA1 | 4d1fdec6a7e86b698a7dfe92d0b772829430fd36 |
| SHA256 | 6e4cf6f7debd7a5e701e22eb602142e481dc00ee8952656c408f6bd6f7d0f266 |
| SHA512 | b74d735f7c0f5e85b311ba4f03c39c37298ed1dd41a8843f7e4a09cca42a5167ae32a57700d055668604b11ada726859f4f0028c59c7b7d037c8cf10805f914a |
C:\Users\Admin\AppData\Roaming\autopsy\config\mismatch_config.xml
| MD5 | 5b735c6604ea1674e935a5165d393ac7 |
| SHA1 | 067c6744c5b7a1bebb7d3fc17e39db5bf11fbab2 |
| SHA256 | 54eb5a7e071bae32d3baf1fe95da81978354b3fa6ebfeead5d9e8ce3046f332c |
| SHA512 | dd81f6a9683436b4471a8562859a64803b055649f4db95b90fd1ee719228536d6a0171435c3f77617a325e9d45de74dc1962d114d97f6ed2fbc12a10d16f2900 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Case.properties
| MD5 | 309cd7414b9a366a1e5bcf0bbaa6fed7 |
| SHA1 | bf0d2472dfcbb254b629e6d4f41063c8bdba8755 |
| SHA256 | 28e70c2a59583e4418459095871b408c052985f0717eca64bb453626706e4563 |
| SHA512 | 97b879366e3efc1d3a8b2a2862fe47729458ab808beb09203ae71ccd4ba24f84524fd3a7ad1d046fe2807eba17aefa9cefd1508131da717429cbca89c1dd38dc |
C:\Users\Admin\AppData\Roaming\autopsy\config\timeline.properties
| MD5 | a33d26fef34d633ca5176918768d9b2e |
| SHA1 | d877a90ed2347efa183169e4a071ce03161ced98 |
| SHA256 | ad6a7818b007157327ea6c6abab85c41ce0b076356238d8d44bec5ab4a49f801 |
| SHA512 | 5693f4b5db4cd42c552c0e2e264ac8006b4b427f1d553c0db92037c7b2610fd515594188bae9a381bab66cfb17ec5f8d9684e69e7b6e61d5458817203f95bf18 |
C:\Users\Admin\Desktop\test\autopsy.db
| MD5 | a46e15c8d9c3be9bfa5bf6a6c1767746 |
| SHA1 | e28c77e466d19658c759cb7a5df3de821c9fbc08 |
| SHA256 | 64a53f62c164bc858be651a6fe8f8c8ec1155a606c41d11fd96fdb4693b2e82f |
| SHA512 | d4ae99543d5ede62b66178536d7677287de78d9128c488bd2187dc780fae9e3b4aea56d119ec6811aab1856bf3ede11b868a258df16d800a0681890e1cec8ff3 |
C:\Users\Admin\AppData\Roaming\autopsy\config\ExternalViewerRules.properties
| MD5 | cab9fa41df154b5723aaee387b3889c6 |
| SHA1 | 8ddc072b71fd92d3a8a5af599157e0061020a7d5 |
| SHA256 | 41b70e837b1cfb690b6ee4cd2681044c9158c3820732271cfd4957fc365bca88 |
| SHA512 | 2550704df60c5d86c92656662e64d7af9ca8fbf960f6e5ad339818984d701be14c17ee26c92b5d710f4fb66aea6f8d0e34e6745cc3f3e0981434d0899cc5a922 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Preferences\org\netbeans\core\windows\tctracker.properties
| MD5 | 2ec3a5827457296e781e1c8e87dfde22 |
| SHA1 | 2323b7d54b1126c403c3da50c7a43a8d1e1e3ee7 |
| SHA256 | 2b58f998de3752aff5d49245ec0e743106e626c85d082dd0a46cad826c37cd37 |
| SHA512 | 2b14f5e2ada80fa74a89da804f93592d944abb9b4f0a4e706e3df5e759f22f61a60acbb1e0f5851ff0c8910be6dec8ba9a5afdde04ef23de636a1d1001d6779e |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\DataContentTopComponent.settings
| MD5 | e35469e5e2eebb4dffad1aac622b5dbd |
| SHA1 | 3cb914557930edd79cffe477fc298aadff6e7019 |
| SHA256 | 553c4e746b1f228368541c1c685b44a8bdff2aa243bebf32a307d96cced4728b |
| SHA512 | 8fba413361fe345af0f7348bfbe6a32cc783b960e8a86e1b4e1038a5dbe9ae7429aad2148e273c455903c16eec5c8b3f0e7316b21aa4fb9958e3337a4b328307 |
C:\Users\Admin\AppData\Roaming\autopsy\config\Windows2Local\Components\DirectoryTreeTopComponent.settings
| MD5 | 9eb2b09f1127168d0aedacce5a1f4f10 |
| SHA1 | aab38f8744ad764b381faa4bfd977a7da8a06adc |
| SHA256 | 500052ea62dc66a8c4c83ca0a38bd5b58d9e19edaaf34f545b50977f64b0ec78 |
| SHA512 | 4348bb4d144d8bce399e6c6cd14aec25082fbb0c23ac56e01c40c96343a48c8e5f47934cf3cdfcbcfaff27760709b19f5d241ff015c6c0f6942f2cb92dc9970e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |