Malware Analysis Report

2024-09-22 12:45

Sample ID 240704-nlal3sycra
Target AutoDox.exe
SHA256 aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002
Tags
rhadamanthys troldesh wannacry defense_evasion evasion execution impact persistence privilege_escalation pyinstaller ransomware spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002

Threat Level: Known bad

The file AutoDox.exe was found to be: Known bad.

Malicious Activity Summary

rhadamanthys troldesh wannacry defense_evasion evasion execution impact persistence privilege_escalation pyinstaller ransomware spyware stealer trojan upx worm

Wannacry

Rhadamanthys

Troldesh, Shade, Encoder.858

UAC bypass

Detect rhadamanthys stealer shellcode

Modifies WinLogon for persistence

Modifies Windows Defender Real-time Protection settings

Deletes shadow copies

Event Triggered Execution: Image File Execution Options Injection

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Modifies Windows Firewall

Downloads MZ/PE file

Disables use of System Restore points

Reads user/profile data of web browsers

UPX packed file

Drops startup file

Executes dropped EXE

Impair Defenses: Safe Mode Boot

Loads dropped DLL

Checks whether UAC is enabled

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in System32 directory

Sets desktop wallpaper using registry

Drops file in Windows directory

Detects Pyinstaller

Unsigned PE

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

System policy modification

Suspicious use of FindShellTrayWindow

Interacts with shadow copies

Checks processor information in registry

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Modifies registry key

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of WriteProcessMemory

Uses Volume Shadow Copy service COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-04 11:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-04 11:28

Reported

2024-07-04 11:39

Platform

win11-20240419-en

Max time kernel

630s

Max time network

665s

Command Line

"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"

Signatures

Detect rhadamanthys stealer shellcode

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Rhadamanthys

stealer rhadamanthys

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Disables Task Manager via registry modification

evasion

Disables use of System Restore points

evasion

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbui.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe C:\Users\Admin\Downloads\Annabelle.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD8C67.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD8C6E.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\WannaCry.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QAUQgAgc.exe = "C:\\ProgramData\\ZUcUcsUc\\QAUQgAgc.exe" C:\Users\Admin\Downloads\ViraLock.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\AusQAAIU.exe = "C:\\Users\\Admin\\AoooAAQo\\AusQAAIU.exe" C:\Users\Admin\AoooAAQo\AusQAAIU.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QAUQgAgc.exe = "C:\\ProgramData\\ZUcUcsUc\\QAUQgAgc.exe" C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\AusQAAIU.exe = "C:\\Users\\Admin\\AoooAAQo\\AusQAAIU.exe" C:\Users\Admin\Downloads\ViraLock.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "0" C:\Users\Admin\Downloads\$uckyLocker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\builder (2).exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\builder (2).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Users\Admin\Downloads\builder (2).exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Users\Admin\Downloads\builder (2).exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\Downloads\builder (2).exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645661370939889" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c003100000000009358c751110050524f4752417e310000740009000400efbec5525961e4589b5b2e0000003f0000000000010000000000000000004a000000000024a13000500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff C:\Users\Admin\Downloads\Builder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "9" C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Downloads\Builder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Windows\system32\OpenWith.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000100000002000000ffffffff C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Builder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg C:\Windows\system32\OpenWith.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Builder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 C:\Users\Admin\Downloads\Builder.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\UIWIX.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\builder (2).exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\Downloads\Annabelle.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\ViraLock.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\Builder.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\Ransomware.TeslaCrypt.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SporaRansomware.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\SporaRansomware(1).exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File opened for modification C:\Users\Admin\Downloads\Ransomware.RedBoot.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Builder.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Builder.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Builder.exe N/A
N/A N/A C:\Users\Admin\Downloads\Builder.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 428 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 2220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 4048 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 1108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 1108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 428 wrote to memory of 3872 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\AutoDox.exe

"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cdfcc40,0x7ffe7cdfcc4c,0x7ffe7cdfcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1840 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3296 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4792 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3784,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4912 /prefetch:8

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6b3634698,0x7ff6b36346a4,0x7ff6b36346b0

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4624,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3768,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4404 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4844 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5492,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5204 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4844,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5160 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3268,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=2172,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4948 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=2524,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4288 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5604,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5760,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5792 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5768,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5776,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=2988,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6216 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3500 /prefetch:8

C:\Users\Admin\Downloads\Builder.exe

"C:\Users\Admin\Downloads\Builder.exe"

C:\Users\Admin\Downloads\Builder.exe

"C:\Users\Admin\Downloads\Builder.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5692,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3772,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4396 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6148,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6060 /prefetch:8

C:\Users\Admin\Downloads\builder (2).exe

"C:\Users\Admin\Downloads\builder (2).exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1840 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc6c37dd-aa21-46a7-814a-eac69dab6277} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b061d2fd-e81b-46e4-8031-5f87cd46ba91} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3064 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72205cbc-31f0-4de9-882c-e64623426d37} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 3080 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {626c04cf-75ec-4a58-b8a5-6eb27cf7ed8c} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4732 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {402c1ca2-0d45-40a3-b51e-837ccc7ff2f3} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5444 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa780a1d-3fe9-4ff9-aa79-80c7c09857a2} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa0da69c-b022-4e03-9c05-db69ef978732} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51a40d76-13d6-41f8-9392-9deee120230d} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6300 -childID 6 -isForBrowser -prefsHandle 6292 -prefMapHandle 5612 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5593b281-baf7-4bca-a752-2fd262b542b8} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 7 -isForBrowser -prefsHandle 4988 -prefMapHandle 4980 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61aa7263-eea0-491c-ae23-da41c0f9ad97} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6600 -childID 8 -isForBrowser -prefsHandle 4472 -prefMapHandle 4508 -prefsLen 27963 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad030d00-9949-44a7-bcf4-c43678a2529a} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab

C:\Users\Admin\Downloads\$uckyLocker.exe

"C:\Users\Admin\Downloads\$uckyLocker.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Users\Admin\Downloads\ViraLock.exe

"C:\Users\Admin\Downloads\ViraLock.exe"

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Users\Admin\AoooAAQo\AusQAAIU.exe

"C:\Users\Admin\AoooAAQo\AusQAAIU.exe"

C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe

"C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe"

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1

C:\Windows\SysWOW64\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Users\Admin\Downloads\SporaRansomware(1).exe

"C:\Users\Admin\Downloads\SporaRansomware(1).exe"

C:\Users\Admin\Downloads\Seftad.exe

"C:\Users\Admin\Downloads\Seftad.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\US84A-08ZTZ-TZTXE-TRTZY.HTML

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe7c9c3cb8,0x7ffe7c9c3cc8,0x7ffe7c9c3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1

Network

Country Destination Domain Proto
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 142.250.180.4:443 www.google.com udp
GB 142.250.200.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
GB 142.250.200.46:443 play.google.com tcp
GB 172.217.16.238:443 consent.google.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 20.26.156.215:443 github.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 142.250.180.4:443 www.google.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 lens.google.com udp
GB 172.217.16.238:443 lens.google.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
N/A 127.0.0.1:51902 tcp
US 8.8.8.8:53 collector.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 52.33.222.107:443 shavar.services.mozilla.com tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 autopush.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 107.222.33.52.in-addr.arpa udp
N/A 127.0.0.1:51910 tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
GB 143.204.72.186:443 www.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 186.72.204.143.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.46:443 play.google.com tcp
GB 142.250.200.46:443 play.google.com udp
GB 172.217.16.238:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 172.217.16.238:443 consent.google.com udp
GB 142.250.187.202:443 waa-pa.clients6.google.com tcp
GB 142.250.187.202:443 waa-pa.clients6.google.com tcp
GB 142.250.187.202:443 waa-pa.clients6.google.com udp
GB 142.250.200.46:443 play.google.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 140.82.114.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.244.181.201:443 prod.balrog.prod.cloudops.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 185.199.109.154:443 github.githubassets.com tcp
GB 172.217.169.46:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 88.221.134.155:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 155.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
GB 172.217.169.46:443 redirector.gvt1.com udp
US 8.8.8.8:53 r1---sn-aigzrnsr.gvt1.com udp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com tcp
GB 74.125.175.38:443 r1---sn-aigzrnsr.gvt1.com udp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com tcp
GB 216.58.201.110:443 encrypted-tbn0.gstatic.com udp
GB 142.250.187.202:443 waa-pa.clients6.google.com udp
US 185.199.110.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
N/A 127.0.0.1:53815 tcp
US 208.83.223.34:80 tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 api.github.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
BO 200.87.164.69:9999 tcp
GB 142.250.200.46:80 google.com tcp
BO 200.87.164.69:9999 tcp
GB 142.250.200.46:80 google.com tcp
NL 194.109.206.212:443 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 github.com udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
BO 200.119.204.12:9999 tcp
BO 200.119.204.12:9999 tcp
GB 20.26.156.210:443 api.github.com tcp
BO 190.186.45.170:9999 tcp
BO 190.186.45.170:9999 tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp

Files

memory/4800-0-0x0000000000A70000-0x0000000000A9A000-memory.dmp

\??\pipe\crashpad_428_MEADJGDIJZYPRYRH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 967a3c7c1afa2187a9a57e9d290a9d64
SHA1 25f13d7a764deafdbe601496708b3f576a1f1c3c
SHA256 fb153dd5c5cf8b05502d51a3b3805408d247b5758e6b85df21d17da57726b526
SHA512 adc73f4e8ba861ac8ecb842ae49695a8925daadaacfa3c1ff5972c6f5702bff8c469f3e12560f6bf1b05ceca736fd2ad867be607b726a95ff3745d9c6901fe3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 488fac79625f47706ea0dd87589ebcea
SHA1 8ca516953a4ba18a3356db3affe235a5b6e5d414
SHA256 3770b3908b93a9772c13ad2a93a19f36a106f32e9634ae6b71ccd6fd4d6b4e69
SHA512 4e3a3ed70488a728a8a6e62b9b2c173eeadb59dcbb27d72aa888c0a82af4199568a43f62da17ec465e39c70205bd9dd18e666d9feca0655924fb33878a5b0b42

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e1e91a2e38dca0fd959e3df9e3af329
SHA1 f3a259413c28104025631bc27392a46a162352b2
SHA256 514050c95390f6e118e9061ef9b14224131f01b3e0fbb019e8d91a4aee1e8f32
SHA512 e557384bac78ab2462f62b818daeafed50ec9bb93b955223acc93eec8b8a74c2dc54647f513b253ecddae261e2b242ee628f5ccc25f326ad0996a21e3bc4a338

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7bea4bcab92c971b09cacd91585b424a
SHA1 011663f83509dc3783ae915635f1c697b74b0361
SHA256 e6f1188d92c0da67ac2c1cddfbceed645ba1d596516526e2a2d03cd5fb3e153f
SHA512 835f8cda208e9b89cc1845c666298d7c75a8bf29b47bd871c003ca3f57ef71dc48f05606022b270cfd54555aabb4ae832c0c5e9f0ad24d7345cfc94d0b5eadff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ddf74eb5cf11a3436fe2833bf21ede45
SHA1 b815d2ae20aafd12daa7249bee6dd3c2e1861340
SHA256 aedc5e808b43f613ef61ac86a621abec289d8941ff03d86f8d7752004ea0c10a
SHA512 b31fbe26f1bca0af5759036fc32017b057ea959308642c4aa8c0a923cd0c59fe6c037bd12ae25c14321df196824ad2f8a72576e3a4830a401188f24ce5a0667e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bfd7bd0914c69d6b58a2035e3282a614
SHA1 fe68b5b706f3a50e9ed46cd189181011b3170869
SHA256 51c6b6c9cbccdb00270f9b3f28d513ad91237a375b11a4deabaab14abc5b889c
SHA512 291af9876e25d85fedb6d5bc5957f72345fdfc11a5a651fc1d71c8b92235bf3908a1aed15498efb638cf66eabca12ebe7344b0bdf02df4b493cf79d1b6aa11ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6dabc8ec7cd042ab679e427e1fa0bbf1
SHA1 f32abc69c813147adeaac30e9ed778b32d92525f
SHA256 beaa5ae8d08c884e89c4eba4add30d84f87bc82b13f513c7f64576de8c189d0a
SHA512 b13f83a7be5db1faaaa49052bd52ee80c2292491809a7e1349ad4d2024e53cf16be62a909fc9e8f5bf76d4e9965e0bdb8f0cc25347f2945f5076f0ec254fef75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e6b5a3646ab9e0f706b9de4117c7c792
SHA1 abaa551e260e2cfb40328be1f5854f0e2d94ef6c
SHA256 dec2416361283d11ceb2af1fe6e6edbc39187f48b1f6538c01f07f1b92e72526
SHA512 c6a645e37a4772ad6064276c2ee687148600dfe92fe5d68f66b59b045a579e5e42e6e54ce6d4a47edda1884ae47cf7af981f7f69f7a75511b0282d946d5c7ef9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 883a7eface5351a36612593c6bfbfa87
SHA1 650988a9b062b7b07a295e14a4408f2be7120e85
SHA256 cbb9f41735b45b0603935ead275df12704cb1050ae47b6ef793d7d041d086dca
SHA512 17934f2e142dc9cc7bdc7497af28a1bfcc43f48215c3fe3988c9eed14cedd6803f9232bfa479f08b2b4aa2ca28905714e6e95f430875cb0674be9d0788302f2c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 481641029e2c0eb69ab54d7e7e5c0251
SHA1 c0d4f959164b0bc0013f125d10910d941262ff8d
SHA256 8a97ba5494ce1fbe1ac95fd8221df48c4f79cba49640c2d3828cd8d3684d3621
SHA512 c63e004af61f91788799b3c455e9fbe1649ea23ce525ca378fe574af74e6cb674aa8865026e2f695ccb786b463a7e46410955bd3411629d36d674d25fe0d5440

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 540791153b9642101bc7154e5b9d4b8c
SHA1 0401118eb0719c1c00bbfaa7a424a5c6e092ed56
SHA256 cc1b20599671c6b6a16ea4047def93248d93531c9236c9bc747b9404dc278a99
SHA512 520d6b380828ca43bf3b6cfea115e432bb73993e337a3b1cffe4295e4b24319bd43586f798a10f2d485ffd06d2750986cd08776f11c04ea896e56a0791aca327

C:\Users\Admin\Downloads\86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip

MD5 57b74cedb501ecda4ffa647d051ed167
SHA1 f04fd9bfb224664060245934305bec4ce2d26ce7
SHA256 c3ae24dd6b0e570611ea13b4f24e3b50ce0c6906c9ce3ba72105e4c91a660b1c
SHA512 eaaea014ca91d459a89a6f1544617f3cf3801521187fe757b08144125fe02ecd880e03726b28e32139bb752dbd52ec4133f707bb8c84e8a9ad26da54353a4d6f

C:\Users\Admin\Downloads\86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44f0bf9af385f6caeed772161d1db3e7
SHA1 6d36d3f30e976a7fee0ef74981e2df7a1307a8ad
SHA256 ab6c209cf8ddf85f8bc7027ec5a50dc8c74ae124f4c604dd1b746139795b6510
SHA512 12907bfd4dd29de6618fbd2c3b670b607462f1a1e675725fbdc511d21cecf1c1d09ac2f5dcb03d52a30d957bc2641c46bcb33c6a9741e556b3548cfbbc7d628c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f77e75f4d12382cd3c2d569d2c00e9e0
SHA1 d60971eb3ccb09eef1e0f60d1ff256fdee306900
SHA256 a4d6bb0b3a8c52113ecbfd1d5da695eee0149f9256364527fff23f38404e4959
SHA512 b01d3c45a7077545746a9aada1d10665aa48def5decca99d330ff82e3c4b8da09bb033e955eaf7b328344783819bee0c5836864d814e6bf5f0c9aea99ecf8e7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1824166ae27a90fa5c80cbe9c770cd7a
SHA1 ff2f101e9a7878ed2ddd3fcac1d74ce865310fd4
SHA256 53a851941d9eaf9fbbd74cd09b000e1e37cfd842b71627806da29120f7d3a4e0
SHA512 fdaf628a86fc714909efe68c860cdc0e6ec10391d8ab1997b077d3d9fdf223abaaf8b2d0e9582563fcda819898bd47d499dd226ba2034c2975f8c8502b025a11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e69cb93741db52d44d6366c14fe35369
SHA1 7c73da023485924672d9ac865be572d227f3dd78
SHA256 50d06f93fd57a16c1585114f826c2d9af1c7fbef80724cecfac0b1a50c95c057
SHA512 6e674581016aae34ef7abf4cba779c71a28ec7ca3eba7cea8f210fa5b027520acd5f19b38f4009a48da42700ce090e0737dd1a5a26f338982518c35ef573de9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9e1e26a442953522de75270f20bf1b19
SHA1 2006879645f3e3a571c1d3e0e777073aa4c8b702
SHA256 3bcf2e235aff9945a801949781009ba33d925c9bca547a62f661b82d4a8ecbab
SHA512 1141ea134e4b630c4818a72ecd0e709824576e4156f701b89c72221db0e6747936d12815a8566a5ed81d533f4aa3e376c1fa9819ba1d9207db5d1604e0f37877

C:\Users\Admin\Downloads\smb-z7uhqxx6.zip

MD5 e3c77aa32b15dd325a1399fbaa3b2217
SHA1 6865c0aea8cb8a3a9e86d5ae6834954ec59a1a41
SHA256 8125b8dfffa9e21b8dce873b091fec82505458951cdb7d0fe35e4a42e97d9e68
SHA512 04abe2165e026da8bc4d630f0fefd79745f64791cfc43e4e639e2813e83bdf79de1cabeb12374d2b250e91d9dfb631513fa8af5124b3a24e97df1bfaf1fe21ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9f805a281980564b0058377d23c6fdc3
SHA1 b86ee622133bc07e5c22dd1907e74668f3fcf7b1
SHA256 2bd09b52499678f7fc7435a7bc2adff9083b134b3bfa18da7550c451aff7fb4f
SHA512 a9432c6d5f77e86cc76ee72d2fc2793bf13596b174a400eb4d62d21c7f76cb92158f518511f8f29db6803a56f8e4b5354c9c2a6d5d62900f0b6878d6d50cb9db

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 eae62ab9dd6ede1920345a088ca770da
SHA1 7c2bcdad9a4d71ec7c48c140f1a3b8b334e9b1c5
SHA256 e501ce8b5a35aa1bb4a387a341a2c581d8263d8f2ed280fe8f8e0bb481be70f7
SHA512 1e280a4c178c35396cf1dabbea7e09b507948455781f970af636903105bbeeaebf78013202a810fa87d1ff7e2df2323222e03618d6cb66001c7893228346da0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f0d5f71d0ba27afd76782d3f1427a009
SHA1 a87358a6be0d1a4d31d7922fe116334a55a8b765
SHA256 4ed4423afba51c000512b89547ddcc8e3c78a4205d7763af5d9ab04fee18dc4d
SHA512 2bc3e3c44a5c54011ec19fdc1cbbdb874a7a7a6f9c2a574f95cc71094ec1b86fc03ec2491fa6f531cee63fee78c1146b2d9da9042d3dc02477d5c577a099f442

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04d58ad81a6cf4cad232d57672e5db68
SHA1 d6fe9f0b40215b984fff1354b8a55f05a1396d33
SHA256 94bf8fd766bcc9a8c54a7413da2dcf4ad8a56881e3065e7225dc003ce446af5d
SHA512 15cbd46ba1fb752a25e22921b86e03ade284c2fac129d4c46f1c835c8d9993dc660906d3bc0ac2b4a42c9b7e86f9a35190d3bb33d5e66ad615af4b8d963885e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a008a4e91d5eca77b9dbf5b51ab58302
SHA1 375ddc613b10b874f86b1662503b312e76010bc7
SHA256 8e21a05b6f0dbd690e6532635debb3880887651864d47be00202b1f390d4a4ea
SHA512 e931bbc18f55a8b2c7dff5394a734393444ffecdc03122c274e56c67cf6e3b85089f52a2135ea3bf01657fa3539f26fb1d889c775d82ec71946fed5a4297c042

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cf9791b9ae8db681fc464324c09a6720
SHA1 03fc43e02850afeff13dc9ca16f41cb25ccb4e10
SHA256 c3c58a826d157e76e166be3555dd377901cf0273f014156d667a44e0b7647d44
SHA512 654f4eda03139dfc3eb3dcab02055fb3deabca70c54b34de03919345476fd0bb615b88a923c864e90d149fbc0f01d3e8fff0d5a8c31b2d08c9ca28146226b026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d823687574fb5180e465be803a7f68af
SHA1 3232adfc6f9e902eb13176b9515f32b2bd34a9ea
SHA256 2dbe2ca5da55a9b7058b302786d48ae078ce3e044705bf82a4f622e90e948c86
SHA512 8108079fb36bfc4612feafdfe5553c5d4e485c34bf2249cfaeb1c55c552d915899a7fa36e87f4e6ce1daa933752a1ddd189f20a9f5260b45ee8d1ce5e3c2c61a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 32be658d9da38ad19ecfac26a1bfb521
SHA1 47396dbb6192d8d9259a8bc93adc1f8defef660b
SHA256 36a80599f0abb050cf8263b2f53246e80781421741e8bfbd920ef290fcd5f385
SHA512 2cfc02fff14cce79d88c8d62b754bd2641092556da1783dca5a211792dbe4eaeda4996257f71713d6a2cd8ab3740fd4c70bf8e081250ebb879bd96a8f91858ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fb8e0c9ce4e1e9f821ca26f8615df808
SHA1 e822851127d9df7ead7203203098a9ef51aed16a
SHA256 7d226edff3acce657fec34d533497e7f640b72a7b75047d462bbed53f4c7493f
SHA512 fdcd3a1b2febb3034278b03751ad99337f3a7e8c0479f1e50b7977bfaa4c7bf5f8526573bf800744e67536451ff23e7d7d101dd7399ad16ae865cc2cac33ce4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 628ba8d31375849e0943894669cd033c
SHA1 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1
SHA256 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6
SHA512 d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 669b1563b95fce26d9ddc3c7e9bdc538
SHA1 275e4ae2606a0da908003b77ea06b24ea8b66214
SHA256 d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667
SHA512 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

MD5 18afd1da750d6447a8954b3e2e0c446e
SHA1 f8c8a7cbf81af5c9de298e031dfd69c1ec836f81
SHA256 446938498d26217dd63160bcd02aa1ee15e7fa76b8f0902b459ec6db609d1cc7
SHA512 a033fcfacf5f9f74ce8a02ffb6adc4766fbfe1d25f86ee4afc54c5f3ca1ea9655d65f6c29c67e7a86ef28edca1e8b2fcaa362730e8a6bedbdd8a16b52142dfb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

MD5 01088b35a7144b96e1c65db9ecf5aeab
SHA1 3d5b4a4fafdc3867adca4a4a640d6296bba06f82
SHA256 66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f
SHA512 bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

MD5 8fcb818bc23425964d10ac53464bf075
SHA1 396f40d25a7d38eed9730d97177cd0362f5af5d7
SHA256 8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7
SHA512 6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

MD5 f817e737bd803df8a4f12c1937ab0d51
SHA1 24e172cdf9d4b77b0cb4c271aed4a7c9eba98fc9
SHA256 17b0202476b336c41e4108aa245ac863c3e19ef8c5e430fe112a0900f0a18802
SHA512 d417d62e0fdcdfa883d4ffb317546e7ac5258aac538cbfad4eb111b134839750a65c55b5230507ff6912ffd272c0eb6317bcdd95c38cfb81c63b8e85b1359346

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

MD5 f31a1ab9f483d9db21349522e39dd16e
SHA1 01a275d7fc1c4f578fa506c8e0bf9b7787dd4806
SHA256 463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d
SHA512 cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

MD5 8680ad8cc782b74ee7a15f0a042c76f1
SHA1 ec430c456dedd9a2360703a826491fcd69f6dd8b
SHA256 af745264049ea73c66c1dc7783e59fcfe94c0506337867380ae638e694cfe5e7
SHA512 7869afe9f737bc31a9c33b03014f4d5239cc48a798deabc0fdc835fd6736a99b17d181e57866ac960bbdb0d1e3e8610cf97bb01762435d8808ca56f1e74dc2be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1bcdd8449e6333b0d3fd654a5e97233e
SHA1 02561fb22bf6a7786678f4fde0ccb6be087f4042
SHA256 a3781314f531f6fe44ead7821e8188e80bcda71e7e43a04201517ceb81bcd6b6
SHA512 3fbcd13ebad8d8f41cbf9d4aeace339f5d6fcc60e0ceaa4149c87118ce6fe8ede77c61d52090bf533acbc2b49ce5128078d41c2cd57c5dba04bc4a13c02da982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c98b3e64925a46b9_0

MD5 90387106cd77c400a215fefc04f3c8f2
SHA1 48743df5ed243f12612a9e39167e09e5dbba0fb6
SHA256 2076c6c0d125302acd4f2c7bd32ff8704e7bac97cfc5b49bd7d039ebe5f31014
SHA512 a6f1b5749039fb656bd34e3be5e704e43283d2db5ac3915a93ca75cbe23f64ce90c39e728fad1cc2277e28c3d29a0ed9aacbc5e51600a37b8e574bf66d04b7f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d1720df62d8bfab_0

MD5 617f92773177c91f7394621ab99ca093
SHA1 3112fa1f0cb9751f810e19c8ed30d347b8bdb6a8
SHA256 5de2b86e1f04fb1eb0de544b99f80eaa1050381f92f38f82cbb6f6e05856fdaa
SHA512 eee5e0bd4f6030e0f52d4423b3cefec431d046db8dc3139aa6aee49688ffeda10e59bb46f3b19400ce796021d60fe675adb3f42235c5e080ee14a9c58dc5e04c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a3f0ea67760a2a4d8699810de4e6fbac
SHA1 4b2fdfb19e07ddb99980af537f81b99bcfd7f5e3
SHA256 9e8229a91685ee4ee3b59126777d39f71f86400ced0388e264298ef96e06ced3
SHA512 e771f236eebdc3e8ef60bd38bf5bd79231c5201fd02f350c616f71328f2a4124b043b4da33e3a290ecd6382745a950640eb2ecfd568ca969944efab480b973a5

C:\Users\Admin\Downloads\Ransomware.RedBoot.zip

MD5 51250dabf7df7832640e4a680676cb46
SHA1 74ba41bb17af6e5638171f7a6d9d49e978d8d3b3
SHA256 7fa2bf61405ac573a21334e34bf713dcb5d1fc0c72674e6cebc48d33a4a14d44
SHA512 43f898d7e5752312a79138dcce94c117a20fb6efd9e522fc1ed3cc2d407d13cacf5b6f810c7c1966c4c03217aeb51fce641feb31b26620ff239756132b17f57a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b987ec2314194c605f9877aeb3dde5a7
SHA1 f849c811d7ff727f9867f657376c0de0be1aef94
SHA256 75d2dae05eb65aed59366ac7442ec230519147303fc667b14989a37345091e30
SHA512 e3b395f62fd671dc009d58ebf3293977d9d61f7fab23dcf1427b427257a3bb485aeeb7dd79947ca54c3f95bb841d8f2fe881cd1bcb7a1a0220b9d2ff6101aa6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f7b5a0776bdf9771b61e68c7a92d35fc
SHA1 6a525265cfe69feca59d9cd0f61b103685d75346
SHA256 1d49c0acf4898341029f4a6f378b791ba5ee325916c42165bd158e573e4090b2
SHA512 9a666d6b6fb1e327503b68e371a2370aa8f8be16ca1bb691b92de670509a013bb78f3f3e7dcdf5aa60adf984101f12939a41a1c427441ddac432711ebc02d0de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bf5944af560dbc7431646d09e148a5ea
SHA1 e606ea28bd2dee2980a6f112ee91ccd06ce2e05f
SHA256 e75ff66542d9ead3464b3e940c29151457767deaa00edb1a7209c70268527aaf
SHA512 03a70267b72558340654c079a275511e9d2ecffe3eec1fc40bab084e46c24235ddb5f706ccc5af8bb65a94dd3a2b56b6352e4784b68be79238613cfa44de7180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c9329d76a4b523adecd0df757bc5ad29
SHA1 a223b853d9bb7aaacff30827804823e8fc1ad30f
SHA256 b86b7a42086033ea2a1efd181cf1dca87c0ff9f65157c2b893df5472f55f4d77
SHA512 d7f025fab17d938edd42a8704353e38cf0a1c122f09a837ba572f2d4110481f4e5038f06d6830dfab2fdc19d873c9a193b6199270a760b683664ffb4f495c118

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4e1dfec5843a20eb8e4907caf121e51
SHA1 96443e2594446260747cb3ffd0be5507213a8ecd
SHA256 b83d710f2dc7268291ec40d3ce163bdd53d3c53fdcd51293598ff478ea89d996
SHA512 ad48b0c874b866eb1c6085c4afa9beefe17758d5c9cf1d3fdf851989ab9f029686a3e0b691855f389149bfd32366324187ab79d0fa2d81414278407af29b4d14

C:\Users\Admin\Downloads\Ransomware.TeslaCrypt.zip

MD5 f755a44bbb97e9ba70bf38f1bdc67722
SHA1 f70331eb64fd893047f263623ffb1e74e6fe4187
SHA256 3b246faa7e4b2a8550aa619f4da893db83721aacf62b46e5863644a5249aa87e
SHA512 f8ce666ae273e6c5cd57447189a8cf0e53c7704cf269fa120068f21e6faf6c89e2e75f37aee43cac83f4534790c5c6f1827621684034ef3eb7e94d7ee1ac365e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 829e482a38bbfea50030617e7d05dc66
SHA1 1a5e78d2b33035ae153dc71a79a8e341780c7aec
SHA256 9e871d24a4fb64276d5a8865a9e9df0dcffa6124cd4f67c20010384037168093
SHA512 a93c1771de0965da2934be40adf2694da02d1f449896f98ba49b577cb8df77333abc03f0280d79002d11290e54550ac245f84b72480fb78ad1d24a02208a02bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 addbca38cdc77c27f40b78c923b3ff04
SHA1 e0caeabbf63aed8deddbe091899236cabcf4aaf5
SHA256 477786215bb76e3ded82ca55fcc14e09ba0c025b53bea05cc76debf06e0f95c2
SHA512 07c728eb08cc9c2ef6c01700b65060a9852a387b51430bce929ee3874c30dad8b05e0db047b24515c57060e94d80de68819e28a82896f3a7460ddcf24ff21c70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fdf130ef4924a3866f809aad1500a1aa
SHA1 1e8dff9b87490ee640f50db054e3f1719ba03c91
SHA256 7278c2d8c14929d1f50771bc54580f318aa3ad8e6a05796a0006599c6f2b7546
SHA512 8af3e5c685c0b4c96aa0f20dbc1e7b11319308003071a0c51cf76ecb2b5b525577609acd33892ea4fc418906e4a12567cc903aa1cbf567377be3e9b7e27d497e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c95a3f26c76f6040edfc956369608065
SHA1 0fa5f188599286371e4ee26fef6e081e0ccbcc4c
SHA256 015736b2370c188f1160b548b5f7ab3f31a649de8bcc36fb73c973e053ee33b4
SHA512 e8d04b11d5286ca2d38f615fef54c9ebea8ec5b276a9c0b034d62ec5ca0948e5b9d679c95927b0346dca88a1146cf23eb2a32d98abce0ebbc95c59ce1940ebe0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 5ed224ab8fd9cacd242c8089afef7882
SHA1 f67b3977b7c96feca299d0bbaee81ec5341a324c
SHA256 df47c0172fd9f0d49a15495fd0ddaa36e884a37be51f6dc392a0346e8300d33c
SHA512 d58127ac24c04ade7e261c8160b4a42f5ec919b11b05b2e7b98627026bea1f3c5209da4b95b7400a658954b18d4202427131e4d6f738ed2350a911a4efc542ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 abdf0b9a89ff323c09bdad98a6cff41b
SHA1 ab29fc25543f0004a133a8e3e4fe29201c33ff40
SHA256 6a32a827b465e7975b45d0528d3e482523a686f6df4da09f733c94808946d189
SHA512 885f90f9dfcf2ccb12a5d6641490463d6da0f7068037bae6668a79b28b33d3aac19b0bc79190108fbad8408fc9a14a6900500bb527a641cdfa511bc2b60dfef6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ab3617095c7b6d10_0

MD5 6d01c2f1dcc50eaeffa361965a6b609b
SHA1 5c428add73db103b17f90594e69d7858fd5291ab
SHA256 7c457ac4e62dbd9aaf7d0b1856675de4b7b5c430e2267618fd427fc260f50dc9
SHA512 cdeaea987e0fe3123e536c9a441913e634cd685bd6ca37f066a1bf089b139d7c2099f93470f59d69ae76452dfc37345bf72741b5921f769569920b4af03f290d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ac1f7dcf2bea264_0

MD5 1bb6c9b53fe27b02d9bdd6b21b16a304
SHA1 6094d9ac408c9a5f90a6cd91138c33da9ab1d4d0
SHA256 f16a94b49bb5cace9bc8ac198bf5b3dadb177f9ece8e2e9a42331df8a9510e51
SHA512 b9c7ce966936ba18c1a624e7904e681049b9c0de3971a78832b22a464cb26574b605fbbf672b668d8aae1a79b2cdcf7d20faf1110bd4fea216ed911fd9d8018c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a58397873cfc208_0

MD5 3c587e96d68751e924884975f0033974
SHA1 c8c7014ed2309f595bb939c52a449390e9e2d23c
SHA256 c4d669d0f9b0f0953a615d795baa65978bfe88c2300f01c95b8e046436e28081
SHA512 6032f2f413143543f94a5a96befb917e9dbd1b8e0b227e96ad0cb6280b14ca10c65af60684e11c37c08595e2e0b1fc1a4380bb7a7ba98a9ef3034d5e4c63611e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b569aefc09088b45_0

MD5 743c6c5d96ece5c6f7212dc67db895dc
SHA1 18773386f1374a7efd5efce2d19b1660bff7596b
SHA256 41939207f59eb71b9f2c981461766dc87b34ccdd0c0fb501afbea3b9c6a5c686
SHA512 9120c9d242ad1771bf92ab340140d2d62ff52f89e508c03a8a3f76f6a66f58f88651196a3745488a5d48c5396573ead0de63f5de3c371705a569e78842d5e3c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54d038a883eb59dd_0

MD5 c82bf39a0edd2916552691853e7eba87
SHA1 290772e7150924d5acb63185f8e03c715daeaa26
SHA256 f7e2f3dc01ce331393cb38c50ba6e01a5fa6aed92ae8693c88f8150b35d75c91
SHA512 69232a3974c3fb0ef6b3faa29876bb239bb9f24c7cbff978c8a29ff831376ff6f38de6561e3df77acc07118fb8f6623fa0fffb0d7822209bd66c19732f03fcbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ea1d72338bd933a_0

MD5 c1a500245fbc0aca72f02df62c467187
SHA1 be9a3795429b5c9610f5242f88315514e0fa9e3c
SHA256 4b6e3298a34c0a2635a85e096c222e9393a0f66d5954f92aa1d5d97e8808121e
SHA512 08394ee0fb0a4fc80d43220b07afc3cbfa30c76d9fc14a85f6e5c9c58a62e2056687d2fde365fb1ccf96c4594b34a4b07715c1a5b7f2759ee63f985db7b82c65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c62bf1d64a9ae01_0

MD5 e69cc6f8c79801e13fa25bc87fe3c365
SHA1 023518da17baa421ed3cf36f0a1ef3e265724ad6
SHA256 24e8603f0640442de603b14bd8bc2e8decf82681818680426289937f7f8a5757
SHA512 b4539bdec140cd9bb3c3b520ecdf75d16c82bf5ff184bf2297a586d43f5f4b5e743934879fb63b040a5b458104e8adb0478860472e434a59609d1dda08ea48f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d97446d89de2b5c4_0

MD5 87a3358d770ae33d10d5cb18bd55ce95
SHA1 2f60fbaf5b7bad36d3016c6486cdc76e4e494b61
SHA256 baf02d0590594619e55bdb02b42cc6fea1a60b7341b03457538fee38ca2f0023
SHA512 e807f04910404780cc405bb49a739c5ab4e14cbf0a415513b84ac4794fcd6d52cdb4e553983e73edea6d5b813d2ee17df5a9a3c29da5c58ed801890dc8ef2bf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ea0651ac727e1903_0

MD5 b724169938f83b691874345ac354301a
SHA1 1ddd5bce130e3f81d5e21365b4ada08b8cd9b81f
SHA256 0665c35ab4ce9bccbcacc4df0cccb7cbe4efcc8e5384a2497d2292d15ba540a4
SHA512 446e7d5a3ab80979c662b79057ca6d98cf4b18ad5549ab85ba8ec2f743d5e868a5ccb92a92fb60485942f1dc3e1d5a9efdfd9239d57ddafe7ca2e5237e1812bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd1bc9ac805f6db7_0

MD5 da785152300c88e6766b8eb83abf9941
SHA1 f6372d540be2bdce477d2b3d1dc439fc240d3f53
SHA256 a3cffdf0e346b2ab59441e60da6531f8a0dbbbea0b8beb05edf534cf51d00694
SHA512 ea951398e63a13df2e611f997cc104a94649a129f96a9c05eb721ca60374a184e9f4d8127d7e1b7bf8beb5396e22a176e9ed62478df961d2302610ab2b8ade1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e9bf643e30184d46_0

MD5 a52e10f4445b196fc09ef258d10b02ba
SHA1 f9de9bd1e0719983a9195d23addc18d4a192a2eb
SHA256 b5fdfc348747ecec4d94c0083e5ecad7f226e364861ee9220654bbcd60907bfa
SHA512 3ae71b0f12ded435cf5c8980b8ea820ed30f18b132a694e7b59f2e4be1560ad6be953cfcd04ecf372499498152d101168e331060866263acdcdb994454b667d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08cd4f688689d170_0

MD5 1d878a9c26e5551982f8591ab18951f9
SHA1 bc4346d527438ebac16ba4985774e764e66ded01
SHA256 87b3ff29c1d7c6600cbfea0cc190d8b81d799261739ca7504f269d9246697d34
SHA512 3efeab0daf89b1aadd4aa80ab480ade057a9bcabb0bb600d82abfc7773607afec50b19c2539016bdebdd39ce99cf0d0d3c0cd4e2069cef0283b05a7e7fde96b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5c0b0d2ff0cad95_0

MD5 121b896bdf67d93fd82708540a62b0ea
SHA1 3dd5e01925a6c503eee56b8b0df75e0ec0af2f91
SHA256 febea6681e31de1cf1a3d36b6ceca2354ae9ef9bc9d45499c4ab9bbe5b819c1d
SHA512 621a26e0901143c7242ae94f6047d7e09884bd83e1ac0cdffac060a30c991d8422e9c42c57b94054d1b9d7b526516f549af58085ad8191f606d8903d3da29dc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d41d72932ed3edb_0

MD5 c04abd1397e12e30cf7de874757f2372
SHA1 7fcbfddfcc07c7546d9110a7bba5317b975c0c71
SHA256 36969b7e1cfca548f1a24c7ba2dcfe8c5edceb1d943b0a65ed41a8a81b50b5eb
SHA512 35e2e012e13b11ba0ca9831bfb09d878fa94bc88ad40ed957f28223e563e922381132144d12b72001641dc56526f77420fa175f14ab45c173dfdf57770fdb5fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 62932b138cd4edbb4334c66dbccd7d49
SHA1 eaf25ebc9bb2cafa5006ae22d1a3939fa687be35
SHA256 e0c4de7fbbbcceb6ef26e9ed13084bca3ee52208237f941931d5e77b99bc1823
SHA512 5338bde5e86129286e1f5baabe50175f18406913da59f277965d648e866b5a054977cc907a04714aaa99d5e7938ba29c994a1064da3566615afdef26a97f6ac4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52e9ddf82cc76531e606d26bad59c881
SHA1 0fa31ae0e72ef46bdf3f6dc1bf787027a4d36c24
SHA256 500d94d8465a5ab6cdae504ec494eb69c92f7397e2ee7b1b04ac11074a72b5a1
SHA512 37c790a25cfce70635994946400912ae69f68193707fa7b89c8e0ba4a92cd334e40c2847e5bb8ab6abcc36e08c57b6d0f517fc40a40697455c8d49415bc6dfc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d17cda7866ab0908fc03c122f1024371
SHA1 0004500410fa3a4c4cffc85de2c45a68e8448f66
SHA256 ecec04db38d4edf2b2388d5a89c6d984637e25f9e0df6110af69f25e3cc26ca8
SHA512 1124571591d3cce7c399324515a99ebf9ac8a1b29bc562e9dac8fc2ed004260e13aa03e2c4ad079eccfdfa733e50cb43e1931b6c18141f32be8b97d2d6f80fdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ffec49747856875f_0

MD5 6a493b7074f7416bfa3763b809203885
SHA1 d255910a5b970f224430ea409bf7cbee754e0989
SHA256 06fa78a0198ecacde102e29ebd865b28d1e33b8e20530e016fc9eacf476729db
SHA512 934798f6e6413165d30ac54eb389b27b3933876935847fb2c844d123d9813a7509c56a68ca4e74df216d5a320a9354e7c18b432619feedffda1e5f31041cbb49

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c81e4900073e0500_0

MD5 9ccad4a554bd1f09557e7cff8e59fe77
SHA1 a3e320da7ae52d81f43867c4dc02d7c952c0b611
SHA256 301e30ed0ff3b63bba2c1fffc12445d8adebeed3b868faa7ebcf9e0301bb12c8
SHA512 58639105d998055b12d4fe42a5d444a32b9c6ba882b8d84821f129a9485d031540ee423780e93e13f02fad8815721362386c8ea658cea5778fe70b6d551b6402

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d75c19266fa41f9_0

MD5 172156f3b2762543648be528b9406e17
SHA1 9010641729ef2e29c082d17194107168913606a5
SHA256 a11a935a6f11faa18ce94e46f085fe452345ff4a14c3d472cd5777d831f3c465
SHA512 d65865b6db8c576316647bc8abaf67208e8f48007484435c3f39b9a516a6f2c5b8e9a17178fbe501a79587d15510fa5331d75bb6649c8e5c2f7f4ec983f31330

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d30f03f86919b101f66f8d4893f7c107
SHA1 7e9bc04b3edc5d4c54d3c45b3edf2d804656cd41
SHA256 7c3c6c0e1d301ea5cfc9c83bc23532078ca6c63a7bd0ca1b048fe6044986587d
SHA512 952dfdbcc752b737b3cd6f66f0d70a1b934af86dd66c2a56201bbe029bb11d8669c978d1e30ec7220f1bc93158f9f6cc0f49aa6d0d83be482db3da83e7070718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 316a251124650dbf29cb85b08ac7ff1d
SHA1 08fe069c01d1180273db735d6d7f31eea90c48c5
SHA256 3a5cd4da48541aada536a789da892b09732501040382a62601828970e1c56288
SHA512 4eb7dab111cb40dc21efffc8a0d8ff2d76da25d418951673acdf9d5a92a814d25b09c0aff6a38e458a08877e4742ab86b1a2809464def067b4414567fd32c166

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 cd37d67337081cbee70ca3b9658dd4c8
SHA1 352a5d6f4bc5057ff1c43a76f7c3353a47280ae5
SHA256 d39a8aefa6b964df2f974aa60f2cb7f60a2e3caee10cd53127b159bdde4f5613
SHA512 762bb69412f8e1142b1a50fc790bd9f277639a04391764fddd53b1243888e88059ebdece7533147ce8aaccb94c0e433dbd7ef0288e5ab70baad9335ae0a8f278

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 04f358b340b5082942cfbb2b8ab687c8
SHA1 b5b3f08dd862fc29625b3fea44ca68814a908c13
SHA256 a27137fde4ad991a6dd6e6ec5ce37529672fdc6e9ba919b997cf1bd9dfc7a94f
SHA512 adeba01395e7432ac0b9e0e37a5eaf26c10ba5769f681eaa400e3cd802c828cb256650f57d00fa21fd88f29454cd48018a741354d9e4bf6874d075b33832667d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1745c43ad025c4c4_0

MD5 683deefebe61eeb075e42e09662a2ea0
SHA1 0cf5b9ff875a44d605364fd4ce973a68120dc9cf
SHA256 d7fe7e08ac13dc2f05097054583befd5ff6e9c3983aad7cb859a6fee1a9714d9
SHA512 28f1ab708a248be62583960c9eb056718ee2841905b506b118a40d7251ab909922eb256c4aa54fd19ab8ab2ce3ddec47fca38dc56545b438900b0a2d845cfb56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 332e983e8d5839b54e4f57b63c8e0a69
SHA1 f074d646f6947f7b30180c45204961331341b79d
SHA256 5550e6938f4aa403a7ba4e7fb02943dab9b7ad4b097179c750e7a5229309714f
SHA512 91d716f510604d7687017e8055cca225fd0fe06b70114680d377b1e9dbf479a0c673362300049dfa2f23fa2066374bd7c3d2fcb3bd834c91e3b56ff386cd7678

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b4099e3d4186d74323a0564dd6bf05f2
SHA1 40492b3b0889368e7dddd6ff237c0530cb793e5c
SHA256 861be27e44799cbf7cbca8c7ad252a9bfecf66291dff278cc550507581469590
SHA512 960f60710d84a207470b3f5c596246bf5cee2239487a78aa978b69fd5ad73bf3458dd239e5a7aac406279fe365dde3367d8088b7f0c8c3ef94483e4ba31110e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9835b699-28d4-44db-9b09-1f7cefc7674b\0

MD5 b7168ad00de75d915d8f190fd2fc7f50
SHA1 9649120c0ac38df2b6de2311615a42af3c0f74c0
SHA256 2e06212485cba108f8fa800cfe0d489ff7268dfacd8f6c44859275024992b383
SHA512 c1df45cfa0deb0d4c8fce391a1f8fd8e0ffa0d1f6e3181919ce05d6242460d64f67d494776bbfbb8df8aef5d3f1bd4a6e13b3450c143bd68b7a8773b2e77f042

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6a136dbd8365a15e9d84877edd9e2d32
SHA1 a978819b5f6a3e2e28150b9b9575cfe53a94865c
SHA256 fdf58601f314032c1977f9308ff82d71d0b4c5274b99d87e7a0188aa82788894
SHA512 3a1b1ee03f9f208a581184aaae49a3d3f3502f6fd5526b50f59ab4e01d3679d4c891a30beaf97c04d51c482583bc98f42d260a86c56ff3e1fd77da2395bc0e7d

C:\Users\Admin\Downloads\Unconfirmed 171600.crdownload

MD5 3d23be138a92d240705bafb560fe7641
SHA1 770848d7138aa024dbf62a55c8a683a811e12b0b
SHA256 0be2df522979f3742885ad87a3e7c1eb9994d79bd5be9c6dac18dc8ae0eaf691
SHA512 5a24d48525d6bdbc6c49cb08835f3e1bad6a6144282cf99f122a0c04a1765487de27ecfa13749f633a5d549800ee43246854d5762d0dadcb864ed5bac9f126c3

C:\Users\Admin\Downloads\Builder.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 059f04d3788ec09930077ce44251e2cd
SHA1 b895124b59af74b749f7b1c1f6943b00f4c3a774
SHA256 ffd906f7abc842a580c5bb7f43da15148ede23c99a2e61cd19a9b10d7da39a8b
SHA512 2b2a0dd5ed13d315539ec0488f224051b7aaaf20819ef558c5894d11662285b9aaa59cf7f08fe598dc79af2737e32de609e1379e1e5ad858f016e126fab69728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d35287a83288134b317a22689fe80f0c
SHA1 859c450b27ec98062df13d43ee65fdbd936c7597
SHA256 3991fee832e282342966131d082ff74bb8ddd255c0ed5257f7098ebdb4e795ce
SHA512 651af85b5e92f2764b0772def0133bc5011da1c0c7b9f7bb92d8ce78277b75c4a6ecda4d30e078fe38470a9aa54c2181d045acdf39224e8030448c8a8799309f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 573ca3a4ae9eaf95a682a47d44f43e4c
SHA1 aa6f5e196d018c86eed854cb123cde872911643f
SHA256 388d0654ee68b98de798cbff13eb1432bb8e05021f59e38b71b62a63d04597e7
SHA512 6d2740f5568260b4a44c21d94a6c31111c7d7ec53afa57965fdf30c3f3fe9e54b3b92807114217018ef5afb18c11705c5f00bf810639154290a2d7edfca50d66

C:\Users\Admin\AppData\Local\Temp\_MEI31442\pass.exe.manifest

MD5 87ce88a694ceb10ac42180572b356ab0
SHA1 9e8fdd1dfccbe4680a54df6cc70fe53edd2656d3
SHA256 b4e03b748be257feeebbc29e4ec915c3fad2c10cd55491b68645972b5a91c561
SHA512 e232914e6e2fef4d2ce6bbece4ccf4363e948dddb79d956d36d0ddf20971dc7af90302fbbab53cf52258467549bace3b6868b2015aa8da1cc2fc9be055e1edc2

C:\Users\Admin\AppData\Local\Temp\_MEI31442\python37.dll

MD5 62125a78b9be5ac58c3b55413f085028
SHA1 46c643f70dd3b3e82ab4a5d1bc979946039e35b2
SHA256 17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f
SHA512 e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4

C:\Users\Admin\AppData\Local\Temp\_MEI31442\VCRUNTIME140.dll

MD5 0e675d4a7a5b7ccd69013386793f68eb
SHA1 6e5821ddd8fea6681bda4448816f39984a33596b
SHA256 bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512 cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

C:\Users\Admin\AppData\Local\Temp\_MEI31442\_ctypes.pyd

MD5 2f21f50d2252e3083555a724ca57b71e
SHA1 49ec351d569a466284b8cc55ee9aeaf3fbf20099
SHA256 09887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce
SHA512 e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb

C:\Users\Admin\AppData\Local\Temp\_MEI31442\python3.dll

MD5 99dbd61e8f7f81818928207d8b1209ba
SHA1 bb299fa92c1f6bc73441f9d5aff7ca1243916104
SHA256 caea9ad7ed099acf1fb8e9481480def0ac0cabb9d368bb7043fcdf2e2829d121
SHA512 8a3c4331a016b68f3105c9a3b391e803b0f1d03e4c42c81e316a624133ac8ba5a13f919e5f1bca4a7ff661b411058cda950029f875416c7d946d468b0d38af5c

C:\Users\Admin\AppData\Local\Temp\_MEI31442\MSVCP140.dll

MD5 bcf85f55392240e2110b0608d0cef70a
SHA1 d8067ad8a9046eb34579b09d94cbfc4af13c1dfb
SHA256 85a415f7aa8a1e7d10e05e713c91a3aec9bf3f4c821eba10df2d20b1a02e3882
SHA512 f7491c089e0fe92515b6bdc4f0de0e9438bfa5ebbebaeba59ad5f214f95e5a853af53a53bd4b4b8e1ff2402599402f380feee7746fea83404e22c0de096a8b92

memory/3412-1503-0x00007FFE67B80000-0x00007FFE67DAC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI31442\Qt5Core.dll

MD5 a80f4b57820f780308b0ecffa1a30180
SHA1 cd74cbe9a6c27d932da28b89278bdb2996492c8e
SHA256 c11d06bc24f9f713fad6c0bbebd79ed279629e011d0fc70905daf59e8abaf630
SHA512 fb0ae80cbaa21e4c5e303ebe50ba56e383857bf665e3dfa89f1bae3a8d3a865a0f81b26c2645ec67e854f73d57cc44e16f2975daf2ef4d3514d59d3b017fe1e1

C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\QtCore.pyd

MD5 3a07596a0f2a9f59c1b721498dd988cd
SHA1 e7e01a0b8e70a4df5f589d65b41d7c34f62d706a
SHA256 3032ae31e92fadde157b77a47529f157a79dcaa3b18ef65d7c98722d552c7f48
SHA512 41dcfe2c946de4c3d5fbe4f152f204d9b8fde276ce38cb11a4ab3b2450fcce11645da109cae353aac19e3afeb8d96d8436ae2544387dcc5d50271709a7a3f555

C:\Users\Admin\AppData\Local\Temp\_MEI31442\base_library.zip

MD5 f4072ae533cd57507a8604de67b1c513
SHA1 8c3492c5da1a3320f54377ec9111d20e0fdfd424
SHA256 4b9fd10a57702913ca57a212e55ed118e96fb6fc16b96fec3617d1d73e60aafb
SHA512 aca0288d7df773cad87f25adcc159f8d5a03542ebbc7bb345b5396c15fae041aa7b043ff7e1069382c8fc6c5a1e0c78eba38361b5c06f1ce84ddf801c89a4069

C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\sip.pyd

MD5 67b3a6ee1fedfd798069f0f19a311f29
SHA1 54e214becebf31ad5bd50d2ff17f8ec47f89e752
SHA256 76d8bb25248d576b9e392f9f121f41d455695b666014929a71115dee7da57250
SHA512 800ed7b4d8bfbbf0a37cfd184ff4d220aa96d522a812a94ffff4d8f51242793ee2902f7f28131e5c707ade26d7ec10ea369aad6f29369b72b1c8c4a884235520

C:\Users\Admin\AppData\Local\Temp\_MEI31442\Qt5Gui.dll

MD5 3af67797dfc7eea99a336eaa50be472c
SHA1 36bcbe26800cc7dbf7a2a03dfa8c45a1375e3be1
SHA256 ebb2ab1de48dcbc1f23a94968453c8610ab79703829dd2a949e1242b6666d52f
SHA512 f5d1ccd5072b3a85dc37ba2ad248f80daad7c68a6fc84df8c8fd27d421de3996441fd843c03c6e38c72b4c646b099e424eaa9aef92c963bbf93b05e07676639c

C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\QtGui.pyd

MD5 ad0730befd2237bdb71d82f54a9d6e81
SHA1 0380b5ef9f4fb539fc4dc5fd580bf5354c5aa402
SHA256 94d397aa1b00f208a5c6168a03aaa077baed57f5887a29d2cad9a2468ba3fd34
SHA512 bcfc5947f3d7fb8df0255c0ccd95aa5c375a6083591da25ce7809721c8b36e11721a75baab0f98184e5a89b2f09387553853cfc5908f595662b8d910d3628bde

memory/3412-1512-0x00007FFE67380000-0x00007FFE675C1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\QtWidgets.pyd

MD5 7a2a43dc9476d28efb035e1fb2fa6f93
SHA1 a24cdf7e0851d89b77119cc810ea4cc4a51aa9d6
SHA256 61c26c22f8acc5c706e3611432a5f1be4c91a9a7f3efbf201627d0931549f0c0
SHA512 6f35734228dba885637e848c5b59561bcd0542fe4380eabfb6df3053a95a08437b69d9814a60a8d4f49208e5a0e23d710f8ed718eae0f7f878335c229ac8a462

C:\Users\Admin\AppData\Local\Temp\_MEI31442\Qt5Widgets.dll

MD5 518da42c3cbf41f54a47df3129c3f69f
SHA1 387a40ec9a7111fbb507d1efe6e985db8ae52bfa
SHA256 bd7040536cd1a5dbb22c6f20412390785349b900fee0599e271ffb90db2fb934
SHA512 aac1293c74857a5a2029b3d8c32a23dccda26865a018a3c2a8915af93da233ab85ea8401be99ec4709652934164fe973e933124b2f95b2c797bac5b554e0b342

memory/3412-1517-0x00007FFE66880000-0x00007FFE66D55000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI31442\_cffi_backend.cp37-win_amd64.pyd

MD5 178e59320ad837ee085b52f633eeae6e
SHA1 dffe0e46694a0e784bc41e4702ba306c53148363
SHA256 750f7b735e09feee3323db8e0f20b88d600f3155bea2124efeb52d998f43b565
SHA512 9604633e5b726c2cf7394684735b6d441eddb786cf863dbae89d2b16b642d6f7f23fed56a8bf13b366984e6ae19e1134f4891bb369ad3aa35bc4f75de87e94bb

C:\Users\Admin\AppData\Local\Temp\_MEI31442\cryptography\hazmat\bindings\_constant_time.cp37-win_amd64.pyd

MD5 4b7b76cb2aafdfc5f84471c2e215aba3
SHA1 ecc1fedbbf9cb0ede68a53416060d6dd4efe714d
SHA256 a3c7186f8135b4e2c88238e3a8fc19b270c84f58a74cd84f2e0ac82f6779dc7e
SHA512 c144e708bf150f736d0b48d7a29ff0799290c33aac8c6feec687366d1ec3b3751d8120ba9ebfd32f81f11b02445d431c48725f612f149b02f08d1aa2e8bf5321

C:\Users\Admin\AppData\Local\Temp\_MEI31442\libcrypto-1_1-x64.dll

MD5 022a61849adab67e3a59bcf4d0f1c40b
SHA1 fca2e1e8c30767c88f7ab5b42fe2bd9abb644672
SHA256 2a57183839c3e9cc4618fb1994c40e47672a8b6daffaa76c5f89cf2542b02c2f
SHA512 94ac596181f0887af7bf02a7ce31327ad443bb7fe2d668217953e0f0c782d19296a80de965008118708afd9bda14fd8c78f49785ebf7abcc37d166b692e88246

C:\Users\Admin\AppData\Local\Temp\_MEI31442\_hashlib.pyd

MD5 c3b19ad5381b9832e313a448de7c5210
SHA1 51777d53e1ea5592efede1ed349418345b55f367
SHA256 bdf4a536f783958357d2e0055debdc3cf7790ee28beb286452eec0354a346bdc
SHA512 7f8d3b79a58612e850d18e8952d14793e974483c688b5daee217baaa83120fd50d1e036ca4a1b59d748b22951744377257d2a8f094a4b4de1f79fecd4bf06afb

C:\Users\Admin\AppData\Local\Temp\_MEI31442\cryptography\hazmat\bindings\_padding.cp37-win_amd64.pyd

MD5 e603ba5b458a75d32d56f28e77f82991
SHA1 0ee1c5da744970afe67506f3b2e67f8bc67f91d9
SHA256 06a59a3c7e2097f718c7d2fbac4eedf68f239cc7a335916d27eda4eb742bf0cb
SHA512 9c5db19e5a949781b282fb208d63b61949666b17b9f15efb3e7fa74e44a121e555d746bd2ce2b3339b756942893ffb0313c8feae0a9fb3d703715626f0d9ec27

memory/3412-1518-0x00007FFE66330000-0x00007FFE6687F000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

MD5 938dc31d2f35dc1246db9b2da3feb1e1
SHA1 4be7b831da6438258d5e66cac62f0fc8b16950ec
SHA256 2d3784c15029e41998ee878b333c1dfd23556964ffb6334c7f24e810a913bf90
SHA512 df07eec1b86ae76cb5ff2ba8b01a8152f2e6d4448be6ff7f11a68e6215712b9190a41e4c03c9dfad2a9266c88ef684b54e8de3a318d7d8c390ea2f52fc7ac102

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07bf6f06d05f3ac80392d410f6a553fc
SHA1 fb577b26ab231e6098730486fc4e3f2c925725c7
SHA256 d31164cca553f7511bbce8431300fe507d7b3d4a8482753b4190cf0219f19b18
SHA512 0dfcacca480c33506fdab8119ea2a8e5f0fb062532ce1528b03cf0477b4f9798c0e5849639a6be8347195166df66cd929bd59e69003b994ca73ba12ae95179cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 248b6528aeb60ea519f3ef99684d9519
SHA1 074434d263f065cad4b5fdfef139fc78532c61fa
SHA256 98be78020d71e04442d58d829eeec989a9133c3bc3b4f19fe45526120679f03b
SHA512 fdaa4e43081d4c4ec1442d914854c3ebc135b3293ed90496eaa14319dcded3f645ac205a9242296fab590ed482d79090b65cff6b8e7bae5399260fe1f6ff169c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cafc46c0d758ff207de109b0d6377db8
SHA1 64c8c017e7a4cdbcc1e018ce25d25863d5742fb6
SHA256 08fa9cad7e6512e5d2b3a466eddc93ff8726b729c8fd1873daed407ed0c0abaf
SHA512 c9f7bde3f4ddf28bbdf99439446ccf90651351c149c1286530db2dc711d6bdcd2f7ec329dfbd30217e33bf1dc4e12707356902b879b8195d4925ee8c8ecc5a8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 37c9f9e795a5f477cb3ad4f4ba70446c
SHA1 3228c9110b089411fc2e6f6278935369c652682d
SHA256 b8ebe26f555e2deba7fda79234262b91aa96dd382c50bdb2f083c47a00068f6d
SHA512 1e97c51bc7d3963d1f299dfa4ee40e94843fbbc980493a496105b5e73c9b7aab63ad6fd56b6c705dfef3e4a076f5c6e57ed6a09dbaba6d8015ebd56c71b9c853

memory/3412-1587-0x0000020915A10000-0x0000020915AA9000-memory.dmp

memory/3412-1588-0x0000020915A10000-0x0000020915AA9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3852485779429a734f4288ad4ab748e0
SHA1 0cdd5489e627615b7daac7f4e2e76d644d7a2dcd
SHA256 2b9c2a1b1903363eec38806b6d97c9b3eba760a3f4499a09ab3c4a6884944d15
SHA512 f4ccc9fdd0599a538739d60f20cea8fc5ddb50d41c24a5bd3b00ad247d15741bc9ef020f8d509cee52a0ba2a2123f306b0eff40a8eaeea22f91f55da85b4460d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aefc6aa738b85828_0

MD5 645ff2316e22a817fa82baaac2077101
SHA1 5bb42433628dd1f4ce16d19891de879d8b2da139
SHA256 e08858f5fc21b70174f20d3d6adcbbf335a89a238c8e37b677a988589d367b14
SHA512 6ed31cc6bfdbdc9d2424db1528ac68f60d5f56dda388714605065b7988d5fdfc9f11bae37ebdeffc88158ab879653a6013a302556079c5aee3d47a927f8c5d82

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4e56f0fa0bd575c2_0

MD5 278670f85a3a888e3b16f98dfd93db22
SHA1 d0fa8f5608f1cb7a9c98269f4e20110c227d898b
SHA256 54d84276a377cbf7f102c55c237dfcb0f60fb427897c04c305e0dbe61db8dd44
SHA512 03c91e0dfb9c046f7b88429e1966b77af66e48b0c7e51251ded3d9fa1cae1e85d11f3655fedf8c76330384a8ac4b19d29503321b391d1f1c35c3eeedef440cc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\301f634159d60807_0

MD5 0d1dfeefffe65e3c1ac5be11f1b9e996
SHA1 2a52abbb2ded172131b5e24bb063b6c23bf088f6
SHA256 4cc56d599eb3e915db7e30a5ec0594884936765ed47959e84ea1be6399522feb
SHA512 84ff2eb04e28c0172c153e2742fee64e53adf1e9db2d4985fcdd5be9c9f9a5b088f1b8e793a5a3e4c4c6f4fa92ef0d00d944ad5cddae343112d4f335684ae464

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b803abb1510575aab09c8a5992ae873
SHA1 6db99cf4e4a99eff3f036654f856e1da8b74a429
SHA256 91663fccac0f04f305f26b982b7ce548559c7e98460109dc9091901a188b5716
SHA512 b4aad3ba9e077bdae386098c544dac64b7296aaed18ab1ad389bc6ef20ebe74d2d75bc64cd939234310f200c513afba2a67d8d8bd5f66cf00d09c129df3e3dcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\810be8be04a5747d_0

MD5 c1dd9ec274c71b5e7e0423bad078bed4
SHA1 3665166a280f7ff72eee1c208d8eff0c36b13b9f
SHA256 ea655bc54c47e8b1a04094b92ceacdf10776bef5a143a0b816b739aa5ab5579f
SHA512 1e4881cc9b6117c5a910609019788a79b6bc96dbafd3722ceb4d77277eabe2cc1af44c807358830537cbafe9b4e275438c9873117c42c714b6709503a9965850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68ca572c61516013_0

MD5 204edc7a2df55cf4dde2072f9de582cc
SHA1 2aa0c505a7c0403a9d6418f5181943b56ef208b0
SHA256 abeb2e3914d3ac7babf429a524c0e2c394d3a34edda3a69553b999ebe2ea83ce
SHA512 093b8acef253c15192e4816fa20ba3f6f630e88bfb0eac3991e60ecc3ed9ce1873148db09348f24cc8d9823678511846ced6ae20e0b2bdd17f908d20c911de2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d126e3f70574156_0

MD5 9aae11704bd9df9f26f6da93375fdd43
SHA1 b0deb6e9af2d179a99c3320019f3588d7008ae48
SHA256 1162367c11cda981e9a7db8e6a83444e901bb5c801cc83283f95d0efe6b411f8
SHA512 db3e51676818c61a4567bf7e07d3cafc17f64c6ae8a36ba08d2f1348282b9d3b22df94ad6fc5c258dc2206ada595f07df66945b5f2219d0086fd9ca9a386982f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cada9a030443487_0

MD5 c2c27c8b6db3ec90e72447ac4107de69
SHA1 0a4737a6a5cb60ed690b269d4f7d1777e3389f08
SHA256 80b6a6de268b93a8df688771dcf1a7596f0373260b18cd30e286738ddd564e56
SHA512 cb6336d0699fef94542e4aec0852f0aa01b198a9e71c0db81a9a6d3ca4321438d100d159041698b38afaacbff5919f67230c8b7e7a5d5d2b711e8b066b1bb8bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d16950524d46b9f_0

MD5 aa8ffb56f810dad2e74114e6594eeeb8
SHA1 c171bc60f022ef74cb4cceffb0752877932a219c
SHA256 8a07a353a7a5d4babb462f895ad169de74af9992204adcd796d6ba22bb869c49
SHA512 75cf2e0bd0cdd6eae021a6381bef40313979a91292164d31296ebe6eb3241307d1d0ff3ce95bae1ba1e293e77ee9dcac4889b4feb187606901ac9b931a172afc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7c3ddc02d3a02223_0

MD5 090c4b5ee43490d658c203a9adc8ad5d
SHA1 2c721def69ccbe84a94c5f880e7b74764a93aaf4
SHA256 93ad713ed6776ef6a62859eac915b5c15f435a2c4f570ebd652171e04b9c9031
SHA512 6f195329abe124ee8eb07e68f9ca73f28489dd99a28685ad5fa7e19be8da0443531da53f06289ed4b27c7daa083956e00ee17ab9c49be1e4aecfe669905dbdb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ae2fbbd5601556e_0

MD5 a24504145844547e998935d50493e2b9
SHA1 7158a6d3fac98e60b1615048ee7979f5b83625ca
SHA256 9ca0c6c8458193ead4bfc4faf91461fa2363402d41bfe4a8a0159b7f25240ae3
SHA512 4d68143daa708505812b14b3964f3017bb3b71c485298d9d54887cd3d0fd5c034dd86ff7335b46dd6868224ec49e4a8691236c25f9d4bf6aae22ed5f98d5bb4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ecbeeccabaef3922_0

MD5 612b463b2e1660bc55b6771588ddc0e5
SHA1 c90cbfcd6582630b48d07047d8720c03444f9e33
SHA256 70ffb7dadcba2d41b080c3a7ce9ab673aed10dc616e38c04167fd4d2234b4ee1
SHA512 6d9ff45b976423c58f7d91b843d190dfcfcf40befb265d42d291a6221f77c41a328e3ee0f6625bd1a5e36cf0f155a425044e97ec64a304adf503d478863a9043

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c1a9bbce361d6373_0

MD5 b627144ebb45938eadc42e0a55f0a4b8
SHA1 1f86411d082d5ec0d8965c30aca46a0d677f326b
SHA256 19c39c7e503b2a84e87358a48395e5623059590b6d4875959c1c1851621336f4
SHA512 e21604680085399bf3d9595d080890da3902e76a8e55fe5c4eba37df08ea912953a749c2c5c9a870b3680fa8caa4063c893ac2a57da82205de9c65be8a0e4934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5ce68c2ec4ad93f27e0e637223afd446
SHA1 64a05424b9a788a31d187f9f047dcc777b6229d2
SHA256 b0e4fe2e5cfd9526a2aa7d309b3d68a2b9d0f5513b591024c5126e6d81a52896
SHA512 d92dd7ee002f950664ce7dff4398de67282412bdff7e2a18fd30e01704044644a128f32ca0977f225be53357b6fa638183ab4327284bcdcbb2f1bea7da8c1d7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\13c58574-e27a-401d-a343-b469a5b84234.tmp

MD5 40eb098f8ff6eedefe0c6c268ec657b7
SHA1 0d213a55f0f6af7d2ab2fb647a54b082659bafc2
SHA256 97897f0a2a97f126f7a0c839b187d6bb3d2508254d82a9775eb3ad0679154701
SHA512 44cbd06bfad0acdd4aca99351c7bc2a383c77b6944ddb812ade18a2e3f664e7c61df5e8d02b50f619a1e228f62f016bbdf2afeff2c35eac2c349d2c00cee70f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5b441808f54e15d47d4ac3f0497f850f
SHA1 1f9c5d887c754f34392de0c2adf7478c897b0797
SHA256 5911445dddf75556f05340f2f8df8cc835a7e0f310792455d752857dc6c8719a
SHA512 adc7dccc96f8d3310df04236c30ae69e6120d35bc5be54f445c370621036e17e992120a944460161f3f8f688a6f383a8a4b95ca772e771db1d0f04849db2130d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5c303d9b0fba72bfcee9b51de3d31f01
SHA1 f102fea4d79a8bce5039a79d1463867d886e5a25
SHA256 0871dc47232895148130828ccc94163e53d8885abe8b7e81e34fba55a6e5bee4
SHA512 64b845b38700551cf3f4d2c2632d682a70f102643fc1a8248a94e9314e41e0b3bc6e313297be8fd00ff89a5693a7fe4012b5fdc8a1db6b4c8502c2fb6c0184ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7ca7e34d91bc25a8a539dc1c5a4f3852
SHA1 528d2b38a51b20f966339a4a4e205d8539868ce7
SHA256 51cf959361e990deb0aa3c89b5760b1631d5a9360b8feeec984e55bc805628f0
SHA512 2c04ff452e19dc3584c412d7183f0c0b2b519cfb3c67ed54b4696fccd995689c1f0635ba8018a0eb720d975f39f2781c4155e82c105776c86d49441cf26bf8a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a65c88ae520e9f4446d4195c8ba329b0
SHA1 0df6b28ce7f6e1b4620c7019f3f0b134447d3184
SHA256 6c96fc746cb6eb1562536409869141eeaf3445fd5af25269a3772adfe14183b1
SHA512 d315ec3a93f90db623b2fd7f3b723ec586b7eeceb8cbcfc2d1c79fa47b312439f5b278b9e1a1b18c447ce97a31aa3847c2f7651532521a8843c7095ebb04e542

C:\Users\Admin\Downloads\builder (2).exe

MD5 515a0c8be21a5ba836e5687fc2d73333
SHA1 c52be9d0d37ac1b8d6bc09860e68e9e0615255ab
SHA256 9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae
SHA512 4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f740ed6e97267415df2d4852764cf7d1
SHA1 38a76d6a9b882002dd604b52461523b96be25d23
SHA256 a6e8d2bb91730b47ef4c63f6cda0e609b93ea712ab9289d63353307077aecde1
SHA512 4bcae86c193062badb222df8bc5cb07acb7588f6f603e75cc93b683940e2338502b0e6f1fd88de2075de5b6f21cdf619e16691dfb55db5b030e2f93af03ab2fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6af578aa94ae06033516482876dc4528
SHA1 21a808d88fb37f1f4f57d31c158c51431addc22a
SHA256 663719ce4f6664717b126df11ddf3177eb8332387d75d8bb014cd1a973dce9dd
SHA512 b6701a6ca91c050866a8dc1476ba45207cfb2c6062d179b92a31a024f33af1d80b48923edbddcb4d0c3ab2a8b53d5e35c09f0e2c35541953d4fb60de58142501

memory/2004-1977-0x0000000000700000-0x0000000000707000-memory.dmp

memory/2004-1978-0x0000000002430000-0x0000000002830000-memory.dmp

memory/2004-1979-0x0000000002430000-0x0000000002830000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eff074d6264239add097bd10d53957e5
SHA1 af8fc917d6eb0078d9121bb01c6aaff6908d16c9
SHA256 a9af933df8fd3d20ec6d076f0ebd3c1d4d799404da61e9fbba960cd6c868b0c0
SHA512 5e0cfec134c5b9884a07837a184db402edcd429aea821ea0f11e7ecf04bc9113ded5873e724c0ac935234658793b88b4c24c38fb95c12292100368a651940610

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a44671928752c6e62599f1c84d7e3f89
SHA1 85fc3a81f7c4039eb3bf4b80b1b6c7c471a9c894
SHA256 dbffa9bd550459ae0bf391ca79bcfec91837bc4fbaa5a50467a7a837e306e43a
SHA512 e3085d1f101e7834487b17b97c836de503e3b8cc7f26047943bd76ed900ad05880c4f26539cafcadc06bf2f175dadcfb63fdd463c27208517e913d23324ec3f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 43402ddcf41a4bbbf6438ae92247965d
SHA1 5ad75f8fe1f243ac85679eaffc5a6a33291af365
SHA256 fda0505a434cb141673020b84435c800783b044e234e42191d152f0a22e86a54
SHA512 729177cc3541535a34bbe21783ab6286f05febce26e79ddd12f4c1029984cbef0f9371d92998fbe8773333090397e4f19b675b5bb27b056e41d4da54abe114a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bd7af0208d08777308f6e4e5b585b747
SHA1 47c7b2a9a46bd94d91d52c04396e559d142f3fd2
SHA256 840556a5ff281defb27b80c9b64172467c6ad7ebe84cae9ca520bb0dd3b8ec41
SHA512 80773ffa815d2891e50138c83b0e1e355e4cb2327561331610444caad67bf4825fde51dab6b4d14d3b18f7f63dc794a29fdf566732a81d3ae224ca366f94ac2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 01369d5062d49b270c8dd6ab535bc403
SHA1 39c654df64cd7386081da8108f23573f331debab
SHA256 ed672ed37bfdadddb835de8c346655a17b653094197a2d6080e6777fa59785ea
SHA512 de704934135717cb62e4d15ef1666e78b3d43c17ff5d50b279c21a5318ac2ce0cea88ebeb17b66f4668e1ca1a8801bdd6bab0194b157b1da6bd90c71b29da08e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0b8ba73711e9a1e1e60dd7bb19ff2f1e
SHA1 756b512a3f8ddea25b92036c7d2e8fa9c6e2b3ee
SHA256 80add9c36d5de52830d4f8d4429ac3b8d8128bff60b9a45c3ace8705281a2f1d
SHA512 13a76644995b5498bb2fb21310e35f42a9720615524f9e06282d100c1d5b0b74df385149a48716937b36a5b1b8e6900280ef3373310b7567a05e2f4636ac7c0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5d09c8f7202e5ef531d3d032a7841dbd
SHA1 5af708e3043388dfbbc13af2df593507f9868248
SHA256 5a602e2d0c668923f2889029883947eb9f14991394a7f422a2bdcd17f717fd7d
SHA512 b1b37281241a5de43b7accc917f171d95babd53b8dd287859a854fe710d31228705dbdfaa8f9128d0c41272a0367e69ab64c80e2aa37c2b9ac966453451b2329

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2d38a98be4d98feacee150b4a9bf1047
SHA1 a98b21d0efed4c325ba9082d44e51befbd16f404
SHA256 80c1bfbe249f3c3dbe856f2f145417dc416b907764c5549b4f86f5a5bde77ddc
SHA512 16c76871eaec819c481cc2d870e96e4dab1d9d3b07c8863298734012010a05ffa38d12eb28d7fa8131e5f6181b4428408ca9e2c450e81647d91a75ad00b3ddda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c7a33b6b43dee6460f3c0deeb63ee308
SHA1 d7e71bee405f97a982c0201477bd6a2746927bb5
SHA256 dbc2d22952de7a756bb20097f3792928e5c58090585ada41fa51aa319d1dedd8
SHA512 ad830527e883ce1492b8cff4055c3f1e54cb59b099c17fa2601dfd8c1ed6c0f6f14b4c1208ae4610d313bc14d58a99eb42795b8dea5376e731cb21812dd922d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f926b9f1ee90581d2ef48956b1bce357
SHA1 a2b7e10617e295c0c68bf22aab26d7138e0975ec
SHA256 ea0c48453f46798cf88a78c64d49bd789269a768aba0ea4dcce7af3f31e99721
SHA512 9f12e6cfe61a32dc55503708d378e6db2e46467251cac2e5e120bc1f438019dc0236ef421b03cbb5fc9ef4a967c26cd1bdaa8e5b840098308166357acead1e7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e48c4b422a5a7b053ad37e45589177d
SHA1 9f38f2112b8b6eb75d2d6aa4b3afbe5764f11430
SHA256 71044a681b24037894f754e062b3e01c400025026071772fd88e39a124fef4e1
SHA512 96b291a713e9b1c938a087069072507c1b22a9dec033603500601fac166b9a3db153fe732e5aa74a39a4d6a2ab423b3a72b6661cc7c9812214bc86775af706f3

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 18951ad4190ed728ba23e932e0c6e0db
SHA1 fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0
SHA256 66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915
SHA512 a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 df6c710d4ee401a1a854f8a667ad8cda
SHA1 e53672c50ad83a35696f9abc89eeb0db3c339cbf
SHA256 bbcb16d3683fe66dfc936774587f83f62c6f786eb31658969062cd2a6692e7bc
SHA512 c1162aaeb4ccb002d20d3ee34c0c848c08a43e086fe63ab2aab5579bd45f94de39aa661d8d6d530542b4bd11bccb073e2d580092360843e965036dc5262c5193

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\03b4af83-0ba0-43fc-ac1b-7eb5748e453a

MD5 a9bb91605cf7c389a4d44b008df1179d
SHA1 ee63707f37ead09f1ebc002ad950d9361723bad2
SHA256 858e8957bdc0bb4e1918d2998bc62f39a67e0b564b8d240b62c02e156356bfcb
SHA512 8ee2598941e9e11536fa475e383eac637bc720a34cdeba1b3e9542b117e2bc1f9180e9dbed236507e6110f7af5b1e10de263f09a7f4ad836a1a4c6bc993b8f95

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\7988fbc1-9bb5-43db-84bc-2561a2c01028

MD5 969b55cf172f5c8ae02a67ab103a2af8
SHA1 3cf2f280f6d45342c85e3b7ea9af64273f22afc7
SHA256 189d66af93cf4d1900aaf4caf0b50334e5e012f12cbd495e489b97fbb0f0a249
SHA512 184be81998d0010d95bc51a219cfd8031ce80cb2dcebab9cc77217b639090d161149537428a7b432058733c5b044bbc52ceafde9ce96779e060cc93c551af4b3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\2cfb111e-21ca-4d0f-b7ec-1b917bec758a

MD5 aa583ceda80f9d56d9e2f7aa574c390e
SHA1 cb968a27f2dbea6d23413bb9faaf10c6b6d25c78
SHA256 98a532286840824d1d16ccb04fc20793ec1b85c04b3e87cd3878d0e8387b414b
SHA512 64a81059a920d1a0d8cd1f897d155b88f64ccaf7cf5dc3aff902bcfb77b9aa33be5ca74aa26a9dec61bc769cc05f531ae39bfe6065471061fa0d232e6762a0ce

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 1dcb8fa36ec30dff78cfb332aba7bbe9
SHA1 246b23d3d79fc0d79f7044bcce8ab2f8deff85b2
SHA256 04a3eea63f15173910bd01e4edc0e1376f253a9755a8b76a57c412a06b1dd595
SHA512 3c55e9f536a11f54baaee8fd11c279beb027df55377c51690f1a285965ff028f67d5d9f381f8711266f111a3fe46e4263a2d90629270ab822b289978e1ab5a2b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 75dd9e0f535578e1adf84d131cd488b7
SHA1 eeb45e2818c9523c4dc8e38f7f89a83a0502aa19
SHA256 b18b7baf140073199200c0f72e086c76b24f4c8f06d357b0c369e5214067cb36
SHA512 66d7dcfb44a659960cd38d5988df40f376a37978f2dc5e86f5adc7d89c752a0ec4189b4ac8924e12b80014124a3ea314ac54045600342f41b675cf3be89051e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 25e4300c801bfbb00dae8ba999e0d755
SHA1 06700161a74442f11b6b0950118dd670cdef8f44
SHA256 5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90
SHA512 8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

MD5 24f143b645a0f86872330c92512fac37
SHA1 6931205f1cd5a3b373d12e3d1191a92726bf57dd
SHA256 c35b217fa946160a7c4092bcba34d2ebf84c15320973fe1d01df079abdc51040
SHA512 84096e48f3d0048e88069b7e594cc107de993c269d60073fd2c17497126d6c92b771a2d366afd1ba6255808b1f35590215a4446d5d684bd4347b780c055a0ded

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 33f1b20b02e9eb322acbd865c82a4fc0
SHA1 f84a0b500226c838b410d94fe389360d23c0e09d
SHA256 1a5759d595b569230ed4cfb47b7c461310c02a03b0df7793ae661fb127ec6bc4
SHA512 fd811fcc33dd208fb1c5f923874ff89e5b07dbf8f87b479c895867477aacdfb028289b24ae774a43fff8d194a51db87650ac687a16fd78b462c722911e92f185

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1261d95fd7981a603b2075d0bede11ac
SHA1 a00eafdffcc4917b8cdb7cce873ba7b3d18189b9
SHA256 a0310e514c818949ed378564afc036610aed0e5e0febb2f781a1e519007f316f
SHA512 ff5b07635e2cf1628fb3f5f53e2c3e8165dbe5687f3cbad235b167cc4417af1822c548f92f1281cbb8e87ab1592552eb127c8c5ae44591a210ed5c213e5a7c3d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8A011D3FEBBDA9B9C46229715A74F1937B2EEC47

MD5 ed6993476c7506d028fba0b9efd86e8d
SHA1 61199363a6b02daec4791c6eaef7e28c6508b047
SHA256 b721776873b5c8886c8324bc472c676a66b531a9ae6d28f7d83e8a405605d2e4
SHA512 b507cc62ce67a1a777cb246cd03fda17deaca17e2532a73ad77bcb796a09377e38af6de7159de62d09b7c33d9bb555538d0e16be40b4686285b6ef8bb7a3aec2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a2aaffa57bfae6e1d8e6dc90a39340e8
SHA1 430fd6488c8610d2706a59623aa2c86f78486478
SHA256 0a4a8bc9f7573e23a6a949cc9c9540f42124e2411eeea70278c30e782b83c7f5
SHA512 916ee2bf7cf2bbb23482ec51bffb98dfa9fee927f40441e36ce947ec690fe7c404b1aca8f53eb788f36d7760bfe58cf8f1ee0f0d20f7672fe4703120d8370d72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 31193231d85721650bf3d77340885785
SHA1 722d92c3935e4657b23b1863e4397b7a1f418b48
SHA256 235054d956f692458aa2a035fefabf7504fd3fc399a8e106867698c7b805ea09
SHA512 8ac9bebb1d70fdfd5834a82a2e39838618c6ae4cc878ed82209aef22c9f8a30438d6f4fdc8f581e46537ea4c60ebfc10a6553cd1fec0866b1ed5e0f7124e2168

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

MD5 f41bb955b7cca73aa664868f6732b6fd
SHA1 dd279197b049f8b22295b73f232f0c2c71dbebba
SHA256 ba9318a4d8d8f72df85030a5fed7ffbec99a447754a394b4197ae873e69a5aa4
SHA512 06edd203101e41a932d15fa7770dee03114bc5cb4c399c21ebb12f0a06e0c61f0fcaa757ca1da05351206cdbf4cce76386b2f0d19f10a997e43e028e24e9f675

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\937B0A95D30B6F8721EA1482D95FB40B1165F3FE

MD5 d0ff55f4f417ca9e996eafdd7396387a
SHA1 0e298d184c48f79f865bb06e4b65b90b13e24ce5
SHA256 81d452bbeebdbf9999fdb0cebb22d8e848eab567f17582eb5b87a6887263ec81
SHA512 a0113008f49cdb047b0e0ed9707bc49e60a00516a8cd7eaaa9576e91f92ff990ae9655a4b20664ce573ec753dc1aa73124940673a71bba94d1454b27ba61577c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D911690572EFF44BA9B379A93A81EA65D99204DB

MD5 f33ccbf789b72753e22445e80b506986
SHA1 d9920dda4aa623f98b166324554ba71911bbd548
SHA256 6b921f781ed0b239b5f5d9c97891e76e81b43d8819df6cbb532363fee8f16ab6
SHA512 1d2ec42efe8d117d87d0af9d39587da8a4c7ea7e0399b0049d11ea4f4619f9224ce8d1fae8ca57f6867bba62c0ca5c0ffcee55feba653c8a2ccc01dabae50189

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\462E5FADCC82A134C10A828C114C5F747964CF3D

MD5 f92dba966ce4f3e70ff5dc45b13e1523
SHA1 c0e39cca2451c342d8e379b1eef797b445de7dad
SHA256 7e1d29e7e4a010eb26119229032d9778851227ebcb726fff4c79c9e1b47eb1f8
SHA512 2bebb5a362a212afd2c5f376749349a6765e3cfb06a5059163207c457a7b5ec88c39f6954a7aefc709fd6c7a14c1fb041267450bbefb77be5f3f727f64fcfb3f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\4D3373C611DE638ED6CA0F7AB92AED0C904A3795

MD5 986338efa6f022f278187c394caf4ff1
SHA1 a5d2e917c80aacb3c9cee65b098581c60783e59b
SHA256 44cd553698108e916a7fe3704dc5b1f78db4c58eb408b2e273bcb83b4c5cbb8d
SHA512 f799f1961615d8101560a56293b1d276f788a5f3dc39da3305fdd4c2d28774c1eb26870d61fb9c9a5e360c997d9bc4059e29a7c8a41c0c1ead61ae7c42ef8e63

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\21235C60DB68B39BE5D5AAFD7CFDA8EB241CAC6D

MD5 7e2eaa1134bac29f34f6f3e1e7400586
SHA1 c13a88ee79c9e6c416e0f1a1d569cfd0fd5f0b51
SHA256 43227f76fabafb9e1e395577e756908f936f550244529c5d7b8945110919dfd5
SHA512 de287a04d1f0f961fcdcba207b6ae9a4064598792b1696ce35226859a2ac02ba1a5064c18245d14d4708a6a80fb16f5e3e5ab7db2c677f1e4f39cbdfb9ff50ad

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D

MD5 86a2d5539e65a08313007c4a52d8a3fe
SHA1 3ed7b5c245e8c9f5f0e870eca3688fc8d841460f
SHA256 6a52ffeb098ead73f4a2aeeecdf383a5ec004759a2fbf0a08f8640be2dc82cc0
SHA512 565e95c8060cf9d52d28462554019ee7177ac2fb794fae3cda328cc3643e3a4a47dd70480cf5f78d9f697ece039ac12be494ab204af1380093c834096cf86907

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 538e2def40cb4a568649091d9d597fc8
SHA1 dd9b588d8c30342938d49aab13faae8e39227b14
SHA256 b176d6b59ec63dcc7ea7f72ea2502dba604069a6f2adaf544757def349d7ed8b
SHA512 433dd675ff1ca04b2c68ff8847fa919f2acc5c73dda8d4dca33f27dbd882a25250239e32c7eeb6dc51bed0e08c0b0ea3b11d4c38ddf8c85af375a3b3049ac424

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 fe50b6540de43fc5af0d2f884f10d531
SHA1 16f1e234f6fab9ccca4a48dc13d8ef3a3ebb02fe
SHA256 5847afef9eeccd47b1759a2193741538b5fcb7a5a90b114b9934bc8ff281a202
SHA512 e5bb5c568f0237148247c8f7850743dee1b750110afee8751508d4a572de134fe437844e00236688a4cda9ccb300de861de25039ffffaa48352c4115eb3f1921

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BC7B7AB3A1A1CACC9DB3BD9132E73E97CFF6D875

MD5 f6d6174ba17acb48e347aa3e59690a80
SHA1 2bfbc48e0e2b4752b004213adccc865220bf26b0
SHA256 61319a9306e2d7347077b6f5b0d9fd5df9ae06daf4dc7f2b585967faa460f933
SHA512 d14e64ab77d0c68ba976cd2309b75216f113df9235f4795574f9335cef7d6d77e99ef22befa5d065d431d873550f085264018296ab108c2bdf1d73fa79f570ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

MD5 871b699b9dda1a45d38d1e19bac19de2
SHA1 f0596c855f3b5629218eb512530ea84b5445134f
SHA256 71002f0f5ff1052f281573e772b4c19cd85db27acc753fad0167fe9426d2ab7c
SHA512 a00d4c001756750dc88acd41c50f29ae222761e2ab62a68c00e14a8cfbcdbb364d64a4a7c8c42951864f4ce65b337908cfd7c9fc4959574c7d208bac07e1cb03

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cd9d6567948b60cde2d1b4d64b4f5df6
SHA1 ca842fe5a441e124872a41b0d6c0006ebfec0b89
SHA256 63c460f5e7afb276f958e7a430e57b5cd9b6ec5dfb5fc95d453a9f4adc407468
SHA512 e446560d264dd146d37dde1e912b6c79de5b883c791af7c3a803f2ab43c14de3835a4d7208a67f34717ef3387ee455fc636d0dcbe48d9bf8d881d62ebe61c5e2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 923d7a305ccdd9d7335bb4f4c884e577
SHA1 fdd7fbdfa2c96b1a8a51bd08f1b68401accef522
SHA256 62d3aecbd4c35ea83a3cfec71813c5dd8f972e2824c2c4c85bf006e7d667df78
SHA512 a01012d5348be28857366581b6c90bcb929cce3519d4ef0e14ef620982ba2395d170fd66a924438741a453fecacc75a828d5e2af249bfd34d4449747ba6fa381

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B401A9DBB8ABD9638F6C0E8E90A39BCE66D2B213

MD5 e4189e454db2f6fcf091dfcd11e2a893
SHA1 47a8f9ff7a90a700ecdda09f625a1f973082c3f3
SHA256 ec8d724879b7c2113a1162f42f1575620754b34b2441707e906b7855ef3b2e20
SHA512 3e7dc480514a3c67082db1acb753d3006251b5d10cc6dfe82fbcb7c70f6030647edbf745987577382885761ae465d612228ce4fc570fa0c6b9a5ecf89f03ea76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E17BA016257CE59D87A31FCC310FC91590650A91

MD5 13e8b8cf5e7ced134b5d6f5d2b374c7f
SHA1 e5aafffbbf9adc0d76341e6436d17c4a56bad9c4
SHA256 b5ddb78ec0f5ff3c93484d665349da7f673deddad8ebb94b94e384c418eda928
SHA512 4916d1b8145889c8c913262df332d330aa0fb04b4b44f15e6b766ff854705506c5ac2acc2384d96f0e63aee798d6db19732dfb2edfbcd28331d0d2afca108dd3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\1F94A3B019E2B2B47E2356E16C996C9287E700CD

MD5 76dd5f415c3be9ec8b28a496f5ba545e
SHA1 e97595443a4259417e693165073d94fbe4b30c03
SHA256 ffe829e952ed568a83f0a06844534aaec5a410674e579185dbc54bd10920b078
SHA512 111b58db2badda6267bcb1bde1efb1aa73ceafa34d42ce84cccfec528e86cac7a03e223fe2537c71db57685fda7b8fed7af97ae18a257fe131fbce0beb7b8c56

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C206C91D6551A4C015941478C44B2524F1DC9590

MD5 6349830da1c9f95529a70ff2a727db66
SHA1 f590440d586e369fcdfe54299265f9ce69b7f4ab
SHA256 0c7169814971de32dbc9e195ea1fcf3f1e3440a92d18ff9e0f189dedb94aaf69
SHA512 e8b8f42b73e8215307478f66a6d0ee2ef321b4e9a49712b8c746ffd9139b6c6b0781d5cdbfacdc21102a71b6c53f460e029e8cbf0597785af6ff6e4e3ce9c68f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E37F0C9F306DC48775447C1CB63D24537A2B4D38

MD5 3de6f71449cdb7086a2d1759ee8521bd
SHA1 f9fc7455504f3bc338e854963419029fc10b3173
SHA256 747ac5c5c8899e62fb91f84686fd76dcea393e96a037ec8f525cd7e75f0be263
SHA512 e79e65c7de7c52b6fb5ead50bc0e937018b2e3d3c736fd89089ba3a4b179eddc082892de55ecf7288a68040a51071da236ca77e81a74d68c5d213fa23c26de05

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8107661E821032A9B67FC2BF2B10824A0EC8E0CE

MD5 395a23913da8b92cba04c81a0150df37
SHA1 8a0eac5d053d53ceadcb8a7a54d1bd5d05178590
SHA256 f9f6c16cc489274d4f0cda578bfcd43831985241b74cbf8fbb6ebe213de0edbb
SHA512 e9fd7dbe4ca7542ea37da7c2f4331a6c654ff11b678498ed9eac870060a7f504f5dd9fa9b8950b114ab494dc2aa5f13424326f60d7f9a18c12dccfa42ad4c5e5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\688D7161DF88994D3E0155C4934C2CB11D2FF708

MD5 a7485535e00853e377828ca90146db0d
SHA1 5c823ee90afa88425edf3ed8fcf23502b5998614
SHA256 96ae2101e1ba16b4e68a57e9dc5801a4fbba3341b10fdaa95a40eceb9def578d
SHA512 0588c5694dbfff4ab7cca0c33a4c509e2773141364850d7ebfa46e2226b59b1de4bbda8eb35bd3718f7ae1faaa7bd92cb20f88cb58bddd6d6faf3fa00fe7f439

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BD9566772423F895BDD105EB415F3A927D10DF17

MD5 743442a8092629c8a273fb038e71135f
SHA1 badaa62f8b3e9c2271220a3d031caaa57be7892b
SHA256 ebfe22cf19c01e8bf9fe9f3481ee8b61381d5cea0d4b4514b7ce5103a74f725c
SHA512 02b120fe7e859c00728af97521f33c7282ee6bb51389ce4297116b853b6ba683f368e312178a9606137d9c81607e0c5021d694d661e32c38f32fcc29e2715365

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\39BD34902EF075E03D5716FC8E374A55F40DB0AC

MD5 4c3c176030364a2fc9599e289ad10bda
SHA1 203da5d395469b042afb6df405ab6b5e2270c43c
SHA256 3a7d318ae2e47931cc7345157dac8fa07ad78a5396ad1aff17d24cd6d856ad19
SHA512 55cd10c27efe97469385db317c6884e8f6e9e454aa344a3e1817f10aee0e5f2c073c975db5c8113b23d9f60425cd8d1e2fe600ae98bb81b2bd1ca8bd70919bcf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\DAB642B31EC4377C8AA32D120B0CE38EEF99245C

MD5 775b0ad9f053c1c8ab97b8838db5c9c2
SHA1 a22aa189bce59dcf2851a3ce4b6b0d9cdcaba1f0
SHA256 8ac154ff2fa95231232dd236cae64b946265c6279835f6833864c9f8005d5c2e
SHA512 c1a4ad143d4e8838e3a2bb9a52440b31410144096c0dc5215e6af6e1b67ea8e982f6f472383c5c13ef581d772ca9661d0a362d59f6b57864539409bc0ef4daea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

MD5 71e8370dea7637785c648b5be1428515
SHA1 f45fe2189555ccdbd5cdb44c32e29017df4d7f03
SHA256 b5d2f5be1712a594d1284e4291734ec03505290c9b07f35a87170f7dee01b479
SHA512 f95eda66897cb38cc75a49ef801397eab2cbeb012518e954c8e89855e9ba6e80d503a731efa3e279b7a36324503b7fd21d37f9f6567e53cac82990599e155697

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\40A48D6FB1C16FBE729C2E2DB9B8B9E79A67D5B7

MD5 48f695b9e40364164ea6a1074c247a2a
SHA1 3ea295d34ee4fe3e772c7269acffdbbe729f966e
SHA256 c9101e6eb91f8bed757d4c40196899c9a5f3b01ce5a7c9ee929e21d2079534d3
SHA512 850de812b07541d6eca7dfa7afd65f5144b5986f428ee02aa5708854467ba9136315ad35ac142d704069c4e031fcb1617022cf071f055ea0757ac9ae06c07fc3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\77AE23D63A0729247D98D0C459BF75613CAEAC33

MD5 a03181fc94f4befe37fe6be1e9048b8f
SHA1 6724ccfd2d271aca65d2907772e12819b3264000
SHA256 f3eb40c31b5b1f3d016dd153c36b1e96735bef0f84084f7566e8b30baa3a086d
SHA512 caf20ea5d7823161a5c60665bb07c69bbca25d2f5e9bfe8150b33a06fa220d19e0e3e234e94001e872205a9186d227d3b6670f260711b497aa154fd0c6a1b5d8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\A7CF3ED5C01DEE0C144A5D0CA5CF0BA94AA917AA

MD5 4e91ed7416899aea8564d09c0744806a
SHA1 e1a3ae3f89e34e9a67a774a0e2e418ad78f817db
SHA256 2a28e7f7bd9b36c00aeaaace76e598ebb9afcdecaf71b80ff35ed2b55cfff794
SHA512 924ce89766e1b56e2cc872d7dd26eef180e859e2b6d74f6081c64237454da424c2459ac7f516cec48831f0908b8a60ac18157af2650b88739ab1bea6d2433a62

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7AB59E4546BDC9E6723B2365530A07135603D153

MD5 b372be547fab8c960146d8e6c35e9408
SHA1 39a074dfb98ac53a414f6b83624571db9f8213b0
SHA256 93eda971530bd7c6551e88d2d4ba9ace8bf37d46d367e49639a4d61bc7053a2f
SHA512 a3dbde2f4f8a9cca3be046adda8c09ba51054f2b6230916cffc55d5cd2e2557880d17b6caa6072dd8aad5416a5cb98b701ee6f8f9b11bb33f1f8d3d2c8247a14

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\4F05431968F5759ACFEB8F279C9ED028F86195EE

MD5 2ae816e264fa50b77af5e3eaaef3938f
SHA1 5e3716086320393d088e973d8a4fb1c5a176939e
SHA256 dc34a565933d32dbe6255ffe06cb310c132ae2f61d06ebf3b3e2c50da793be7f
SHA512 5d28359ac851ea7a59c824edd34086d03f833458f6995d4205761aa77d1ce4a55eeb57a6c8f7f64c730b1dcc2608187c1273396e3cf4cb973d150fa0aebd9223

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E29FDE07AE5BEE729429D4F236AD31EC43F719A0

MD5 acf8b773de60a98a2091df9f0609aa04
SHA1 efda96bd84749c2812ae471a940931a28019901b
SHA256 3624be745789adb614714bd378a8420b64286c03ab2d1356e5bc60ba5eb57e65
SHA512 0d6944e2d3832a7f108c446385ae83dff749cc9d45391cf81028042e270425df929390d214dae32909b18d2a9b87a5fc762e2b3f17f65533e4c130c54c8e6226

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6046BBEB80663C9D9087B8588BEC3BF050114DB8

MD5 02eda6f3021e1b08e9330ad15801b3e4
SHA1 ce19f8be2826a20ca70c019b97ad21eb5831cb80
SHA256 dc71ce2933f4d33be6ab3f5907b5b58d382e4567d71ee7c789a145c33e8c7fc1
SHA512 6c1fb4f285eea6e0260f77aed583e0c2c72c0c4bec3b871223ad7537eadb7c4add175b54b4c1e5dae73055689c51fffeb70993e277db35cf990008db200144e3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D3C4AF30400A633E9CF2C87EC1994BADBBF9447A

MD5 201d3006881a458feb3374f77b52cd73
SHA1 97491226a53457bf4d5455c27595ce339b492a2a
SHA256 dc4baa25f65998a5cc7f243b216bd117f9f53df420d07633673d28ffb7d9305f
SHA512 8054afb023c433cdad775b25056a0d4984d837e2649abfd4fd43382785fe728b9e8de396f05949ad266f89a0c5b5871a2c146ac3cb85a2a5a6cf6c3e1d2b1eb7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\ED5EDA73DA800382C7A46A389B5CA3C9FAD29BE7

MD5 b57a56f2a0450ea573412fe3c7eb2571
SHA1 e132b5e19d21a4269adf4781dffa56a6c8a57778
SHA256 ced80c9d2db9fef7b4f2fc2ad55b5f99d98bf503fc55384953a3a2fd7aabdf54
SHA512 a55a710290efda48bbf48093a1ec1c659583c179e61a6bc88100fe226c2c6739e3909427e8b09e2abb7cc9cc2887b7717d81244fd0e492aaf767632919def526

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\028C0894AD87F10A73B973631F70818724BAD700

MD5 a3d4b39ca9728c4df515be80efa9a5f9
SHA1 ce2c227b907730699e6a297690bd62300228ec17
SHA256 4f47bae8e0bfde690f06f4d722a4ce3467bc98aedd2d50af652ce9fe1bf99142
SHA512 86aeb2ed335e744a45b3faebf55bf53727231c28a6aa760f784fdec1849612ba6ec72758fb0a20bdcbd63ecc4ddf3babf044354e86dd3dcffc5a300648ffd4ab

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0DE2403E40606B9197622D9499699DCABEF1EE41

MD5 d5b635c6d3cf2a3eae86669df79672f0
SHA1 429a91ed864f6e5a6edc869ff6f7d4305bfa2fcb
SHA256 237eda53943d84aa1d7408747bc3cecc1d29b98cade305608f10b2e437b91e33
SHA512 a99c588eda0a357931275c4b8d288ac0f6cbad9821d2144b3b14c12a0585d281c4fbb1e4ec4247f01d9961902ed125cf55fc9985c0299f3286a37139551387e7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\429DC8AB78A8473DC45C70CA74453F829ADE8BD6

MD5 724c8f1b6afa90714cf9724f5785e2f0
SHA1 e1532e9be63b8a9b019f39a1a69496259602ee68
SHA256 bfb33a166835a65ce4eb8d08574a3057c50b9a3eb68142761a92df03fb4bae3a
SHA512 93e44769dc1b4b3f8ebe3109312cff711f5be7fd05622be6e27a78e3683d2fda4aa08a278a32cfc6f7670f14668c6d679a288d5d858fbb990288950985fd249d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\9C96235CAD726D63F60DE1389F02007E7CBA3632

MD5 d4b595acf5f908b19c4efede876faa4c
SHA1 2e775c1edb7b51b9b1e61c3c46e6cce5b95ee903
SHA256 ae1333d894af52330173ee999d44728c28b8e4ac321b3d3c1a2ef8729f516999
SHA512 590113e8c482a1daaa0c8006bb851f54b05dee2d5538048cdc67e9fa26b21116b871591993e264ea2d4eb6aa0c4eff1acd8e14409fee76cfd65998877d35f207

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6018DCCE8EFCE22F8F648A32D28EA223F80C84C9

MD5 826b01969e8512477450bfa0c057de36
SHA1 cff27c793980d90c2db8abd528557232b41c7b9f
SHA256 9e1f7f468fd66463d322747101c2ec8ce662fa3aa11f75d3ec11fce52fb88a1d
SHA512 c0c18b23f2afbb24efe218661d12c51a48f656386c10af7423a1a50c92b8a143cc890c16c9b84e13b5d2c5c52e592c8474ba3e0b1d2b3c786ee04a38b36f6feb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\FFF3544547FC343205CC3E77C1CBC1E5D83178EE

MD5 059787e3c89634dd5aba43bf751acff5
SHA1 ef488eeda38796ec0cba41eaa46a4f939c8e9333
SHA256 03217adf18d9690804872fb471c5946fb8c1944db61f24d5186aee47d218bedb
SHA512 8424397fdc961bf86c5b4294eb99988ebe9964fbd1fd75979df4e83cfd9e54a58ad4460d5be7213acc2889e9dccad031551863f9d4acbfbfd7276f4351397366

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E5BE8E29771EA4CFFCB4277853ACD23A853EC722

MD5 6da1e3eff3214322d16c0a086b4b0dcc
SHA1 2cdb93b891e975c3356e66cdf743d39508b7084f
SHA256 f035f7912375c4525cd47b30e2a56067749576ed4bc315e3e493a3549d73429d
SHA512 7a3cac94213f822eb4c6707f94c6b15dc3fa296b4f981d8947103db594c6c550df78df99b60335a7e45c54898da2b24bcd04a6fe2fd5bcfb144f21cbb6b665c1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C8C33A31FA3382D567EBFB931E93E181758D8F9F

MD5 a3afb59dc51ea9469d6a1879c36224f5
SHA1 bf89af075567fab7c7392ab44d25a436b56305a6
SHA256 8187dd109c9c08cf3db39b189788bed3d0f4b085f4644d7cdc4b2f4295f40084
SHA512 923b28c0a302b2eeac432e7030121b417528b1723058f5adb6fae5912c3556bb95793a483949575043da564e63f91f34aabbf680a65ab14fa9645f2bc94803d3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0B9518A460364544938F3720963D92ADA6E35019

MD5 b5aae1f29f708c1ee255497735414d09
SHA1 3e4f8a3c57bd0630529b5fdf09a1182a9e4dadcf
SHA256 3c7bdb7adfa9ced812c212fecbad93be7e82ac75bf3ed090a209584d315aad9b
SHA512 a2a4d4f7750f7f86a517cd4137d136e5fde33e2ff494f44cde95d3ef3d9177d058ee034a389c6a73999efed4595b8e9721fb6c11f312b100e6b26132918015d0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B8C8DDD2A07579E58FAE2BE95019A6D79E31F546

MD5 dc79ab4d6863492e76a39db7d2590ae4
SHA1 b5c73a4edc433f97929556de4f6b4ef1de5b92bb
SHA256 4917dd1ae7cf64943659ccf11b1855c55e45d154b91d9ff762d07722abc0fcb6
SHA512 c57d11119cdac96f7384a92e89f9420bb4335946e07729030ce8bc28b19fc8e80f3059092906b2bceb3f1328a76b30d246a8d11c4cef16a4b2c47bbd59880f7d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D1D59FB4C558CE2A8474DECF1A3849FF49942A48

MD5 bf63739d800f0de6c7dc2d5520a095e7
SHA1 a1d2d38c3125bcc9558fc32a06c518a18935d140
SHA256 d9e38e7039fdb98d214b4526e68cdc00f7928e72171ef18cb2152fdf5a74c504
SHA512 3aef995a07533f235a0c1870943a44a8d27272a3103256a3448e1ab0906dda67643f81dad7e3dd0e224263174b7cdb132bf968a3fa79c4c70ecadf307f7cbe8b

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6F0688B3765FA8BF425C4B00475ACE53E2AC9A6C

MD5 4d42d435edecebaeacda710c7d19fc7d
SHA1 a09b8254360835770fe36d628c1a34a435ea1ec9
SHA256 b04b4ea6862d6bf9e40f69db5251ee8ee726db55d08284e809e94c6decd628be
SHA512 de747f49d691024e009e3efadcadb65b2bdea1b91cb5363bce383ad68c731bd6fe3001c7c5e8370acd6e359f8f67fc32eb3ec24585feff6c00cfc39b1d78d30d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\15B93BC621B274AC627F930BBC2A3DC1A7CF1BB3

MD5 664262021f8df57520d5521cedae341f
SHA1 97c96895cc52d63db7769f7083b0e2b84b7e7161
SHA256 6c0bfbc8da6f8fa7c0174fbaf044168864954375a6238dd1239c53c14214e489
SHA512 26ebd8aed1d9b3979366c1167c1382dce2332312415c9c73e05113b87f9b51bbbef19a2b76ef14fd97bb56f28406e5f001eefcc2b9deb6dff8d229237af4bd76

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D453B01773E636BA24E6ABC48242770C54B79557

MD5 96855d1bf5d1134f9aa3175f30986dde
SHA1 637bfee67a8bcb6c8081fa0588151384b60ffe21
SHA256 c885090ec188ad7485b860a4cd7e9f8f45fd6a5ec618168761894bf646baf0d0
SHA512 6907b195e21a4b0c7ebd990699a6f8ec85b42123429b79f26a306beb1fd0f03ba450cd16dc6aff12ef8962b394c4d3e9c1fbce2d629ff5cdcbe11d4b7f2b9819

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f08add51bf72b5ad1a193dbacc8c3f20
SHA1 a1cd539dfaf3ca7036cfa8227e74048de88cd83a
SHA256 8614ea64b2292e23a78cce4c4a76491be989d3283ea9a338f378313491cf995b
SHA512 77837269385d359de69329a4eee2d621cbfa270f4afcc86afea5747865173b0e7a4f1644d7bcbbe7ad94a71a6f05d8bafa98e852fc7cfeb7f42e5fc98540236c

C:\Users\Admin\Downloads\$uckyLocker.exe

MD5 c850f942ccf6e45230169cc4bd9eb5c8
SHA1 51c647e2b150e781bd1910cac4061a2cee1daf89
SHA256 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f
SHA512 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier

MD5 dce5191790621b5e424478ca69c47f55
SHA1 ae356a67d337afa5933e3e679e84854deeace048
SHA256 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512 a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 c38873dee51527aad6b87d4b2f962e39
SHA1 107355e13ea7617453883e6213a12b5a52bfe2b0
SHA256 eeb9acccb7c00d09e6f27f132381f2d3498442a1829611fe484b360fef4fd043
SHA512 3aa047530d8096b4a2f4612b36a23bf7c626f545d00d8b63bcc366a87dd5802502cc98ec291630a5bdd00877b175e9c45f24fa248281084a1e5a898ca26fdaf4

memory/7068-3612-0x00000000003F0000-0x000000000045E000-memory.dmp

memory/7068-3614-0x00000000053E0000-0x0000000005986000-memory.dmp

memory/7068-3615-0x0000000004F10000-0x0000000004FA2000-memory.dmp

memory/7068-3616-0x00000000050B0000-0x00000000050BA000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e1e1c262efbba4fefc92959434f62606
SHA1 bb61e7e36afba4bef57505ecc39cfe3a79e7eb28
SHA256 b6dca3ce81d06dbe9095d540573118204422c8bb274e28b2ee7fd8beac60b04e
SHA512 1c03644b4cefb1c16b50e8583bc93048ec8415fbf3734d417af2ac75bf26ee94eb415d3b75d6e675ad17c38c7cc02ba28712311de988d9dfe2614bf485200905

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 e26dcf5e510b4483d7a665ddc9ec8467
SHA1 2df2e5541fa4b7296938cfb5d4ffc97378858df8
SHA256 65fc29d58cef1f5f520b4e81f56b69b99484c533f2a97b5b2a436df1c53983df
SHA512 f7d139e6f8516ce4ce5a205f797d72a572001f5d894953f10c9c38c56255e0caea7473b9f211bf44d5e0997516d6ca72f7f9bd8ff2eab80cf6d44ffa7c05d11f

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

MD5 0f743287c9911b4b1c726c7c7edcaf7d
SHA1 9760579e73095455fcbaddfe1e7e98a2bb28bfe0
SHA256 716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
SHA512 2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

memory/6260-3700-0x000002188A730000-0x000002188B724000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26ade91988e2bbd8b54aaddc9a4e2015
SHA1 455efcdcf12d18ae5907a6e476d2974122d71a4c
SHA256 18d8f895986799fe54b59d1a17db2d0cebd0a8df8a1e90477d2ec685a4b7d370
SHA512 7327a26b3ae251bb3d69e092632070d6eee8262651e64847dffe1c7e5be7fdac5fc868514421f4f30f342f907243c02c14283bbf0e40045dbea567194789a37a

memory/6260-3721-0x00000218A5E80000-0x00000218A740E000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 14ddcdef91983ff33d610b7653607897
SHA1 1005c1a61aca9bb905dd016a898d760507160a14
SHA256 4f5749dd2192500bcc88d2d88fd3171edfaa36f99732cc6e2f888111b0cc76a2
SHA512 5e8ba89021080f164d8ec4023d4986276eaf591dbf633e779a62a0ed3a8b5bcbe76f41e7cd793216d51de296bc14cbb7ab3fd1224de7b2bd4efe47e76151d7eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ffdfce26cfcf0d775c6a207f1bd05348
SHA1 8e01100f81f5230976ad63abb95910511bc3891d
SHA256 db953697855f1c9eb5cf7ee6a2baea5c4a169a9888f35f3d9c7dcb678d96f9d6
SHA512 e03e84d364a93afaf0f659701cabf34ae220fc97a2c9af948975117e58582dd3eeb16d8a960da9b406ec1a05613b89f5e0db95a5f9f5ad269ef7076b9dc8ef9b

C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467

MD5 63210f8f1dde6c40a7f3643ccf0ff313
SHA1 57edd72391d710d71bead504d44389d0462ccec9
SHA256 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
SHA512 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\jumpListCache\z24cnRoSyeSaPQOnN4DM8EyDkXFOmETtvITwe8CogA8=.ico

MD5 6b120367fa9e50d6f91f30601ee58bb3
SHA1 9a32726e2496f78ef54f91954836b31b9a0faa50
SHA256 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0
SHA512 c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 c0b3b4ff9fdf70c0e900ae7cf377dea2
SHA1 06b9aa34e8f4ccc43593f2fd773287b4aa48a410
SHA256 33a9f74a4aae828657301dd4952b825213d10faea5cd2e37bfe22e09b2605152
SHA512 6e9fad8eeb72e70fcba03844e22e21ecf8d0d792a2fcb88f1a64c7962454465ecd6d6f38579dbbbd2251c68a15b778f49c633c86441e91353fef70c022e2d46b

memory/6696-3980-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/6696-3984-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/6696-3982-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/6696-3981-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9de46f796a98acdc85f588ae9a9af228
SHA1 3f13abba3899d4f061a5124a8caeca75d3770163
SHA256 fb61a04b511275f1d6915de5943269d92661f2c9525aa5f4aead28ed4dce7f15
SHA512 3d5d749fbce4daf329ddcfd42a4a240d76c57197232c612241bb0384943db0b8a38d0968fe8fa6a72fe1abf4607644797538c5f7dae238aec0e73fad6b214b75

C:\Users\Admin\Downloads\WannaCry.exe

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

memory/5540-4035-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 5a9687bbb9c24dc297a0530d650de2c4
SHA1 6a6ad0dd9a09623c88957e47bd5269150f01d935
SHA256 a53169aeae2c65e15c6379625338ccedbe68eb4036c0e5e92865cf11229a28a4
SHA512 7763bceb70a9ac765eadaea99422be71c2e70f5c3692e7acc3d90a4f09c8529b39d91469fa975d0e14143f551400aba11b16e07edf2266e094b93449c19aa73b

memory/6696-4157-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\ViraLock.exe

MD5 8803d517ac24b157431d8a462302b400
SHA1 b56afcad22e8cda4d0e2a98808b8e8c5a1059d4e
SHA256 418395efd269bc6534e02c92cb2c568631ada6e54bc55ade4e4a5986605ff786
SHA512 38fdfe0bc873e546b05a8680335526eec61ccc8cf3f37c60eee0bc83ec54570077f1dc1da26142488930eabcc21cb7a33c1b545a194cbfb4c87e430c4b2bfb50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8479f4ec41857fa0be9ef63ac17b99f
SHA1 118e17d839db064515091f1175cf843cc639e256
SHA256 883a05c8970c4d1cb6021dd4675f355dd4cff5c588e7f4d18dc0a130b307c852
SHA512 b10198a38e8809fbc950d7fd63fb23606883e3e30bbfc6f9cd4177671610e168e5b14caf231eb222f813920a438d139afdf111db6d7d3ae6e5672660210b21f7

memory/5388-4984-0x0000000000400000-0x0000000000432000-memory.dmp

memory/304-4994-0x0000000000400000-0x0000000000434000-memory.dmp

memory/312-4999-0x0000000000400000-0x000000000042E000-memory.dmp

memory/5388-5003-0x0000000000400000-0x0000000000432000-memory.dmp

memory/6696-5020-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 61489fd2af8cdd9d73a8f2ad5f6cefd6
SHA1 0f5c4a402d82153affaaf01398734c6c2e7a786f
SHA256 d42b9f7bc0692916e11db1858d32d664d365a011aa39ee4f8e6354bed81ed438
SHA512 54f322aa2b6f28e801e2adf97cf8a82d459b26ee26a6a146f3c381182e8931cb446a060299d065a723297d67539411c810f384fcf3a94152cf0f11e7168e33d7

C:\Users\Admin\Downloads\UIWIX.exe

MD5 a933a1a402775cfa94b6bee0963f4b46
SHA1 18aa7b02f933c753989ba3d16698a5ee3a4d9420
SHA256 146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc
SHA512 d83da3c97ffd78c42f49b7bfb50525e7c964004b4b7d9cba839c0d8bf3a5fe0424be3b3782e33c57debc6b13b5420a3fa096643c8b7376b3accfb1bc4e7d7368

memory/6696-5064-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 10fdddbf6e7c61e6e8a01e7771100dee
SHA1 f95f3c378c7649977e948e2a560db60a04742702
SHA256 69f0cada861cf97c3eb1c5a5b53e4aa8f81bc97c9cfd0b2da1999d53417514ec
SHA512 f49529797249a299097dd697c2834d9e3d9d0f1ce53eabfdfb122b4e55b95063c4094a8c0d4e1759b9c533b5caf59fdffbdff3ff7e5c856d50fa11fa76c8c945

C:\Users\Admin\Downloads\SporaRansomware.exe

MD5 4a4a6d26e6c8a7df0779b00a42240e7b
SHA1 8072bada086040e07fa46ce8c12bf7c453c0e286
SHA256 7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02
SHA512 c7a7b15d8dbf8e8f8346a4dab083bb03565050281683820319906da4d23b97b39e88f841b30fc8bd690c179a8a54870238506ca60c0f533d34ac11850cdc1a95

memory/1432-5143-0x0000000000400000-0x0000000000407200-memory.dmp

C:\Users\Admin\Downloads\mEYI.exe

MD5 496dd64633ba5d89811426930d86711c
SHA1 97f5f443be0a6d1b9f9b34c4aa89c9d730fc53cd
SHA256 9cdb4432b5dfcd34998de62dd5361045b86eeb6d7509329236fab72572874d80
SHA512 d07e92e935dd0802c26c66a89c3cec9e22630c8ae1094438636cf483c223ad234281bcc006c4d4b7a83570dd0d128ba99c26b68bc1f4ddcf1828277b3690c65b

C:\Users\Admin\Downloads\GgwC.exe

MD5 dc4396eb8175c7ae9e5e3d4ce1a57673
SHA1 e01071cdbec29fe64b78bbfdc20bce637f93eb84
SHA256 f5ae1c979564618b861101c9ab2b0d066fb61ffacda5cc2ee1c0ccf575532d4b
SHA512 82d0fd7064b11d2caa712e054e4c877bd2bc2a302c3b4c9d89fa92debb93a9c29a3dcd1bc4e5453f885c0a7942769871272715a7126a715a60ee3dc2a9e44536

C:\Users\Admin\Downloads\Ecwq.exe

MD5 c1432283847cde239d723568b3fd04ed
SHA1 6c1f1d9a1d76df47bc2bd73e27b7ad6950a2b66a
SHA256 423441badab4619bbece12c273fbcf47a25bed897b0ec4635afac62963218c79
SHA512 6608bb74a60a07c6f1346bbfef387b7d7c9edb3f314e9ae4ce2b8696dd8cb8a5f78d7322545c82fd3d6b34209227c9af2c1dfbe2ea4bcf6bdcbd6e266931e6fc

C:\Users\Admin\Downloads\GUUg.ico

MD5 9af98ac11e0ef05c4c1b9f50e0764888
SHA1 0b15f3f188a4d2e6daec528802f291805fad3f58
SHA256 c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62
SHA512 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1

memory/6696-5199-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\qEkE.exe

MD5 52ab02588302339d0a07e12945c4b8e3
SHA1 f70eab0af26fedfeabd243480b577a4f1ebf3ebf
SHA256 c2b985625a3bd270e96c6fed9793ff8a092f50194a0a5e7f088a328aa0d21082
SHA512 2d031950f9de189e9ac233aa5f8110c9d029287aa03782f59367b7aa8af2aaa077f2ef5baf447dfd4f98483adbcbe2a7a46cfb8647dc281ab2e6aba537a56348

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 e67aa4b22217b218e315fe3db465c3a7
SHA1 de6f32708b2810f885ad6b6bff01b1d6cc9ba4ed
SHA256 ce3a663f6c77868484729ad71aa82b714cfadcb513494ae41aed080a2c8eb45e
SHA512 145b8a0c17fa6bb548298e721d1f75674226fa16163477085fad7d70f70cf4ad52c150b58ffeacf2334922f1ec0e4e8fabd9589dbb35dc65980fd35248e623c2

C:\Users\Admin\Downloads\ugwk.exe

MD5 5b937969626c21074089d96ac921384a
SHA1 ff7efea2a41e9f2f4b700b7b3de3a26d10b6672e
SHA256 90243538d66399ee80dd57effe9306aefeb9b0f86277e5de5a46d9e762af6215
SHA512 d2a9a55dcaa4227e59c8aac88c9e49db8a7a0f971bfc919d21c6337ced71cd28dcbf2db7ed3a75c0a7a000aacc16a937d8048e9efaec56e49cade1f222dba0a2

C:\Users\Admin\Downloads\kYAC.exe

MD5 88b4c949cbe9e9892ed290a0538a0a7d
SHA1 f09d5dc549e5ff17928977bf50e82b76be25d7c6
SHA256 43847c4ff4c1c31d7ac29253fe67a74caa51509cc20a9124aa02c0d6484d8878
SHA512 ff7be676bb88afe8f6d01069ea649aead3bec621a1c27e4c3c495e89dbca2006f5c91a038103f9c2664ca82911ebfaac8244b252efdb6422bb0ec71b0b16a2b0

C:\Users\Admin\Downloads\EYIy.exe

MD5 05a7e59435ab226d23a7192a06f09b99
SHA1 4d41e15bb9eb37e7a0d4e74bd890a56be83cf3ec
SHA256 2ebc5b2c4fb909ff78dc215dabd9e911489bde7d7f512f8166bcda320ca2bf00
SHA512 cca5602f834f16f4a63150e08bfa387c13ddb0eaf96a0d2b5f69745ec88b050a853cb3c69cb561783f4283342f0276910643238fb89a8a6342e42a49939a417c

C:\Users\Admin\Downloads\Seftad.exe

MD5 86a3a3ce16360e01933d71d0bf1f2c37
SHA1 af54089e3601c742d523b507b3a0793c2b6e60be
SHA256 2ebe23ba9897d9c127b9c0a737ba63af8d0bcd76ec866610cc0b5de2f62b87bd
SHA512 65a3571cf5b057d2c3ce101346947679f162018fa5eadf79c5a6af6c0a3bc9b12731ff13f27629b14983ef8bc73fa9782cc0a9e6c44b0ffc2627da754c324d6e

C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe

MD5 0ec3a50daf1d0d3c5bcdebae2ae10ac4
SHA1 e9d0d8a5bfc6a4ec8192f4004466fc08385875e0
SHA256 044ca1aac26e6eb56135b9bcfaa9efd8146bbd4399e5491cae77ea4ba050357e
SHA512 f4171b8a246b7541de79014ca670c76123433e30e46ffc530946b390e72ea8118667aaaeb8ae65034e69eef2e6925b8f67f3a2be9d1b6f192b1e833474282995

C:\Users\Admin\Downloads\kYkm.ico

MD5 ac4b56cc5c5e71c3bb226181418fd891
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3
SHA512 a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998

C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe

MD5 7eca1f99bfae1e92f24071668119e36a
SHA1 1d26013a3f620a44f5e9097c5730c431bc0bd985
SHA256 ad359fc6fe3cd862ca76476543fc53a0109361210fc64be2772d08238657d1a2
SHA512 2a8eb6df9b641ff35976a848649bae212633807c9632e780c2682b74de3a91e7564a691c110af36792ee587a6d8c8fae2d69de7850edb5b74f2cf1ee3a7512de

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe

MD5 c853c0bac7da514b0dc4b24f6e3b190f
SHA1 74a222642df6aa1b69647066c9b3ce3a1750461a
SHA256 396c8d6f8098a0a2604317bdc4fd06d3dce2b88d9377a3e48685ca725656ef58
SHA512 6f770644d35c0255cd5ec72f30ef140200200f68cd197ec5642a455a40f790e932b5853654216aaedd2cc5dfa508aa7a51c31f795b63287ee71f9a8d742fad61

C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe

MD5 74c421ef1884e4bcb86a1f763186e25c
SHA1 1f365ee0bc2574b4feedcaf5d44db9632546e306
SHA256 d7789fb59c9df9a2894d77ba01acf31292ff3cd19626f20340c8936972d390e9
SHA512 85db7ba09c15cccba9a184855609f93969d344cd5bf43658800e43c4119d695a0d1ad5050fc8087bc1dec79a3d76abe2307916aaf6199ff7a0ef7cf774c67101

C:\Users\Admin\Downloads\kgIK.exe

MD5 7abf9a6961b2800b98ca9e7beed3048a
SHA1 510b10f5ba078372a6f74d47aaacb8f5cba01339
SHA256 656c275a48d565d737f492f2132057bc0da14dcc3a0907fc9aed23f3f1908b5a
SHA512 dc232d1a277b9ab76574b29b7a7aa7c48c30351285748407ecbaaea7ec8e1ccdc39064b407ef67dcce9610445467862ced991c9b6acf5fd59152d2c91bd0c5d9

C:\Users\Admin\Downloads\OYAU.exe

MD5 ac74eaa8e765f9877342cb5b18a33e03
SHA1 579ae5fb7ca0c7d675256e9929eadb58f1b23e71
SHA256 d65ffb2419deadc8f5b2ea5ed7366bf61124d67dbc6a0ed5330656e944a293c7
SHA512 b829a3479ed6631d2f19947614c9df9e30312169fbe3b7ca2c21bdb9c536cf7c1ebe8e6ae4af0b0a7f12868b6a8a4a903886df9adc631f39960107ca13fa8b7c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 587d266eb43d244c168029b754208bf0
SHA1 2b362f2cfaa74fe7538b0b864677bb62819bb14e
SHA256 ce9f127b3ca6c89c0cc031700228a0b9489d35c21d1d4f391594132bdc86df32
SHA512 dd87e472e88ad31b4d636f8a39f4ac03bde63ae4043184cc3bd915fbc50e463942fe8c6eeac174f574b4d0e69d12cb4c545ddb93495da3e96f0c38137b378f46

C:\Users\Admin\Downloads\iwEI.exe

MD5 aa72a04e0aba0cd27f90145fefb793dd
SHA1 acf5813ab485c99d1b42eadb690a4dac78b0a50e
SHA256 1a686a9421228d6b3d80cd68e1fbadf5fbd9697ab15d52da6c2cf5000b6d9577
SHA512 d6d586f7f0f660da9678afae68d9c6cc7da3f531dc6c314595bb863106a10e3a5ef763e8d4656b3ce04c0d28c1069826c65ffbfcf29b356dfe7cefe9b728b17a

C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe

MD5 0b2269878d0b5e05a52230c1083118cc
SHA1 f5dbb9f54436768c230fb26af848db4aec96e5be
SHA256 09cf70d920c9b421a46403ea2ff07855f5b332a18373e09a2d63b99e9a7273fa
SHA512 99d6ffe460ed377819cbf03a94a9bbbb54b80304571ab1d0e09d1c9be925a9cc88b5d4bbca512b792bf30541f6167d0c6f47c80f2288a72d2cc8b1e86e822718

C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe

MD5 0a62892457b0057bc615585833a1cac9
SHA1 68df61eeb385ad8af05380995f50190727dcd38c
SHA256 8782e3525d6cf45914e3c0fefa5d79f853b276597508ca7c57ed0434c6587df4
SHA512 7a41adb0144bf1ceb983b6b1164de834cb434a2c5976e72f318c7a18f4a79e3f34e1276b89c5e87f5454a25beeb0b0c6b81a2f67afab0b5fa8e18c1ff0d3c930

memory/6696-5442-0x0000000000400000-0x00000000005DE000-memory.dmp

F:\US84A-08ZTZ-TZTXE-TRTZY.KEY

MD5 195fca9d228141c68b6cdb0b15062b86
SHA1 7c2b3f18f533ffb03de879dd95b45c150dfa91ed
SHA256 e08e849c50c24b34c5fd52e356e218d5118e1fc54cdd75f44c53c0cd3f818d9f
SHA512 5f932d6b29a275906438218f7b6f9a86454c33f1019c68a61c4a2f86238d3f10e79f5b65ac80d0dcb2722126c3a1234ac19701ad570d7ec3f74f5b5359635940

C:\Users\Admin\Downloads\SowS.exe

MD5 5baa333ae36fc9ff001417c2331513d7
SHA1 bbd531dd068740c0426f7a5e9a90b57d8f6762cc
SHA256 7a539e4bbc14917171aa98b8b0d8c9393ed2a2ba0ad76f52fa7d7e293d77e48f
SHA512 ec8e903bb320bafb476a806d9fa84a421f82add4002d9260c90ed6d72fa0f398b6d643e50d4bcb48a11cc64fc6a57c3a6caff009ebe5633096e72b5486ad9e78

C:\Users\Admin\AppData\Roaming\US84A-08ZTZ-TZTXE-TRTZY.HTML

MD5 c93bc7969c3afc1cd733fcc50940c0bf
SHA1 89ab6a2509abe3c23fff155a0a03aef1511015ca
SHA256 5cc3e63347da8d28919516af1bdb8505c80c82e9ede7b67f25f6803dfcc80c08
SHA512 dda888f7a76d531ae7d08c6019438c6032e6342da90aa14d7d7b272da3ce03746638bccc1ebe6b0d98e6dc939efa16cabee130b54b75c5063c65b7839aa864cb

C:\Users\Admin\AppData\Roaming\US84A-08ZTZ-TZTXE-TRTZY.LST

MD5 e84e78b7c592b01d62ef0fed15cd0eee
SHA1 6691b113a858c74ce112c72819d065318204caae
SHA256 0396691b7cd26f75b5d25e13582ebce11f3b1fa716262c89eb6e8f954e77066c
SHA512 c5a3a30d5dc5c068bffc791bf01a488acab9df4570c317b8d0278f74c835f92c762c855cab2c5df3044c9f81efbd8509ba188cf88af67f752a6fbb35a58ab794

C:\Users\Admin\Downloads\CIwe.exe

MD5 a7a72403f4e6a92799155233d4d547bc
SHA1 88160a71bcc03e5a96459d7353cb7bc818944f33
SHA256 bed6c51f4a0a1cb92bb7f6676da314cef7aee5c379e49ad1d320389b481d84a8
SHA512 0c65eb9c82f1560d8c22aa4cb9ee061b0b4a41a934931066f1388fb90f7747279fda0e2eb9d599498149029cab8b4cc3cc0fdedc872039a5e47ac13c8978b272

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe

MD5 13383ec2a190e4a6a217d3dc4afa846b
SHA1 5a0b5310aa2b0e8b542ce189ab57cbe34e877fe3
SHA256 742fa3b99347d96d81bbab4b96796c4b3b7e46b71131b7a27b901020dc2fe158
SHA512 d54dc8edf04c3d39c403d097888f0b88988069dbe5f034e4bc21ad5bd8bf29e89dda3dc7bb2a12fda681601a18c8cfead4d918953517e0799420a7f2ae589dbc

C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe

MD5 259b487528a48c8043c00352f1ff0bb7
SHA1 565ba0f7cb78803dc54240809469e9b6e4914b2d
SHA256 67410ead3384327ed7f1fbcfd50d76cfa4f4a7553a75389c2eb56bc4930565ec
SHA512 d27e8e974c449ce484d96f2346b3a4da17f9a44c74e2a0a832d48662b359471eaf865e9451fa3df11b381bd75627fc30385726ad0b8c8243e1c31e1da008f94f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 78312e7e18ecff0c85c463120b47fd77
SHA1 d4e968066e49ae74beec72f5073fb961e70ed78f
SHA256 4fe6e70bb54064eed557f74cb19ee38d931598d44ffdf965bde7d305f74deb09
SHA512 a3df6cf62393409ac45dc29f7caa7086415317dd24e56874ca6f05571bbb88118bb98fed62f9eaee6ff47eed96dbf1d91bd7293bff8d4d7c0ce1cffa68e67a9d

C:\Users\Admin\Downloads\WIsE.exe

MD5 53992f103f1a7c2a577c1cd1cf52c188
SHA1 56dda20ea7b109ae0e21447dfe80f0d45a7021c5
SHA256 0e0ba04a99cf2aa62ba1fe9e84d547d01d4261f0036edc65812fa804c9e28b40
SHA512 ed4763e2fd0dbfd4242318401f36afa4c9e33b61da6448ef8bd59126f56aaea6c721f3550f7b03e1bd145f9965a73f3b461be72ef8fc0aeae30f9712852268e9

C:\Users\Admin\Downloads\eUwk.exe

MD5 2902b5d0d06269da367aed7872963100
SHA1 09ec8c86db44a3f76ae05a9fd2557800063d04f6
SHA256 adeaeb516bb10ccf5eb9a60ee1fd8b545efcb179c07cc9c7444119f380cd6f8a
SHA512 be7a10ca63d44336653178f919fcc68c8c71ac76208ce76339889c1143c109ae49d3907867fa4fdf1adb90a0d4695671e69ed332e210c1f8c22f714f84e042ed

C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe

MD5 f67d2fdbacd4b557b919b013442ddeec
SHA1 90f138270f82050498fd96e2b7704d8ea1fbec89
SHA256 1033a60dade629923174edb697727007fe6d25cf339c8b03ff4d01b123b1055a
SHA512 be713d6dc11585eec7002b604c16db7fe12fa5c50136e7d0515103cbc7867520bbf2f4689cfd76711e73f5bdc95f9900e2def4e5f6c300232bcc2656d9bb9f2e

C:\Users\Admin\Downloads\ukIA.exe

MD5 29c8e176130d9a656e31235ea1cae309
SHA1 97bd75b4a7b7cf45f2f2b4a3bc8e4ba35db16a8a
SHA256 c63a7994bf3810002e9b3fa60bfd40d63a496ee0a8bc7056ce281d9bed2dea1d
SHA512 77289b076e1b4488d98ee4c4b6da57fc211381e3886380fc6c91a989290d1a57ed21796d0d7a3788df8616468826286acdcf1dc1219a25e969a83cfc93f7c10c

memory/6696-5725-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\Rokku.exe

MD5 97512f4617019c907cd0f88193039e7c
SHA1 24cfa261ee30f697e7d1e2215eee1c21eebf4579
SHA256 438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499
SHA512 cfbb8dd91434f917d507cb919aa7e6b16b7b2056d56185f6ad5b6149e05629325cdb3df907f58bb3f634b17a9989bf5b6d6b81f5396a3a556431742ed742ac4a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e09d9cab6d0f24633fc8525b152289d2
SHA1 5febba4886c8a61257c60e90559427361fc10fbb
SHA256 e5416baca9b5eade29741d3c8de5db5db933639e378fe32f25639ab169ddd2dc
SHA512 1dbf88ac92527b65bc2de214965abf52abad36a29a345fe93348629b7aba03985feaf483e22485ea7f9bbe50fa9dcc67f156abad0c51bc4898c7a48ec0d26989

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d0f84c55517d34a91f12cccf1d3af583
SHA1 52bd01e6ab1037d31106f8bf6e2552617c201cea
SHA256 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA512 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1af75b7745f96c9f76a6c4f1feff4547
SHA1 16cea759b569b2a45ddb2dfcfc2319d90dba6498
SHA256 1e43b6055e06462ea5f4420e97a2b47948a371a69ff9e2a5eca2a6976020769c
SHA512 74f97d62630293a492bbd2a271ab175cbacfa5827ce3802af5f88704bc1327f31549b79b2ec9c4529416a0f9bc8678ec55280740e9a31e77a81b75060d2243ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

memory/6696-5827-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

MD5 e469c13b0fd14fa15cde496f90c2d601
SHA1 fb337aa74c3f837111c2ae1d9204f14116c005a1
SHA256 b03493c5c5be85657e7cb42af6ef02d67e745f10492207d894d0c0244b76a118
SHA512 446eac467691c7bd7b3482e9883fd9eda110deba0c894854fea34b4bce8ba0d5fa4e0e2fc6638ee92bca8237d4e8db286f1c0b2343966637ca76862534d8edd7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\328edd80-3656-452b-9c66-5ce49064650e

MD5 6b657b2823be0fb711a87127f31f4cd4
SHA1 0d420c1edca7d679c95c2bf92e48cb118b13816d
SHA256 912cde7b468b5d8c9db0f578197339de7144f65ac8f679736d709d06ce0047be
SHA512 501230fe04baeb48f539ee77e69cab0fda035742a92d9ee105a1974b6b1f71c9374652a09cd281a41b686ec8f1232b44dab85329186716e641df38f01f64edfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\3c6afe1f-4a1c-4e5f-83e3-759ea748e40e

MD5 98a2678a7264e065d5a2f1b08998d14e
SHA1 c3ddb4ad5230e5937956fe25b4595e452e0f3bb6
SHA256 23271e9676473c4e3ed4c147b71ba9d46066a224e18a4ab49f230be9828c8eec
SHA512 7e3e4738b8e15885820d965e9a433f9550613c358665e448bc96fe01182a5925cf53a050101cd43ce7539fa70d239d800aa9289769c6b4490e083de5f19b84f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4218593b132ef69046825fec1140da9e
SHA1 e126df6643e1cbefb30a534d468b0cba555082fb
SHA256 29318872b9ea89c6e6fcc3e133964c0437119eb48080e2bbffc5010f4ea79be9
SHA512 91b747b784427ebb8459f0c7bf8598638add8b24112ac15832deaa62499ad186e88e6854eb1a48c0c72a38df3744382f00bee0d7e724459dda53d1c79ee8e681

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a3b2e7175fb933db6408433cbe7c8989
SHA1 f664b3394d9ac9dbfabe943867112b99db5477ea
SHA256 a11871802dff9021567ed592d71c7283d42361ecfd02d5ceff18da8066099206
SHA512 3756b8afffc2c9f42dc84219bd0dd22e58b066f03b4fc1cb057a616569ddfbae2177ca196e1770a5d67a5ebe26840510f8bc1b16801a3f498d72ef27c4748b06

memory/1432-5886-0x0000000000400000-0x0000000000407200-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f697db84df24dd9250221b86c230c829
SHA1 144eb4fe42a2878f00b13af2be275ffef8711664
SHA256 ec4409e10cafdf006b6c87cf8fbfe28c3f70d786f2aac6f4d01e42dae2000b03
SHA512 b9bc3d31ef1e984ca20ac6f13d08b360bd9ce8bcb9063728b86a25f6540c93cc7db12a948c623d1ba4f503983d285cb4554023eb00dbd19e589d009967ed5e0b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

MD5 7a22238136c7665e285512762aa5c5d2
SHA1 e19757448a2945179fe5f149fe1bfd3e690ceeef
SHA256 cf6e710b123c3b65cfdfbda414d3d8ed9d50d2198da8aefaf5a50d473d041fcf
SHA512 2d2aec13a3ae21843745f0fb5a37a78b797799deecdfaa66daf6eb5b5486b3106b947199331c448acd9475756487f45aacef5751c2d8c4f0d528c616b14ab048