Analysis Overview
SHA256
aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002
Threat Level: Known bad
The file AutoDox.exe was found to be: Known bad.
Malicious Activity Summary
Wannacry
Rhadamanthys
Troldesh, Shade, Encoder.858
UAC bypass
Detect rhadamanthys stealer shellcode
Modifies WinLogon for persistence
Modifies Windows Defender Real-time Protection settings
Deletes shadow copies
Event Triggered Execution: Image File Execution Options Injection
Disables RegEdit via registry modification
Disables Task Manager via registry modification
Modifies Windows Firewall
Downloads MZ/PE file
Disables use of System Restore points
Reads user/profile data of web browsers
UPX packed file
Drops startup file
Executes dropped EXE
Impair Defenses: Safe Mode Boot
Loads dropped DLL
Checks whether UAC is enabled
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Windows directory
Detects Pyinstaller
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
System policy modification
Suspicious use of FindShellTrayWindow
Interacts with shadow copies
Checks processor information in registry
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: AddClipboardFormatListener
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
NTFS ADS
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-04 11:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-04 11:28
Reported
2024-07-04 11:39
Platform
win11-20240419-en
Max time kernel
630s
Max time network
665s
Command Line
Signatures
Detect rhadamanthys stealer shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Rhadamanthys
Troldesh, Shade, Encoder.858
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Wannacry
Deletes shadow copies
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Disables Task Manager via registry modification
Disables use of System Restore points
Downloads MZ/PE file
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbui.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll\Debugger = "RIP" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\NetSh.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD8C67.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD8C6E.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Builder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\AoooAAQo\AusQAAIU.exe | N/A |
| N/A | N/A | C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\SporaRansomware(1).exe | N/A |
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QAUQgAgc.exe = "C:\\ProgramData\\ZUcUcsUc\\QAUQgAgc.exe" | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\AusQAAIU.exe = "C:\\Users\\Admin\\AoooAAQo\\AusQAAIU.exe" | C:\Users\Admin\AoooAAQo\AusQAAIU.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\QAUQgAgc.exe = "C:\\ProgramData\\ZUcUcsUc\\QAUQgAgc.exe" | C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\AusQAAIU.exe = "C:\\Users\\Admin\\AoooAAQo\\AusQAAIU.exe" | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "0" | C:\Users\Admin\Downloads\$uckyLocker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\NetSh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\NetSh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\SYSTEM32\NetSh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\Downloads\builder (2).exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\vssadmin.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645661370939889" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 8c003100000000009358c751110050524f4752417e310000740009000400efbec5525961e4589b5b2e0000003f0000000000010000000000000000004a000000000024a13000500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000000000002000000ffffffff | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202 | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\NodeSlot = "9" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000100000002000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\Builder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 | C:\Users\Admin\Downloads\Builder.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\UIWIX.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\builder (2).exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\Annabelle.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\NoMoreRansom.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\ViraLock.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Builder.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Ransomware.TeslaCrypt.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\SporaRansomware.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\SporaRansomware(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Ransomware.RedBoot.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Builder.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\builder (2).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ViraLock.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Builder.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" | C:\Users\Admin\Downloads\Annabelle.exe | N/A |
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\AutoDox.exe
"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cdfcc40,0x7ffe7cdfcc4c,0x7ffe7cdfcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1840 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1936,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4780,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4792 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3784,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4912 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6b3634698,0x7ff6b36346a4,0x7ff6b36346b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4624,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3768,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4404 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3368,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5492,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4844,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3268,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3484 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=2172,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5556 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4344,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4948 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=2524,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4288 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5604,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5760,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5768,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5908 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5776,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6048 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=2988,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4924,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3500 /prefetch:8
C:\Users\Admin\Downloads\Builder.exe
"C:\Users\Admin\Downloads\Builder.exe"
C:\Users\Admin\Downloads\Builder.exe
"C:\Users\Admin\Downloads\Builder.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5692,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5024 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3772,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6148,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,4842898398831337739,5572187639953813118,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=6060 /prefetch:8
C:\Users\Admin\Downloads\builder (2).exe
"C:\Users\Admin\Downloads\builder (2).exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1840 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc6c37dd-aa21-46a7-814a-eac69dab6277} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 25495 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b061d2fd-e81b-46e4-8031-5f87cd46ba91} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 3084 -prefMapHandle 3064 -prefsLen 25636 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72205cbc-31f0-4de9-882c-e64623426d37} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2704 -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 3080 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {626c04cf-75ec-4a58-b8a5-6eb27cf7ed8c} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4732 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4740 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {402c1ca2-0d45-40a3-b51e-837ccc7ff2f3} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5444 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa780a1d-3fe9-4ff9-aa79-80c7c09857a2} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 4 -isForBrowser -prefsHandle 5676 -prefMapHandle 5672 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa0da69c-b022-4e03-9c05-db69ef978732} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51a40d76-13d6-41f8-9392-9deee120230d} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6300 -childID 6 -isForBrowser -prefsHandle 6292 -prefMapHandle 5612 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5593b281-baf7-4bca-a752-2fd262b542b8} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6404 -childID 7 -isForBrowser -prefsHandle 4988 -prefMapHandle 4980 -prefsLen 27176 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61aa7263-eea0-491c-ae23-da41c0f9ad97} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6600 -childID 8 -isForBrowser -prefsHandle 4472 -prefMapHandle 4508 -prefsLen 27963 -prefMapSize 244658 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad030d00-9949-44a7-bcf4-c43678a2529a} 3532 "\\.\pipe\gecko-crash-server-pipe.3532" tab
C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
C:\Users\Admin\Downloads\Annabelle.exe
"C:\Users\Admin\Downloads\Annabelle.exe"
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SYSTEM32\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\SYSTEM32\NetSh.exe
NetSh Advfirewall set allprofiles state off
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Users\Admin\Downloads\ViraLock.exe
"C:\Users\Admin\Downloads\ViraLock.exe"
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Users\Admin\AoooAAQo\AusQAAIU.exe
"C:\Users\Admin\AoooAAQo\AusQAAIU.exe"
C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe
"C:\ProgramData\ZUcUcsUc\QAUQgAgc.exe"
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Users\Admin\Downloads\SporaRansomware(1).exe
"C:\Users\Admin\Downloads\SporaRansomware(1).exe"
C:\Users\Admin\Downloads\Seftad.exe
"C:\Users\Admin\Downloads\Seftad.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\US84A-08ZTZ-TZTXE-TRTZY.HTML
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe7c9c3cb8,0x7ffe7c9c3cc8,0x7ffe7c9c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,1137459727271959561,2604206016325316519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lens.google.com | udp |
| GB | 172.217.16.238:443 | lens.google.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| N/A | 127.0.0.1:51902 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.222.33.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:51910 | tcp | |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | 186.72.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 172.217.16.238:443 | consent.google.com | udp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | tcp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.187.202:443 | waa-pa.clients6.google.com | udp |
| US | 185.199.110.133:443 | repository-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:53815 | tcp | |
| US | 208.83.223.34:80 | tcp | |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.46:80 | google.com | tcp |
| BO | 200.87.164.69:9999 | tcp | |
| GB | 142.250.200.46:80 | google.com | tcp |
| NL | 194.109.206.212:443 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| BO | 200.119.204.12:9999 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| BO | 190.186.45.170:9999 | tcp | |
| BO | 190.186.45.170:9999 | tcp | |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
Files
memory/4800-0-0x0000000000A70000-0x0000000000A9A000-memory.dmp
\??\pipe\crashpad_428_MEADJGDIJZYPRYRH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 967a3c7c1afa2187a9a57e9d290a9d64 |
| SHA1 | 25f13d7a764deafdbe601496708b3f576a1f1c3c |
| SHA256 | fb153dd5c5cf8b05502d51a3b3805408d247b5758e6b85df21d17da57726b526 |
| SHA512 | adc73f4e8ba861ac8ecb842ae49695a8925daadaacfa3c1ff5972c6f5702bff8c469f3e12560f6bf1b05ceca736fd2ad867be607b726a95ff3745d9c6901fe3c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 488fac79625f47706ea0dd87589ebcea |
| SHA1 | 8ca516953a4ba18a3356db3affe235a5b6e5d414 |
| SHA256 | 3770b3908b93a9772c13ad2a93a19f36a106f32e9634ae6b71ccd6fd4d6b4e69 |
| SHA512 | 4e3a3ed70488a728a8a6e62b9b2c173eeadb59dcbb27d72aa888c0a82af4199568a43f62da17ec465e39c70205bd9dd18e666d9feca0655924fb33878a5b0b42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e1e91a2e38dca0fd959e3df9e3af329 |
| SHA1 | f3a259413c28104025631bc27392a46a162352b2 |
| SHA256 | 514050c95390f6e118e9061ef9b14224131f01b3e0fbb019e8d91a4aee1e8f32 |
| SHA512 | e557384bac78ab2462f62b818daeafed50ec9bb93b955223acc93eec8b8a74c2dc54647f513b253ecddae261e2b242ee628f5ccc25f326ad0996a21e3bc4a338 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7bea4bcab92c971b09cacd91585b424a |
| SHA1 | 011663f83509dc3783ae915635f1c697b74b0361 |
| SHA256 | e6f1188d92c0da67ac2c1cddfbceed645ba1d596516526e2a2d03cd5fb3e153f |
| SHA512 | 835f8cda208e9b89cc1845c666298d7c75a8bf29b47bd871c003ca3f57ef71dc48f05606022b270cfd54555aabb4ae832c0c5e9f0ad24d7345cfc94d0b5eadff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ddf74eb5cf11a3436fe2833bf21ede45 |
| SHA1 | b815d2ae20aafd12daa7249bee6dd3c2e1861340 |
| SHA256 | aedc5e808b43f613ef61ac86a621abec289d8941ff03d86f8d7752004ea0c10a |
| SHA512 | b31fbe26f1bca0af5759036fc32017b057ea959308642c4aa8c0a923cd0c59fe6c037bd12ae25c14321df196824ad2f8a72576e3a4830a401188f24ce5a0667e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bfd7bd0914c69d6b58a2035e3282a614 |
| SHA1 | fe68b5b706f3a50e9ed46cd189181011b3170869 |
| SHA256 | 51c6b6c9cbccdb00270f9b3f28d513ad91237a375b11a4deabaab14abc5b889c |
| SHA512 | 291af9876e25d85fedb6d5bc5957f72345fdfc11a5a651fc1d71c8b92235bf3908a1aed15498efb638cf66eabca12ebe7344b0bdf02df4b493cf79d1b6aa11ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6dabc8ec7cd042ab679e427e1fa0bbf1 |
| SHA1 | f32abc69c813147adeaac30e9ed778b32d92525f |
| SHA256 | beaa5ae8d08c884e89c4eba4add30d84f87bc82b13f513c7f64576de8c189d0a |
| SHA512 | b13f83a7be5db1faaaa49052bd52ee80c2292491809a7e1349ad4d2024e53cf16be62a909fc9e8f5bf76d4e9965e0bdb8f0cc25347f2945f5076f0ec254fef75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e6b5a3646ab9e0f706b9de4117c7c792 |
| SHA1 | abaa551e260e2cfb40328be1f5854f0e2d94ef6c |
| SHA256 | dec2416361283d11ceb2af1fe6e6edbc39187f48b1f6538c01f07f1b92e72526 |
| SHA512 | c6a645e37a4772ad6064276c2ee687148600dfe92fe5d68f66b59b045a579e5e42e6e54ce6d4a47edda1884ae47cf7af981f7f69f7a75511b0282d946d5c7ef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 883a7eface5351a36612593c6bfbfa87 |
| SHA1 | 650988a9b062b7b07a295e14a4408f2be7120e85 |
| SHA256 | cbb9f41735b45b0603935ead275df12704cb1050ae47b6ef793d7d041d086dca |
| SHA512 | 17934f2e142dc9cc7bdc7497af28a1bfcc43f48215c3fe3988c9eed14cedd6803f9232bfa479f08b2b4aa2ca28905714e6e95f430875cb0674be9d0788302f2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 481641029e2c0eb69ab54d7e7e5c0251 |
| SHA1 | c0d4f959164b0bc0013f125d10910d941262ff8d |
| SHA256 | 8a97ba5494ce1fbe1ac95fd8221df48c4f79cba49640c2d3828cd8d3684d3621 |
| SHA512 | c63e004af61f91788799b3c455e9fbe1649ea23ce525ca378fe574af74e6cb674aa8865026e2f695ccb786b463a7e46410955bd3411629d36d674d25fe0d5440 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 540791153b9642101bc7154e5b9d4b8c |
| SHA1 | 0401118eb0719c1c00bbfaa7a424a5c6e092ed56 |
| SHA256 | cc1b20599671c6b6a16ea4047def93248d93531c9236c9bc747b9404dc278a99 |
| SHA512 | 520d6b380828ca43bf3b6cfea115e432bb73993e337a3b1cffe4295e4b24319bd43586f798a10f2d485ffd06d2750986cd08776f11c04ea896e56a0791aca327 |
C:\Users\Admin\Downloads\86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip
| MD5 | 57b74cedb501ecda4ffa647d051ed167 |
| SHA1 | f04fd9bfb224664060245934305bec4ce2d26ce7 |
| SHA256 | c3ae24dd6b0e570611ea13b4f24e3b50ce0c6906c9ce3ba72105e4c91a660b1c |
| SHA512 | eaaea014ca91d459a89a6f1544617f3cf3801521187fe757b08144125fe02ecd880e03726b28e32139bb752dbd52ec4133f707bb8c84e8a9ad26da54353a4d6f |
C:\Users\Admin\Downloads\86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f.zip:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 44f0bf9af385f6caeed772161d1db3e7 |
| SHA1 | 6d36d3f30e976a7fee0ef74981e2df7a1307a8ad |
| SHA256 | ab6c209cf8ddf85f8bc7027ec5a50dc8c74ae124f4c604dd1b746139795b6510 |
| SHA512 | 12907bfd4dd29de6618fbd2c3b670b607462f1a1e675725fbdc511d21cecf1c1d09ac2f5dcb03d52a30d957bc2641c46bcb33c6a9741e556b3548cfbbc7d628c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f77e75f4d12382cd3c2d569d2c00e9e0 |
| SHA1 | d60971eb3ccb09eef1e0f60d1ff256fdee306900 |
| SHA256 | a4d6bb0b3a8c52113ecbfd1d5da695eee0149f9256364527fff23f38404e4959 |
| SHA512 | b01d3c45a7077545746a9aada1d10665aa48def5decca99d330ff82e3c4b8da09bb033e955eaf7b328344783819bee0c5836864d814e6bf5f0c9aea99ecf8e7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1824166ae27a90fa5c80cbe9c770cd7a |
| SHA1 | ff2f101e9a7878ed2ddd3fcac1d74ce865310fd4 |
| SHA256 | 53a851941d9eaf9fbbd74cd09b000e1e37cfd842b71627806da29120f7d3a4e0 |
| SHA512 | fdaf628a86fc714909efe68c860cdc0e6ec10391d8ab1997b077d3d9fdf223abaaf8b2d0e9582563fcda819898bd47d499dd226ba2034c2975f8c8502b025a11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e69cb93741db52d44d6366c14fe35369 |
| SHA1 | 7c73da023485924672d9ac865be572d227f3dd78 |
| SHA256 | 50d06f93fd57a16c1585114f826c2d9af1c7fbef80724cecfac0b1a50c95c057 |
| SHA512 | 6e674581016aae34ef7abf4cba779c71a28ec7ca3eba7cea8f210fa5b027520acd5f19b38f4009a48da42700ce090e0737dd1a5a26f338982518c35ef573de9f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9e1e26a442953522de75270f20bf1b19 |
| SHA1 | 2006879645f3e3a571c1d3e0e777073aa4c8b702 |
| SHA256 | 3bcf2e235aff9945a801949781009ba33d925c9bca547a62f661b82d4a8ecbab |
| SHA512 | 1141ea134e4b630c4818a72ecd0e709824576e4156f701b89c72221db0e6747936d12815a8566a5ed81d533f4aa3e376c1fa9819ba1d9207db5d1604e0f37877 |
C:\Users\Admin\Downloads\smb-z7uhqxx6.zip
| MD5 | e3c77aa32b15dd325a1399fbaa3b2217 |
| SHA1 | 6865c0aea8cb8a3a9e86d5ae6834954ec59a1a41 |
| SHA256 | 8125b8dfffa9e21b8dce873b091fec82505458951cdb7d0fe35e4a42e97d9e68 |
| SHA512 | 04abe2165e026da8bc4d630f0fefd79745f64791cfc43e4e639e2813e83bdf79de1cabeb12374d2b250e91d9dfb631513fa8af5124b3a24e97df1bfaf1fe21ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9f805a281980564b0058377d23c6fdc3 |
| SHA1 | b86ee622133bc07e5c22dd1907e74668f3fcf7b1 |
| SHA256 | 2bd09b52499678f7fc7435a7bc2adff9083b134b3bfa18da7550c451aff7fb4f |
| SHA512 | a9432c6d5f77e86cc76ee72d2fc2793bf13596b174a400eb4d62d21c7f76cb92158f518511f8f29db6803a56f8e4b5354c9c2a6d5d62900f0b6878d6d50cb9db |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | eae62ab9dd6ede1920345a088ca770da |
| SHA1 | 7c2bcdad9a4d71ec7c48c140f1a3b8b334e9b1c5 |
| SHA256 | e501ce8b5a35aa1bb4a387a341a2c581d8263d8f2ed280fe8f8e0bb481be70f7 |
| SHA512 | 1e280a4c178c35396cf1dabbea7e09b507948455781f970af636903105bbeeaebf78013202a810fa87d1ff7e2df2323222e03618d6cb66001c7893228346da0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f0d5f71d0ba27afd76782d3f1427a009 |
| SHA1 | a87358a6be0d1a4d31d7922fe116334a55a8b765 |
| SHA256 | 4ed4423afba51c000512b89547ddcc8e3c78a4205d7763af5d9ab04fee18dc4d |
| SHA512 | 2bc3e3c44a5c54011ec19fdc1cbbdb874a7a7a6f9c2a574f95cc71094ec1b86fc03ec2491fa6f531cee63fee78c1146b2d9da9042d3dc02477d5c577a099f442 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04d58ad81a6cf4cad232d57672e5db68 |
| SHA1 | d6fe9f0b40215b984fff1354b8a55f05a1396d33 |
| SHA256 | 94bf8fd766bcc9a8c54a7413da2dcf4ad8a56881e3065e7225dc003ce446af5d |
| SHA512 | 15cbd46ba1fb752a25e22921b86e03ade284c2fac129d4c46f1c835c8d9993dc660906d3bc0ac2b4a42c9b7e86f9a35190d3bb33d5e66ad615af4b8d963885e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a008a4e91d5eca77b9dbf5b51ab58302 |
| SHA1 | 375ddc613b10b874f86b1662503b312e76010bc7 |
| SHA256 | 8e21a05b6f0dbd690e6532635debb3880887651864d47be00202b1f390d4a4ea |
| SHA512 | e931bbc18f55a8b2c7dff5394a734393444ffecdc03122c274e56c67cf6e3b85089f52a2135ea3bf01657fa3539f26fb1d889c775d82ec71946fed5a4297c042 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cf9791b9ae8db681fc464324c09a6720 |
| SHA1 | 03fc43e02850afeff13dc9ca16f41cb25ccb4e10 |
| SHA256 | c3c58a826d157e76e166be3555dd377901cf0273f014156d667a44e0b7647d44 |
| SHA512 | 654f4eda03139dfc3eb3dcab02055fb3deabca70c54b34de03919345476fd0bb615b88a923c864e90d149fbc0f01d3e8fff0d5a8c31b2d08c9ca28146226b026 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d823687574fb5180e465be803a7f68af |
| SHA1 | 3232adfc6f9e902eb13176b9515f32b2bd34a9ea |
| SHA256 | 2dbe2ca5da55a9b7058b302786d48ae078ce3e044705bf82a4f622e90e948c86 |
| SHA512 | 8108079fb36bfc4612feafdfe5553c5d4e485c34bf2249cfaeb1c55c552d915899a7fa36e87f4e6ce1daa933752a1ddd189f20a9f5260b45ee8d1ce5e3c2c61a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 32be658d9da38ad19ecfac26a1bfb521 |
| SHA1 | 47396dbb6192d8d9259a8bc93adc1f8defef660b |
| SHA256 | 36a80599f0abb050cf8263b2f53246e80781421741e8bfbd920ef290fcd5f385 |
| SHA512 | 2cfc02fff14cce79d88c8d62b754bd2641092556da1783dca5a211792dbe4eaeda4996257f71713d6a2cd8ab3740fd4c70bf8e081250ebb879bd96a8f91858ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fb8e0c9ce4e1e9f821ca26f8615df808 |
| SHA1 | e822851127d9df7ead7203203098a9ef51aed16a |
| SHA256 | 7d226edff3acce657fec34d533497e7f640b72a7b75047d462bbed53f4c7493f |
| SHA512 | fdcd3a1b2febb3034278b03751ad99337f3a7e8c0479f1e50b7977bfaa4c7bf5f8526573bf800744e67536451ff23e7d7d101dd7399ad16ae865cc2cac33ce4b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 628ba8d31375849e0943894669cd033c |
| SHA1 | 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1 |
| SHA256 | 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6 |
| SHA512 | d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 669b1563b95fce26d9ddc3c7e9bdc538 |
| SHA1 | 275e4ae2606a0da908003b77ea06b24ea8b66214 |
| SHA256 | d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667 |
| SHA512 | 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 18afd1da750d6447a8954b3e2e0c446e |
| SHA1 | f8c8a7cbf81af5c9de298e031dfd69c1ec836f81 |
| SHA256 | 446938498d26217dd63160bcd02aa1ee15e7fa76b8f0902b459ec6db609d1cc7 |
| SHA512 | a033fcfacf5f9f74ce8a02ffb6adc4766fbfe1d25f86ee4afc54c5f3ca1ea9655d65f6c29c67e7a86ef28edca1e8b2fcaa362730e8a6bedbdd8a16b52142dfb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | 01088b35a7144b96e1c65db9ecf5aeab |
| SHA1 | 3d5b4a4fafdc3867adca4a4a640d6296bba06f82 |
| SHA256 | 66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f |
| SHA512 | bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | 8fcb818bc23425964d10ac53464bf075 |
| SHA1 | 396f40d25a7d38eed9730d97177cd0362f5af5d7 |
| SHA256 | 8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7 |
| SHA512 | 6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | f817e737bd803df8a4f12c1937ab0d51 |
| SHA1 | 24e172cdf9d4b77b0cb4c271aed4a7c9eba98fc9 |
| SHA256 | 17b0202476b336c41e4108aa245ac863c3e19ef8c5e430fe112a0900f0a18802 |
| SHA512 | d417d62e0fdcdfa883d4ffb317546e7ac5258aac538cbfad4eb111b134839750a65c55b5230507ff6912ffd272c0eb6317bcdd95c38cfb81c63b8e85b1359346 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | f31a1ab9f483d9db21349522e39dd16e |
| SHA1 | 01a275d7fc1c4f578fa506c8e0bf9b7787dd4806 |
| SHA256 | 463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d |
| SHA512 | cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | 8680ad8cc782b74ee7a15f0a042c76f1 |
| SHA1 | ec430c456dedd9a2360703a826491fcd69f6dd8b |
| SHA256 | af745264049ea73c66c1dc7783e59fcfe94c0506337867380ae638e694cfe5e7 |
| SHA512 | 7869afe9f737bc31a9c33b03014f4d5239cc48a798deabc0fdc835fd6736a99b17d181e57866ac960bbdb0d1e3e8610cf97bb01762435d8808ca56f1e74dc2be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bcdd8449e6333b0d3fd654a5e97233e |
| SHA1 | 02561fb22bf6a7786678f4fde0ccb6be087f4042 |
| SHA256 | a3781314f531f6fe44ead7821e8188e80bcda71e7e43a04201517ceb81bcd6b6 |
| SHA512 | 3fbcd13ebad8d8f41cbf9d4aeace339f5d6fcc60e0ceaa4149c87118ce6fe8ede77c61d52090bf533acbc2b49ce5128078d41c2cd57c5dba04bc4a13c02da982 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c98b3e64925a46b9_0
| MD5 | 90387106cd77c400a215fefc04f3c8f2 |
| SHA1 | 48743df5ed243f12612a9e39167e09e5dbba0fb6 |
| SHA256 | 2076c6c0d125302acd4f2c7bd32ff8704e7bac97cfc5b49bd7d039ebe5f31014 |
| SHA512 | a6f1b5749039fb656bd34e3be5e704e43283d2db5ac3915a93ca75cbe23f64ce90c39e728fad1cc2277e28c3d29a0ed9aacbc5e51600a37b8e574bf66d04b7f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9d1720df62d8bfab_0
| MD5 | 617f92773177c91f7394621ab99ca093 |
| SHA1 | 3112fa1f0cb9751f810e19c8ed30d347b8bdb6a8 |
| SHA256 | 5de2b86e1f04fb1eb0de544b99f80eaa1050381f92f38f82cbb6f6e05856fdaa |
| SHA512 | eee5e0bd4f6030e0f52d4423b3cefec431d046db8dc3139aa6aee49688ffeda10e59bb46f3b19400ce796021d60fe675adb3f42235c5e080ee14a9c58dc5e04c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a3f0ea67760a2a4d8699810de4e6fbac |
| SHA1 | 4b2fdfb19e07ddb99980af537f81b99bcfd7f5e3 |
| SHA256 | 9e8229a91685ee4ee3b59126777d39f71f86400ced0388e264298ef96e06ced3 |
| SHA512 | e771f236eebdc3e8ef60bd38bf5bd79231c5201fd02f350c616f71328f2a4124b043b4da33e3a290ecd6382745a950640eb2ecfd568ca969944efab480b973a5 |
C:\Users\Admin\Downloads\Ransomware.RedBoot.zip
| MD5 | 51250dabf7df7832640e4a680676cb46 |
| SHA1 | 74ba41bb17af6e5638171f7a6d9d49e978d8d3b3 |
| SHA256 | 7fa2bf61405ac573a21334e34bf713dcb5d1fc0c72674e6cebc48d33a4a14d44 |
| SHA512 | 43f898d7e5752312a79138dcce94c117a20fb6efd9e522fc1ed3cc2d407d13cacf5b6f810c7c1966c4c03217aeb51fce641feb31b26620ff239756132b17f57a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b987ec2314194c605f9877aeb3dde5a7 |
| SHA1 | f849c811d7ff727f9867f657376c0de0be1aef94 |
| SHA256 | 75d2dae05eb65aed59366ac7442ec230519147303fc667b14989a37345091e30 |
| SHA512 | e3b395f62fd671dc009d58ebf3293977d9d61f7fab23dcf1427b427257a3bb485aeeb7dd79947ca54c3f95bb841d8f2fe881cd1bcb7a1a0220b9d2ff6101aa6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f7b5a0776bdf9771b61e68c7a92d35fc |
| SHA1 | 6a525265cfe69feca59d9cd0f61b103685d75346 |
| SHA256 | 1d49c0acf4898341029f4a6f378b791ba5ee325916c42165bd158e573e4090b2 |
| SHA512 | 9a666d6b6fb1e327503b68e371a2370aa8f8be16ca1bb691b92de670509a013bb78f3f3e7dcdf5aa60adf984101f12939a41a1c427441ddac432711ebc02d0de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bf5944af560dbc7431646d09e148a5ea |
| SHA1 | e606ea28bd2dee2980a6f112ee91ccd06ce2e05f |
| SHA256 | e75ff66542d9ead3464b3e940c29151457767deaa00edb1a7209c70268527aaf |
| SHA512 | 03a70267b72558340654c079a275511e9d2ecffe3eec1fc40bab084e46c24235ddb5f706ccc5af8bb65a94dd3a2b56b6352e4784b68be79238613cfa44de7180 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c9329d76a4b523adecd0df757bc5ad29 |
| SHA1 | a223b853d9bb7aaacff30827804823e8fc1ad30f |
| SHA256 | b86b7a42086033ea2a1efd181cf1dca87c0ff9f65157c2b893df5472f55f4d77 |
| SHA512 | d7f025fab17d938edd42a8704353e38cf0a1c122f09a837ba572f2d4110481f4e5038f06d6830dfab2fdc19d873c9a193b6199270a760b683664ffb4f495c118 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e4e1dfec5843a20eb8e4907caf121e51 |
| SHA1 | 96443e2594446260747cb3ffd0be5507213a8ecd |
| SHA256 | b83d710f2dc7268291ec40d3ce163bdd53d3c53fdcd51293598ff478ea89d996 |
| SHA512 | ad48b0c874b866eb1c6085c4afa9beefe17758d5c9cf1d3fdf851989ab9f029686a3e0b691855f389149bfd32366324187ab79d0fa2d81414278407af29b4d14 |
C:\Users\Admin\Downloads\Ransomware.TeslaCrypt.zip
| MD5 | f755a44bbb97e9ba70bf38f1bdc67722 |
| SHA1 | f70331eb64fd893047f263623ffb1e74e6fe4187 |
| SHA256 | 3b246faa7e4b2a8550aa619f4da893db83721aacf62b46e5863644a5249aa87e |
| SHA512 | f8ce666ae273e6c5cd57447189a8cf0e53c7704cf269fa120068f21e6faf6c89e2e75f37aee43cac83f4534790c5c6f1827621684034ef3eb7e94d7ee1ac365e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 829e482a38bbfea50030617e7d05dc66 |
| SHA1 | 1a5e78d2b33035ae153dc71a79a8e341780c7aec |
| SHA256 | 9e871d24a4fb64276d5a8865a9e9df0dcffa6124cd4f67c20010384037168093 |
| SHA512 | a93c1771de0965da2934be40adf2694da02d1f449896f98ba49b577cb8df77333abc03f0280d79002d11290e54550ac245f84b72480fb78ad1d24a02208a02bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | addbca38cdc77c27f40b78c923b3ff04 |
| SHA1 | e0caeabbf63aed8deddbe091899236cabcf4aaf5 |
| SHA256 | 477786215bb76e3ded82ca55fcc14e09ba0c025b53bea05cc76debf06e0f95c2 |
| SHA512 | 07c728eb08cc9c2ef6c01700b65060a9852a387b51430bce929ee3874c30dad8b05e0db047b24515c57060e94d80de68819e28a82896f3a7460ddcf24ff21c70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fdf130ef4924a3866f809aad1500a1aa |
| SHA1 | 1e8dff9b87490ee640f50db054e3f1719ba03c91 |
| SHA256 | 7278c2d8c14929d1f50771bc54580f318aa3ad8e6a05796a0006599c6f2b7546 |
| SHA512 | 8af3e5c685c0b4c96aa0f20dbc1e7b11319308003071a0c51cf76ecb2b5b525577609acd33892ea4fc418906e4a12567cc903aa1cbf567377be3e9b7e27d497e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c95a3f26c76f6040edfc956369608065 |
| SHA1 | 0fa5f188599286371e4ee26fef6e081e0ccbcc4c |
| SHA256 | 015736b2370c188f1160b548b5f7ab3f31a649de8bcc36fb73c973e053ee33b4 |
| SHA512 | e8d04b11d5286ca2d38f615fef54c9ebea8ec5b276a9c0b034d62ec5ca0948e5b9d679c95927b0346dca88a1146cf23eb2a32d98abce0ebbc95c59ce1940ebe0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 5ed224ab8fd9cacd242c8089afef7882 |
| SHA1 | f67b3977b7c96feca299d0bbaee81ec5341a324c |
| SHA256 | df47c0172fd9f0d49a15495fd0ddaa36e884a37be51f6dc392a0346e8300d33c |
| SHA512 | d58127ac24c04ade7e261c8160b4a42f5ec919b11b05b2e7b98627026bea1f3c5209da4b95b7400a658954b18d4202427131e4d6f738ed2350a911a4efc542ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b
| MD5 | abdf0b9a89ff323c09bdad98a6cff41b |
| SHA1 | ab29fc25543f0004a133a8e3e4fe29201c33ff40 |
| SHA256 | 6a32a827b465e7975b45d0528d3e482523a686f6df4da09f733c94808946d189 |
| SHA512 | 885f90f9dfcf2ccb12a5d6641490463d6da0f7068037bae6668a79b28b33d3aac19b0bc79190108fbad8408fc9a14a6900500bb527a641cdfa511bc2b60dfef6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ab3617095c7b6d10_0
| MD5 | 6d01c2f1dcc50eaeffa361965a6b609b |
| SHA1 | 5c428add73db103b17f90594e69d7858fd5291ab |
| SHA256 | 7c457ac4e62dbd9aaf7d0b1856675de4b7b5c430e2267618fd427fc260f50dc9 |
| SHA512 | cdeaea987e0fe3123e536c9a441913e634cd685bd6ca37f066a1bf089b139d7c2099f93470f59d69ae76452dfc37345bf72741b5921f769569920b4af03f290d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ac1f7dcf2bea264_0
| MD5 | 1bb6c9b53fe27b02d9bdd6b21b16a304 |
| SHA1 | 6094d9ac408c9a5f90a6cd91138c33da9ab1d4d0 |
| SHA256 | f16a94b49bb5cace9bc8ac198bf5b3dadb177f9ece8e2e9a42331df8a9510e51 |
| SHA512 | b9c7ce966936ba18c1a624e7904e681049b9c0de3971a78832b22a464cb26574b605fbbf672b668d8aae1a79b2cdcf7d20faf1110bd4fea216ed911fd9d8018c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4a58397873cfc208_0
| MD5 | 3c587e96d68751e924884975f0033974 |
| SHA1 | c8c7014ed2309f595bb939c52a449390e9e2d23c |
| SHA256 | c4d669d0f9b0f0953a615d795baa65978bfe88c2300f01c95b8e046436e28081 |
| SHA512 | 6032f2f413143543f94a5a96befb917e9dbd1b8e0b227e96ad0cb6280b14ca10c65af60684e11c37c08595e2e0b1fc1a4380bb7a7ba98a9ef3034d5e4c63611e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b569aefc09088b45_0
| MD5 | 743c6c5d96ece5c6f7212dc67db895dc |
| SHA1 | 18773386f1374a7efd5efce2d19b1660bff7596b |
| SHA256 | 41939207f59eb71b9f2c981461766dc87b34ccdd0c0fb501afbea3b9c6a5c686 |
| SHA512 | 9120c9d242ad1771bf92ab340140d2d62ff52f89e508c03a8a3f76f6a66f58f88651196a3745488a5d48c5396573ead0de63f5de3c371705a569e78842d5e3c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54d038a883eb59dd_0
| MD5 | c82bf39a0edd2916552691853e7eba87 |
| SHA1 | 290772e7150924d5acb63185f8e03c715daeaa26 |
| SHA256 | f7e2f3dc01ce331393cb38c50ba6e01a5fa6aed92ae8693c88f8150b35d75c91 |
| SHA512 | 69232a3974c3fb0ef6b3faa29876bb239bb9f24c7cbff978c8a29ff831376ff6f38de6561e3df77acc07118fb8f6623fa0fffb0d7822209bd66c19732f03fcbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4ea1d72338bd933a_0
| MD5 | c1a500245fbc0aca72f02df62c467187 |
| SHA1 | be9a3795429b5c9610f5242f88315514e0fa9e3c |
| SHA256 | 4b6e3298a34c0a2635a85e096c222e9393a0f66d5954f92aa1d5d97e8808121e |
| SHA512 | 08394ee0fb0a4fc80d43220b07afc3cbfa30c76d9fc14a85f6e5c9c58a62e2056687d2fde365fb1ccf96c4594b34a4b07715c1a5b7f2759ee63f985db7b82c65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3c62bf1d64a9ae01_0
| MD5 | e69cc6f8c79801e13fa25bc87fe3c365 |
| SHA1 | 023518da17baa421ed3cf36f0a1ef3e265724ad6 |
| SHA256 | 24e8603f0640442de603b14bd8bc2e8decf82681818680426289937f7f8a5757 |
| SHA512 | b4539bdec140cd9bb3c3b520ecdf75d16c82bf5ff184bf2297a586d43f5f4b5e743934879fb63b040a5b458104e8adb0478860472e434a59609d1dda08ea48f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d97446d89de2b5c4_0
| MD5 | 87a3358d770ae33d10d5cb18bd55ce95 |
| SHA1 | 2f60fbaf5b7bad36d3016c6486cdc76e4e494b61 |
| SHA256 | baf02d0590594619e55bdb02b42cc6fea1a60b7341b03457538fee38ca2f0023 |
| SHA512 | e807f04910404780cc405bb49a739c5ab4e14cbf0a415513b84ac4794fcd6d52cdb4e553983e73edea6d5b813d2ee17df5a9a3c29da5c58ed801890dc8ef2bf6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ea0651ac727e1903_0
| MD5 | b724169938f83b691874345ac354301a |
| SHA1 | 1ddd5bce130e3f81d5e21365b4ada08b8cd9b81f |
| SHA256 | 0665c35ab4ce9bccbcacc4df0cccb7cbe4efcc8e5384a2497d2292d15ba540a4 |
| SHA512 | 446e7d5a3ab80979c662b79057ca6d98cf4b18ad5549ab85ba8ec2f743d5e868a5ccb92a92fb60485942f1dc3e1d5a9efdfd9239d57ddafe7ca2e5237e1812bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\fd1bc9ac805f6db7_0
| MD5 | da785152300c88e6766b8eb83abf9941 |
| SHA1 | f6372d540be2bdce477d2b3d1dc439fc240d3f53 |
| SHA256 | a3cffdf0e346b2ab59441e60da6531f8a0dbbbea0b8beb05edf534cf51d00694 |
| SHA512 | ea951398e63a13df2e611f997cc104a94649a129f96a9c05eb721ca60374a184e9f4d8127d7e1b7bf8beb5396e22a176e9ed62478df961d2302610ab2b8ade1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e9bf643e30184d46_0
| MD5 | a52e10f4445b196fc09ef258d10b02ba |
| SHA1 | f9de9bd1e0719983a9195d23addc18d4a192a2eb |
| SHA256 | b5fdfc348747ecec4d94c0083e5ecad7f226e364861ee9220654bbcd60907bfa |
| SHA512 | 3ae71b0f12ded435cf5c8980b8ea820ed30f18b132a694e7b59f2e4be1560ad6be953cfcd04ecf372499498152d101168e331060866263acdcdb994454b667d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08cd4f688689d170_0
| MD5 | 1d878a9c26e5551982f8591ab18951f9 |
| SHA1 | bc4346d527438ebac16ba4985774e764e66ded01 |
| SHA256 | 87b3ff29c1d7c6600cbfea0cc190d8b81d799261739ca7504f269d9246697d34 |
| SHA512 | 3efeab0daf89b1aadd4aa80ab480ade057a9bcabb0bb600d82abfc7773607afec50b19c2539016bdebdd39ce99cf0d0d3c0cd4e2069cef0283b05a7e7fde96b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b5c0b0d2ff0cad95_0
| MD5 | 121b896bdf67d93fd82708540a62b0ea |
| SHA1 | 3dd5e01925a6c503eee56b8b0df75e0ec0af2f91 |
| SHA256 | febea6681e31de1cf1a3d36b6ceca2354ae9ef9bc9d45499c4ab9bbe5b819c1d |
| SHA512 | 621a26e0901143c7242ae94f6047d7e09884bd83e1ac0cdffac060a30c991d8422e9c42c57b94054d1b9d7b526516f549af58085ad8191f606d8903d3da29dc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d41d72932ed3edb_0
| MD5 | c04abd1397e12e30cf7de874757f2372 |
| SHA1 | 7fcbfddfcc07c7546d9110a7bba5317b975c0c71 |
| SHA256 | 36969b7e1cfca548f1a24c7ba2dcfe8c5edceb1d943b0a65ed41a8a81b50b5eb |
| SHA512 | 35e2e012e13b11ba0ca9831bfb09d878fa94bc88ad40ed957f28223e563e922381132144d12b72001641dc56526f77420fa175f14ab45c173dfdf57770fdb5fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 62932b138cd4edbb4334c66dbccd7d49 |
| SHA1 | eaf25ebc9bb2cafa5006ae22d1a3939fa687be35 |
| SHA256 | e0c4de7fbbbcceb6ef26e9ed13084bca3ee52208237f941931d5e77b99bc1823 |
| SHA512 | 5338bde5e86129286e1f5baabe50175f18406913da59f277965d648e866b5a054977cc907a04714aaa99d5e7938ba29c994a1064da3566615afdef26a97f6ac4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52e9ddf82cc76531e606d26bad59c881 |
| SHA1 | 0fa31ae0e72ef46bdf3f6dc1bf787027a4d36c24 |
| SHA256 | 500d94d8465a5ab6cdae504ec494eb69c92f7397e2ee7b1b04ac11074a72b5a1 |
| SHA512 | 37c790a25cfce70635994946400912ae69f68193707fa7b89c8e0ba4a92cd334e40c2847e5bb8ab6abcc36e08c57b6d0f517fc40a40697455c8d49415bc6dfc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d17cda7866ab0908fc03c122f1024371 |
| SHA1 | 0004500410fa3a4c4cffc85de2c45a68e8448f66 |
| SHA256 | ecec04db38d4edf2b2388d5a89c6d984637e25f9e0df6110af69f25e3cc26ca8 |
| SHA512 | 1124571591d3cce7c399324515a99ebf9ac8a1b29bc562e9dac8fc2ed004260e13aa03e2c4ad079eccfdfa733e50cb43e1931b6c18141f32be8b97d2d6f80fdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ffec49747856875f_0
| MD5 | 6a493b7074f7416bfa3763b809203885 |
| SHA1 | d255910a5b970f224430ea409bf7cbee754e0989 |
| SHA256 | 06fa78a0198ecacde102e29ebd865b28d1e33b8e20530e016fc9eacf476729db |
| SHA512 | 934798f6e6413165d30ac54eb389b27b3933876935847fb2c844d123d9813a7509c56a68ca4e74df216d5a320a9354e7c18b432619feedffda1e5f31041cbb49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c81e4900073e0500_0
| MD5 | 9ccad4a554bd1f09557e7cff8e59fe77 |
| SHA1 | a3e320da7ae52d81f43867c4dc02d7c952c0b611 |
| SHA256 | 301e30ed0ff3b63bba2c1fffc12445d8adebeed3b868faa7ebcf9e0301bb12c8 |
| SHA512 | 58639105d998055b12d4fe42a5d444a32b9c6ba882b8d84821f129a9485d031540ee423780e93e13f02fad8815721362386c8ea658cea5778fe70b6d551b6402 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5d75c19266fa41f9_0
| MD5 | 172156f3b2762543648be528b9406e17 |
| SHA1 | 9010641729ef2e29c082d17194107168913606a5 |
| SHA256 | a11a935a6f11faa18ce94e46f085fe452345ff4a14c3d472cd5777d831f3c465 |
| SHA512 | d65865b6db8c576316647bc8abaf67208e8f48007484435c3f39b9a516a6f2c5b8e9a17178fbe501a79587d15510fa5331d75bb6649c8e5c2f7f4ec983f31330 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d30f03f86919b101f66f8d4893f7c107 |
| SHA1 | 7e9bc04b3edc5d4c54d3c45b3edf2d804656cd41 |
| SHA256 | 7c3c6c0e1d301ea5cfc9c83bc23532078ca6c63a7bd0ca1b048fe6044986587d |
| SHA512 | 952dfdbcc752b737b3cd6f66f0d70a1b934af86dd66c2a56201bbe029bb11d8669c978d1e30ec7220f1bc93158f9f6cc0f49aa6d0d83be482db3da83e7070718 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 316a251124650dbf29cb85b08ac7ff1d |
| SHA1 | 08fe069c01d1180273db735d6d7f31eea90c48c5 |
| SHA256 | 3a5cd4da48541aada536a789da892b09732501040382a62601828970e1c56288 |
| SHA512 | 4eb7dab111cb40dc21efffc8a0d8ff2d76da25d418951673acdf9d5a92a814d25b09c0aff6a38e458a08877e4742ab86b1a2809464def067b4414567fd32c166 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cd37d67337081cbee70ca3b9658dd4c8 |
| SHA1 | 352a5d6f4bc5057ff1c43a76f7c3353a47280ae5 |
| SHA256 | d39a8aefa6b964df2f974aa60f2cb7f60a2e3caee10cd53127b159bdde4f5613 |
| SHA512 | 762bb69412f8e1142b1a50fc790bd9f277639a04391764fddd53b1243888e88059ebdece7533147ce8aaccb94c0e433dbd7ef0288e5ab70baad9335ae0a8f278 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04f358b340b5082942cfbb2b8ab687c8 |
| SHA1 | b5b3f08dd862fc29625b3fea44ca68814a908c13 |
| SHA256 | a27137fde4ad991a6dd6e6ec5ce37529672fdc6e9ba919b997cf1bd9dfc7a94f |
| SHA512 | adeba01395e7432ac0b9e0e37a5eaf26c10ba5769f681eaa400e3cd802c828cb256650f57d00fa21fd88f29454cd48018a741354d9e4bf6874d075b33832667d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1745c43ad025c4c4_0
| MD5 | 683deefebe61eeb075e42e09662a2ea0 |
| SHA1 | 0cf5b9ff875a44d605364fd4ce973a68120dc9cf |
| SHA256 | d7fe7e08ac13dc2f05097054583befd5ff6e9c3983aad7cb859a6fee1a9714d9 |
| SHA512 | 28f1ab708a248be62583960c9eb056718ee2841905b506b118a40d7251ab909922eb256c4aa54fd19ab8ab2ce3ddec47fca38dc56545b438900b0a2d845cfb56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 332e983e8d5839b54e4f57b63c8e0a69 |
| SHA1 | f074d646f6947f7b30180c45204961331341b79d |
| SHA256 | 5550e6938f4aa403a7ba4e7fb02943dab9b7ad4b097179c750e7a5229309714f |
| SHA512 | 91d716f510604d7687017e8055cca225fd0fe06b70114680d377b1e9dbf479a0c673362300049dfa2f23fa2066374bd7c3d2fcb3bd834c91e3b56ff386cd7678 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b4099e3d4186d74323a0564dd6bf05f2 |
| SHA1 | 40492b3b0889368e7dddd6ff237c0530cb793e5c |
| SHA256 | 861be27e44799cbf7cbca8c7ad252a9bfecf66291dff278cc550507581469590 |
| SHA512 | 960f60710d84a207470b3f5c596246bf5cee2239487a78aa978b69fd5ad73bf3458dd239e5a7aac406279fe365dde3367d8088b7f0c8c3ef94483e4ba31110e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9835b699-28d4-44db-9b09-1f7cefc7674b\0
| MD5 | b7168ad00de75d915d8f190fd2fc7f50 |
| SHA1 | 9649120c0ac38df2b6de2311615a42af3c0f74c0 |
| SHA256 | 2e06212485cba108f8fa800cfe0d489ff7268dfacd8f6c44859275024992b383 |
| SHA512 | c1df45cfa0deb0d4c8fce391a1f8fd8e0ffa0d1f6e3181919ce05d6242460d64f67d494776bbfbb8df8aef5d3f1bd4a6e13b3450c143bd68b7a8773b2e77f042 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6a136dbd8365a15e9d84877edd9e2d32 |
| SHA1 | a978819b5f6a3e2e28150b9b9575cfe53a94865c |
| SHA256 | fdf58601f314032c1977f9308ff82d71d0b4c5274b99d87e7a0188aa82788894 |
| SHA512 | 3a1b1ee03f9f208a581184aaae49a3d3f3502f6fd5526b50f59ab4e01d3679d4c891a30beaf97c04d51c482583bc98f42d260a86c56ff3e1fd77da2395bc0e7d |
C:\Users\Admin\Downloads\Unconfirmed 171600.crdownload
| MD5 | 3d23be138a92d240705bafb560fe7641 |
| SHA1 | 770848d7138aa024dbf62a55c8a683a811e12b0b |
| SHA256 | 0be2df522979f3742885ad87a3e7c1eb9994d79bd5be9c6dac18dc8ae0eaf691 |
| SHA512 | 5a24d48525d6bdbc6c49cb08835f3e1bad6a6144282cf99f122a0c04a1765487de27ecfa13749f633a5d549800ee43246854d5762d0dadcb864ed5bac9f126c3 |
C:\Users\Admin\Downloads\Builder.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 059f04d3788ec09930077ce44251e2cd |
| SHA1 | b895124b59af74b749f7b1c1f6943b00f4c3a774 |
| SHA256 | ffd906f7abc842a580c5bb7f43da15148ede23c99a2e61cd19a9b10d7da39a8b |
| SHA512 | 2b2a0dd5ed13d315539ec0488f224051b7aaaf20819ef558c5894d11662285b9aaa59cf7f08fe598dc79af2737e32de609e1379e1e5ad858f016e126fab69728 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d35287a83288134b317a22689fe80f0c |
| SHA1 | 859c450b27ec98062df13d43ee65fdbd936c7597 |
| SHA256 | 3991fee832e282342966131d082ff74bb8ddd255c0ed5257f7098ebdb4e795ce |
| SHA512 | 651af85b5e92f2764b0772def0133bc5011da1c0c7b9f7bb92d8ce78277b75c4a6ecda4d30e078fe38470a9aa54c2181d045acdf39224e8030448c8a8799309f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 573ca3a4ae9eaf95a682a47d44f43e4c |
| SHA1 | aa6f5e196d018c86eed854cb123cde872911643f |
| SHA256 | 388d0654ee68b98de798cbff13eb1432bb8e05021f59e38b71b62a63d04597e7 |
| SHA512 | 6d2740f5568260b4a44c21d94a6c31111c7d7ec53afa57965fdf30c3f3fe9e54b3b92807114217018ef5afb18c11705c5f00bf810639154290a2d7edfca50d66 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\pass.exe.manifest
| MD5 | 87ce88a694ceb10ac42180572b356ab0 |
| SHA1 | 9e8fdd1dfccbe4680a54df6cc70fe53edd2656d3 |
| SHA256 | b4e03b748be257feeebbc29e4ec915c3fad2c10cd55491b68645972b5a91c561 |
| SHA512 | e232914e6e2fef4d2ce6bbece4ccf4363e948dddb79d956d36d0ddf20971dc7af90302fbbab53cf52258467549bace3b6868b2015aa8da1cc2fc9be055e1edc2 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\python37.dll
| MD5 | 62125a78b9be5ac58c3b55413f085028 |
| SHA1 | 46c643f70dd3b3e82ab4a5d1bc979946039e35b2 |
| SHA256 | 17c29e6188b022f795092d72a1fb58630a7c723d70ac5bc3990b20cd2eb2a51f |
| SHA512 | e63f4aa8fc5cd1569ae401e283bc8e1445859131eb0db76581b941f1085670c549cbc3fedf911a21c1237b0f3f66f62b10c60e88b923fa058f7fafee18dd0fa4 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\VCRUNTIME140.dll
| MD5 | 0e675d4a7a5b7ccd69013386793f68eb |
| SHA1 | 6e5821ddd8fea6681bda4448816f39984a33596b |
| SHA256 | bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1 |
| SHA512 | cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\_ctypes.pyd
| MD5 | 2f21f50d2252e3083555a724ca57b71e |
| SHA1 | 49ec351d569a466284b8cc55ee9aeaf3fbf20099 |
| SHA256 | 09887f07f4316057d3c87e3a907c2235dc6547e54ed4f5f9125f99e547d58bce |
| SHA512 | e71ff1e63105f51a4516498cd09f8156d7208758c5dc9a74e7654844e5cefc6e84f8fe98a1f1bd7a459a98965fbe913cb5edb552fffa1e33dfda709f918dddeb |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\python3.dll
| MD5 | 99dbd61e8f7f81818928207d8b1209ba |
| SHA1 | bb299fa92c1f6bc73441f9d5aff7ca1243916104 |
| SHA256 | caea9ad7ed099acf1fb8e9481480def0ac0cabb9d368bb7043fcdf2e2829d121 |
| SHA512 | 8a3c4331a016b68f3105c9a3b391e803b0f1d03e4c42c81e316a624133ac8ba5a13f919e5f1bca4a7ff661b411058cda950029f875416c7d946d468b0d38af5c |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\MSVCP140.dll
| MD5 | bcf85f55392240e2110b0608d0cef70a |
| SHA1 | d8067ad8a9046eb34579b09d94cbfc4af13c1dfb |
| SHA256 | 85a415f7aa8a1e7d10e05e713c91a3aec9bf3f4c821eba10df2d20b1a02e3882 |
| SHA512 | f7491c089e0fe92515b6bdc4f0de0e9438bfa5ebbebaeba59ad5f214f95e5a853af53a53bd4b4b8e1ff2402599402f380feee7746fea83404e22c0de096a8b92 |
memory/3412-1503-0x00007FFE67B80000-0x00007FFE67DAC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI31442\Qt5Core.dll
| MD5 | a80f4b57820f780308b0ecffa1a30180 |
| SHA1 | cd74cbe9a6c27d932da28b89278bdb2996492c8e |
| SHA256 | c11d06bc24f9f713fad6c0bbebd79ed279629e011d0fc70905daf59e8abaf630 |
| SHA512 | fb0ae80cbaa21e4c5e303ebe50ba56e383857bf665e3dfa89f1bae3a8d3a865a0f81b26c2645ec67e854f73d57cc44e16f2975daf2ef4d3514d59d3b017fe1e1 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\QtCore.pyd
| MD5 | 3a07596a0f2a9f59c1b721498dd988cd |
| SHA1 | e7e01a0b8e70a4df5f589d65b41d7c34f62d706a |
| SHA256 | 3032ae31e92fadde157b77a47529f157a79dcaa3b18ef65d7c98722d552c7f48 |
| SHA512 | 41dcfe2c946de4c3d5fbe4f152f204d9b8fde276ce38cb11a4ab3b2450fcce11645da109cae353aac19e3afeb8d96d8436ae2544387dcc5d50271709a7a3f555 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\base_library.zip
| MD5 | f4072ae533cd57507a8604de67b1c513 |
| SHA1 | 8c3492c5da1a3320f54377ec9111d20e0fdfd424 |
| SHA256 | 4b9fd10a57702913ca57a212e55ed118e96fb6fc16b96fec3617d1d73e60aafb |
| SHA512 | aca0288d7df773cad87f25adcc159f8d5a03542ebbc7bb345b5396c15fae041aa7b043ff7e1069382c8fc6c5a1e0c78eba38361b5c06f1ce84ddf801c89a4069 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\sip.pyd
| MD5 | 67b3a6ee1fedfd798069f0f19a311f29 |
| SHA1 | 54e214becebf31ad5bd50d2ff17f8ec47f89e752 |
| SHA256 | 76d8bb25248d576b9e392f9f121f41d455695b666014929a71115dee7da57250 |
| SHA512 | 800ed7b4d8bfbbf0a37cfd184ff4d220aa96d522a812a94ffff4d8f51242793ee2902f7f28131e5c707ade26d7ec10ea369aad6f29369b72b1c8c4a884235520 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\Qt5Gui.dll
| MD5 | 3af67797dfc7eea99a336eaa50be472c |
| SHA1 | 36bcbe26800cc7dbf7a2a03dfa8c45a1375e3be1 |
| SHA256 | ebb2ab1de48dcbc1f23a94968453c8610ab79703829dd2a949e1242b6666d52f |
| SHA512 | f5d1ccd5072b3a85dc37ba2ad248f80daad7c68a6fc84df8c8fd27d421de3996441fd843c03c6e38c72b4c646b099e424eaa9aef92c963bbf93b05e07676639c |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\QtGui.pyd
| MD5 | ad0730befd2237bdb71d82f54a9d6e81 |
| SHA1 | 0380b5ef9f4fb539fc4dc5fd580bf5354c5aa402 |
| SHA256 | 94d397aa1b00f208a5c6168a03aaa077baed57f5887a29d2cad9a2468ba3fd34 |
| SHA512 | bcfc5947f3d7fb8df0255c0ccd95aa5c375a6083591da25ce7809721c8b36e11721a75baab0f98184e5a89b2f09387553853cfc5908f595662b8d910d3628bde |
memory/3412-1512-0x00007FFE67380000-0x00007FFE675C1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI31442\PyQt5\QtWidgets.pyd
| MD5 | 7a2a43dc9476d28efb035e1fb2fa6f93 |
| SHA1 | a24cdf7e0851d89b77119cc810ea4cc4a51aa9d6 |
| SHA256 | 61c26c22f8acc5c706e3611432a5f1be4c91a9a7f3efbf201627d0931549f0c0 |
| SHA512 | 6f35734228dba885637e848c5b59561bcd0542fe4380eabfb6df3053a95a08437b69d9814a60a8d4f49208e5a0e23d710f8ed718eae0f7f878335c229ac8a462 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\Qt5Widgets.dll
| MD5 | 518da42c3cbf41f54a47df3129c3f69f |
| SHA1 | 387a40ec9a7111fbb507d1efe6e985db8ae52bfa |
| SHA256 | bd7040536cd1a5dbb22c6f20412390785349b900fee0599e271ffb90db2fb934 |
| SHA512 | aac1293c74857a5a2029b3d8c32a23dccda26865a018a3c2a8915af93da233ab85ea8401be99ec4709652934164fe973e933124b2f95b2c797bac5b554e0b342 |
memory/3412-1517-0x00007FFE66880000-0x00007FFE66D55000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI31442\_cffi_backend.cp37-win_amd64.pyd
| MD5 | 178e59320ad837ee085b52f633eeae6e |
| SHA1 | dffe0e46694a0e784bc41e4702ba306c53148363 |
| SHA256 | 750f7b735e09feee3323db8e0f20b88d600f3155bea2124efeb52d998f43b565 |
| SHA512 | 9604633e5b726c2cf7394684735b6d441eddb786cf863dbae89d2b16b642d6f7f23fed56a8bf13b366984e6ae19e1134f4891bb369ad3aa35bc4f75de87e94bb |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\cryptography\hazmat\bindings\_constant_time.cp37-win_amd64.pyd
| MD5 | 4b7b76cb2aafdfc5f84471c2e215aba3 |
| SHA1 | ecc1fedbbf9cb0ede68a53416060d6dd4efe714d |
| SHA256 | a3c7186f8135b4e2c88238e3a8fc19b270c84f58a74cd84f2e0ac82f6779dc7e |
| SHA512 | c144e708bf150f736d0b48d7a29ff0799290c33aac8c6feec687366d1ec3b3751d8120ba9ebfd32f81f11b02445d431c48725f612f149b02f08d1aa2e8bf5321 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\libcrypto-1_1-x64.dll
| MD5 | 022a61849adab67e3a59bcf4d0f1c40b |
| SHA1 | fca2e1e8c30767c88f7ab5b42fe2bd9abb644672 |
| SHA256 | 2a57183839c3e9cc4618fb1994c40e47672a8b6daffaa76c5f89cf2542b02c2f |
| SHA512 | 94ac596181f0887af7bf02a7ce31327ad443bb7fe2d668217953e0f0c782d19296a80de965008118708afd9bda14fd8c78f49785ebf7abcc37d166b692e88246 |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\_hashlib.pyd
| MD5 | c3b19ad5381b9832e313a448de7c5210 |
| SHA1 | 51777d53e1ea5592efede1ed349418345b55f367 |
| SHA256 | bdf4a536f783958357d2e0055debdc3cf7790ee28beb286452eec0354a346bdc |
| SHA512 | 7f8d3b79a58612e850d18e8952d14793e974483c688b5daee217baaa83120fd50d1e036ca4a1b59d748b22951744377257d2a8f094a4b4de1f79fecd4bf06afb |
C:\Users\Admin\AppData\Local\Temp\_MEI31442\cryptography\hazmat\bindings\_padding.cp37-win_amd64.pyd
| MD5 | e603ba5b458a75d32d56f28e77f82991 |
| SHA1 | 0ee1c5da744970afe67506f3b2e67f8bc67f91d9 |
| SHA256 | 06a59a3c7e2097f718c7d2fbac4eedf68f239cc7a335916d27eda4eb742bf0cb |
| SHA512 | 9c5db19e5a949781b282fb208d63b61949666b17b9f15efb3e7fa74e44a121e555d746bd2ce2b3339b756942893ffb0313c8feae0a9fb3d703715626f0d9ec27 |
memory/3412-1518-0x00007FFE66330000-0x00007FFE6687F000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024
| MD5 | 938dc31d2f35dc1246db9b2da3feb1e1 |
| SHA1 | 4be7b831da6438258d5e66cac62f0fc8b16950ec |
| SHA256 | 2d3784c15029e41998ee878b333c1dfd23556964ffb6334c7f24e810a913bf90 |
| SHA512 | df07eec1b86ae76cb5ff2ba8b01a8152f2e6d4448be6ff7f11a68e6215712b9190a41e4c03c9dfad2a9266c88ef684b54e8de3a318d7d8c390ea2f52fc7ac102 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07bf6f06d05f3ac80392d410f6a553fc |
| SHA1 | fb577b26ab231e6098730486fc4e3f2c925725c7 |
| SHA256 | d31164cca553f7511bbce8431300fe507d7b3d4a8482753b4190cf0219f19b18 |
| SHA512 | 0dfcacca480c33506fdab8119ea2a8e5f0fb062532ce1528b03cf0477b4f9798c0e5849639a6be8347195166df66cd929bd59e69003b994ca73ba12ae95179cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 248b6528aeb60ea519f3ef99684d9519 |
| SHA1 | 074434d263f065cad4b5fdfef139fc78532c61fa |
| SHA256 | 98be78020d71e04442d58d829eeec989a9133c3bc3b4f19fe45526120679f03b |
| SHA512 | fdaa4e43081d4c4ec1442d914854c3ebc135b3293ed90496eaa14319dcded3f645ac205a9242296fab590ed482d79090b65cff6b8e7bae5399260fe1f6ff169c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cafc46c0d758ff207de109b0d6377db8 |
| SHA1 | 64c8c017e7a4cdbcc1e018ce25d25863d5742fb6 |
| SHA256 | 08fa9cad7e6512e5d2b3a466eddc93ff8726b729c8fd1873daed407ed0c0abaf |
| SHA512 | c9f7bde3f4ddf28bbdf99439446ccf90651351c149c1286530db2dc711d6bdcd2f7ec329dfbd30217e33bf1dc4e12707356902b879b8195d4925ee8c8ecc5a8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 37c9f9e795a5f477cb3ad4f4ba70446c |
| SHA1 | 3228c9110b089411fc2e6f6278935369c652682d |
| SHA256 | b8ebe26f555e2deba7fda79234262b91aa96dd382c50bdb2f083c47a00068f6d |
| SHA512 | 1e97c51bc7d3963d1f299dfa4ee40e94843fbbc980493a496105b5e73c9b7aab63ad6fd56b6c705dfef3e4a076f5c6e57ed6a09dbaba6d8015ebd56c71b9c853 |
memory/3412-1587-0x0000020915A10000-0x0000020915AA9000-memory.dmp
memory/3412-1588-0x0000020915A10000-0x0000020915AA9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3852485779429a734f4288ad4ab748e0 |
| SHA1 | 0cdd5489e627615b7daac7f4e2e76d644d7a2dcd |
| SHA256 | 2b9c2a1b1903363eec38806b6d97c9b3eba760a3f4499a09ab3c4a6884944d15 |
| SHA512 | f4ccc9fdd0599a538739d60f20cea8fc5ddb50d41c24a5bd3b00ad247d15741bc9ef020f8d509cee52a0ba2a2123f306b0eff40a8eaeea22f91f55da85b4460d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\aefc6aa738b85828_0
| MD5 | 645ff2316e22a817fa82baaac2077101 |
| SHA1 | 5bb42433628dd1f4ce16d19891de879d8b2da139 |
| SHA256 | e08858f5fc21b70174f20d3d6adcbbf335a89a238c8e37b677a988589d367b14 |
| SHA512 | 6ed31cc6bfdbdc9d2424db1528ac68f60d5f56dda388714605065b7988d5fdfc9f11bae37ebdeffc88158ab879653a6013a302556079c5aee3d47a927f8c5d82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4e56f0fa0bd575c2_0
| MD5 | 278670f85a3a888e3b16f98dfd93db22 |
| SHA1 | d0fa8f5608f1cb7a9c98269f4e20110c227d898b |
| SHA256 | 54d84276a377cbf7f102c55c237dfcb0f60fb427897c04c305e0dbe61db8dd44 |
| SHA512 | 03c91e0dfb9c046f7b88429e1966b77af66e48b0c7e51251ded3d9fa1cae1e85d11f3655fedf8c76330384a8ac4b19d29503321b391d1f1c35c3eeedef440cc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\301f634159d60807_0
| MD5 | 0d1dfeefffe65e3c1ac5be11f1b9e996 |
| SHA1 | 2a52abbb2ded172131b5e24bb063b6c23bf088f6 |
| SHA256 | 4cc56d599eb3e915db7e30a5ec0594884936765ed47959e84ea1be6399522feb |
| SHA512 | 84ff2eb04e28c0172c153e2742fee64e53adf1e9db2d4985fcdd5be9c9f9a5b088f1b8e793a5a3e4c4c6f4fa92ef0d00d944ad5cddae343112d4f335684ae464 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7b803abb1510575aab09c8a5992ae873 |
| SHA1 | 6db99cf4e4a99eff3f036654f856e1da8b74a429 |
| SHA256 | 91663fccac0f04f305f26b982b7ce548559c7e98460109dc9091901a188b5716 |
| SHA512 | b4aad3ba9e077bdae386098c544dac64b7296aaed18ab1ad389bc6ef20ebe74d2d75bc64cd939234310f200c513afba2a67d8d8bd5f66cf00d09c129df3e3dcb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\810be8be04a5747d_0
| MD5 | c1dd9ec274c71b5e7e0423bad078bed4 |
| SHA1 | 3665166a280f7ff72eee1c208d8eff0c36b13b9f |
| SHA256 | ea655bc54c47e8b1a04094b92ceacdf10776bef5a143a0b816b739aa5ab5579f |
| SHA512 | 1e4881cc9b6117c5a910609019788a79b6bc96dbafd3722ceb4d77277eabe2cc1af44c807358830537cbafe9b4e275438c9873117c42c714b6709503a9965850 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\68ca572c61516013_0
| MD5 | 204edc7a2df55cf4dde2072f9de582cc |
| SHA1 | 2aa0c505a7c0403a9d6418f5181943b56ef208b0 |
| SHA256 | abeb2e3914d3ac7babf429a524c0e2c394d3a34edda3a69553b999ebe2ea83ce |
| SHA512 | 093b8acef253c15192e4816fa20ba3f6f630e88bfb0eac3991e60ecc3ed9ce1873148db09348f24cc8d9823678511846ced6ae20e0b2bdd17f908d20c911de2d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2d126e3f70574156_0
| MD5 | 9aae11704bd9df9f26f6da93375fdd43 |
| SHA1 | b0deb6e9af2d179a99c3320019f3588d7008ae48 |
| SHA256 | 1162367c11cda981e9a7db8e6a83444e901bb5c801cc83283f95d0efe6b411f8 |
| SHA512 | db3e51676818c61a4567bf7e07d3cafc17f64c6ae8a36ba08d2f1348282b9d3b22df94ad6fc5c258dc2206ada595f07df66945b5f2219d0086fd9ca9a386982f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0cada9a030443487_0
| MD5 | c2c27c8b6db3ec90e72447ac4107de69 |
| SHA1 | 0a4737a6a5cb60ed690b269d4f7d1777e3389f08 |
| SHA256 | 80b6a6de268b93a8df688771dcf1a7596f0373260b18cd30e286738ddd564e56 |
| SHA512 | cb6336d0699fef94542e4aec0852f0aa01b198a9e71c0db81a9a6d3ca4321438d100d159041698b38afaacbff5919f67230c8b7e7a5d5d2b711e8b066b1bb8bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4d16950524d46b9f_0
| MD5 | aa8ffb56f810dad2e74114e6594eeeb8 |
| SHA1 | c171bc60f022ef74cb4cceffb0752877932a219c |
| SHA256 | 8a07a353a7a5d4babb462f895ad169de74af9992204adcd796d6ba22bb869c49 |
| SHA512 | 75cf2e0bd0cdd6eae021a6381bef40313979a91292164d31296ebe6eb3241307d1d0ff3ce95bae1ba1e293e77ee9dcac4889b4feb187606901ac9b931a172afc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7c3ddc02d3a02223_0
| MD5 | 090c4b5ee43490d658c203a9adc8ad5d |
| SHA1 | 2c721def69ccbe84a94c5f880e7b74764a93aaf4 |
| SHA256 | 93ad713ed6776ef6a62859eac915b5c15f435a2c4f570ebd652171e04b9c9031 |
| SHA512 | 6f195329abe124ee8eb07e68f9ca73f28489dd99a28685ad5fa7e19be8da0443531da53f06289ed4b27c7daa083956e00ee17ab9c49be1e4aecfe669905dbdb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1ae2fbbd5601556e_0
| MD5 | a24504145844547e998935d50493e2b9 |
| SHA1 | 7158a6d3fac98e60b1615048ee7979f5b83625ca |
| SHA256 | 9ca0c6c8458193ead4bfc4faf91461fa2363402d41bfe4a8a0159b7f25240ae3 |
| SHA512 | 4d68143daa708505812b14b3964f3017bb3b71c485298d9d54887cd3d0fd5c034dd86ff7335b46dd6868224ec49e4a8691236c25f9d4bf6aae22ed5f98d5bb4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ecbeeccabaef3922_0
| MD5 | 612b463b2e1660bc55b6771588ddc0e5 |
| SHA1 | c90cbfcd6582630b48d07047d8720c03444f9e33 |
| SHA256 | 70ffb7dadcba2d41b080c3a7ce9ab673aed10dc616e38c04167fd4d2234b4ee1 |
| SHA512 | 6d9ff45b976423c58f7d91b843d190dfcfcf40befb265d42d291a6221f77c41a328e3ee0f6625bd1a5e36cf0f155a425044e97ec64a304adf503d478863a9043 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c1a9bbce361d6373_0
| MD5 | b627144ebb45938eadc42e0a55f0a4b8 |
| SHA1 | 1f86411d082d5ec0d8965c30aca46a0d677f326b |
| SHA256 | 19c39c7e503b2a84e87358a48395e5623059590b6d4875959c1c1851621336f4 |
| SHA512 | e21604680085399bf3d9595d080890da3902e76a8e55fe5c4eba37df08ea912953a749c2c5c9a870b3680fa8caa4063c893ac2a57da82205de9c65be8a0e4934 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5ce68c2ec4ad93f27e0e637223afd446 |
| SHA1 | 64a05424b9a788a31d187f9f047dcc777b6229d2 |
| SHA256 | b0e4fe2e5cfd9526a2aa7d309b3d68a2b9d0f5513b591024c5126e6d81a52896 |
| SHA512 | d92dd7ee002f950664ce7dff4398de67282412bdff7e2a18fd30e01704044644a128f32ca0977f225be53357b6fa638183ab4327284bcdcbb2f1bea7da8c1d7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\13c58574-e27a-401d-a343-b469a5b84234.tmp
| MD5 | 40eb098f8ff6eedefe0c6c268ec657b7 |
| SHA1 | 0d213a55f0f6af7d2ab2fb647a54b082659bafc2 |
| SHA256 | 97897f0a2a97f126f7a0c839b187d6bb3d2508254d82a9775eb3ad0679154701 |
| SHA512 | 44cbd06bfad0acdd4aca99351c7bc2a383c77b6944ddb812ade18a2e3f664e7c61df5e8d02b50f619a1e228f62f016bbdf2afeff2c35eac2c349d2c00cee70f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5b441808f54e15d47d4ac3f0497f850f |
| SHA1 | 1f9c5d887c754f34392de0c2adf7478c897b0797 |
| SHA256 | 5911445dddf75556f05340f2f8df8cc835a7e0f310792455d752857dc6c8719a |
| SHA512 | adc7dccc96f8d3310df04236c30ae69e6120d35bc5be54f445c370621036e17e992120a944460161f3f8f688a6f383a8a4b95ca772e771db1d0f04849db2130d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c303d9b0fba72bfcee9b51de3d31f01 |
| SHA1 | f102fea4d79a8bce5039a79d1463867d886e5a25 |
| SHA256 | 0871dc47232895148130828ccc94163e53d8885abe8b7e81e34fba55a6e5bee4 |
| SHA512 | 64b845b38700551cf3f4d2c2632d682a70f102643fc1a8248a94e9314e41e0b3bc6e313297be8fd00ff89a5693a7fe4012b5fdc8a1db6b4c8502c2fb6c0184ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7ca7e34d91bc25a8a539dc1c5a4f3852 |
| SHA1 | 528d2b38a51b20f966339a4a4e205d8539868ce7 |
| SHA256 | 51cf959361e990deb0aa3c89b5760b1631d5a9360b8feeec984e55bc805628f0 |
| SHA512 | 2c04ff452e19dc3584c412d7183f0c0b2b519cfb3c67ed54b4696fccd995689c1f0635ba8018a0eb720d975f39f2781c4155e82c105776c86d49441cf26bf8a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a65c88ae520e9f4446d4195c8ba329b0 |
| SHA1 | 0df6b28ce7f6e1b4620c7019f3f0b134447d3184 |
| SHA256 | 6c96fc746cb6eb1562536409869141eeaf3445fd5af25269a3772adfe14183b1 |
| SHA512 | d315ec3a93f90db623b2fd7f3b723ec586b7eeceb8cbcfc2d1c79fa47b312439f5b278b9e1a1b18c447ce97a31aa3847c2f7651532521a8843c7095ebb04e542 |
C:\Users\Admin\Downloads\builder (2).exe
| MD5 | 515a0c8be21a5ba836e5687fc2d73333 |
| SHA1 | c52be9d0d37ac1b8d6bc09860e68e9e0615255ab |
| SHA256 | 9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae |
| SHA512 | 4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f740ed6e97267415df2d4852764cf7d1 |
| SHA1 | 38a76d6a9b882002dd604b52461523b96be25d23 |
| SHA256 | a6e8d2bb91730b47ef4c63f6cda0e609b93ea712ab9289d63353307077aecde1 |
| SHA512 | 4bcae86c193062badb222df8bc5cb07acb7588f6f603e75cc93b683940e2338502b0e6f1fd88de2075de5b6f21cdf619e16691dfb55db5b030e2f93af03ab2fe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6af578aa94ae06033516482876dc4528 |
| SHA1 | 21a808d88fb37f1f4f57d31c158c51431addc22a |
| SHA256 | 663719ce4f6664717b126df11ddf3177eb8332387d75d8bb014cd1a973dce9dd |
| SHA512 | b6701a6ca91c050866a8dc1476ba45207cfb2c6062d179b92a31a024f33af1d80b48923edbddcb4d0c3ab2a8b53d5e35c09f0e2c35541953d4fb60de58142501 |
memory/2004-1977-0x0000000000700000-0x0000000000707000-memory.dmp
memory/2004-1978-0x0000000002430000-0x0000000002830000-memory.dmp
memory/2004-1979-0x0000000002430000-0x0000000002830000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eff074d6264239add097bd10d53957e5 |
| SHA1 | af8fc917d6eb0078d9121bb01c6aaff6908d16c9 |
| SHA256 | a9af933df8fd3d20ec6d076f0ebd3c1d4d799404da61e9fbba960cd6c868b0c0 |
| SHA512 | 5e0cfec134c5b9884a07837a184db402edcd429aea821ea0f11e7ecf04bc9113ded5873e724c0ac935234658793b88b4c24c38fb95c12292100368a651940610 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a44671928752c6e62599f1c84d7e3f89 |
| SHA1 | 85fc3a81f7c4039eb3bf4b80b1b6c7c471a9c894 |
| SHA256 | dbffa9bd550459ae0bf391ca79bcfec91837bc4fbaa5a50467a7a837e306e43a |
| SHA512 | e3085d1f101e7834487b17b97c836de503e3b8cc7f26047943bd76ed900ad05880c4f26539cafcadc06bf2f175dadcfb63fdd463c27208517e913d23324ec3f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 43402ddcf41a4bbbf6438ae92247965d |
| SHA1 | 5ad75f8fe1f243ac85679eaffc5a6a33291af365 |
| SHA256 | fda0505a434cb141673020b84435c800783b044e234e42191d152f0a22e86a54 |
| SHA512 | 729177cc3541535a34bbe21783ab6286f05febce26e79ddd12f4c1029984cbef0f9371d92998fbe8773333090397e4f19b675b5bb27b056e41d4da54abe114a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd7af0208d08777308f6e4e5b585b747 |
| SHA1 | 47c7b2a9a46bd94d91d52c04396e559d142f3fd2 |
| SHA256 | 840556a5ff281defb27b80c9b64172467c6ad7ebe84cae9ca520bb0dd3b8ec41 |
| SHA512 | 80773ffa815d2891e50138c83b0e1e355e4cb2327561331610444caad67bf4825fde51dab6b4d14d3b18f7f63dc794a29fdf566732a81d3ae224ca366f94ac2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | 01369d5062d49b270c8dd6ab535bc403 |
| SHA1 | 39c654df64cd7386081da8108f23573f331debab |
| SHA256 | ed672ed37bfdadddb835de8c346655a17b653094197a2d6080e6777fa59785ea |
| SHA512 | de704934135717cb62e4d15ef1666e78b3d43c17ff5d50b279c21a5318ac2ce0cea88ebeb17b66f4668e1ca1a8801bdd6bab0194b157b1da6bd90c71b29da08e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b8ba73711e9a1e1e60dd7bb19ff2f1e |
| SHA1 | 756b512a3f8ddea25b92036c7d2e8fa9c6e2b3ee |
| SHA256 | 80add9c36d5de52830d4f8d4429ac3b8d8128bff60b9a45c3ace8705281a2f1d |
| SHA512 | 13a76644995b5498bb2fb21310e35f42a9720615524f9e06282d100c1d5b0b74df385149a48716937b36a5b1b8e6900280ef3373310b7567a05e2f4636ac7c0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5d09c8f7202e5ef531d3d032a7841dbd |
| SHA1 | 5af708e3043388dfbbc13af2df593507f9868248 |
| SHA256 | 5a602e2d0c668923f2889029883947eb9f14991394a7f422a2bdcd17f717fd7d |
| SHA512 | b1b37281241a5de43b7accc917f171d95babd53b8dd287859a854fe710d31228705dbdfaa8f9128d0c41272a0367e69ab64c80e2aa37c2b9ac966453451b2329 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2d38a98be4d98feacee150b4a9bf1047 |
| SHA1 | a98b21d0efed4c325ba9082d44e51befbd16f404 |
| SHA256 | 80c1bfbe249f3c3dbe856f2f145417dc416b907764c5549b4f86f5a5bde77ddc |
| SHA512 | 16c76871eaec819c481cc2d870e96e4dab1d9d3b07c8863298734012010a05ffa38d12eb28d7fa8131e5f6181b4428408ca9e2c450e81647d91a75ad00b3ddda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c7a33b6b43dee6460f3c0deeb63ee308 |
| SHA1 | d7e71bee405f97a982c0201477bd6a2746927bb5 |
| SHA256 | dbc2d22952de7a756bb20097f3792928e5c58090585ada41fa51aa319d1dedd8 |
| SHA512 | ad830527e883ce1492b8cff4055c3f1e54cb59b099c17fa2601dfd8c1ed6c0f6f14b4c1208ae4610d313bc14d58a99eb42795b8dea5376e731cb21812dd922d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f926b9f1ee90581d2ef48956b1bce357 |
| SHA1 | a2b7e10617e295c0c68bf22aab26d7138e0975ec |
| SHA256 | ea0c48453f46798cf88a78c64d49bd789269a768aba0ea4dcce7af3f31e99721 |
| SHA512 | 9f12e6cfe61a32dc55503708d378e6db2e46467251cac2e5e120bc1f438019dc0236ef421b03cbb5fc9ef4a967c26cd1bdaa8e5b840098308166357acead1e7d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e48c4b422a5a7b053ad37e45589177d |
| SHA1 | 9f38f2112b8b6eb75d2d6aa4b3afbe5764f11430 |
| SHA256 | 71044a681b24037894f754e062b3e01c400025026071772fd88e39a124fef4e1 |
| SHA512 | 96b291a713e9b1c938a087069072507c1b22a9dec033603500601fac166b9a3db153fe732e5aa74a39a4d6a2ab423b3a72b6661cc7c9812214bc86775af706f3 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 18951ad4190ed728ba23e932e0c6e0db |
| SHA1 | fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0 |
| SHA256 | 66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915 |
| SHA512 | a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | df6c710d4ee401a1a854f8a667ad8cda |
| SHA1 | e53672c50ad83a35696f9abc89eeb0db3c339cbf |
| SHA256 | bbcb16d3683fe66dfc936774587f83f62c6f786eb31658969062cd2a6692e7bc |
| SHA512 | c1162aaeb4ccb002d20d3ee34c0c848c08a43e086fe63ab2aab5579bd45f94de39aa661d8d6d530542b4bd11bccb073e2d580092360843e965036dc5262c5193 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\03b4af83-0ba0-43fc-ac1b-7eb5748e453a
| MD5 | a9bb91605cf7c389a4d44b008df1179d |
| SHA1 | ee63707f37ead09f1ebc002ad950d9361723bad2 |
| SHA256 | 858e8957bdc0bb4e1918d2998bc62f39a67e0b564b8d240b62c02e156356bfcb |
| SHA512 | 8ee2598941e9e11536fa475e383eac637bc720a34cdeba1b3e9542b117e2bc1f9180e9dbed236507e6110f7af5b1e10de263f09a7f4ad836a1a4c6bc993b8f95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\7988fbc1-9bb5-43db-84bc-2561a2c01028
| MD5 | 969b55cf172f5c8ae02a67ab103a2af8 |
| SHA1 | 3cf2f280f6d45342c85e3b7ea9af64273f22afc7 |
| SHA256 | 189d66af93cf4d1900aaf4caf0b50334e5e012f12cbd495e489b97fbb0f0a249 |
| SHA512 | 184be81998d0010d95bc51a219cfd8031ce80cb2dcebab9cc77217b639090d161149537428a7b432058733c5b044bbc52ceafde9ce96779e060cc93c551af4b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\2cfb111e-21ca-4d0f-b7ec-1b917bec758a
| MD5 | aa583ceda80f9d56d9e2f7aa574c390e |
| SHA1 | cb968a27f2dbea6d23413bb9faaf10c6b6d25c78 |
| SHA256 | 98a532286840824d1d16ccb04fc20793ec1b85c04b3e87cd3878d0e8387b414b |
| SHA512 | 64a81059a920d1a0d8cd1f897d155b88f64ccaf7cf5dc3aff902bcfb77b9aa33be5ca74aa26a9dec61bc769cc05f531ae39bfe6065471061fa0d232e6762a0ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1dcb8fa36ec30dff78cfb332aba7bbe9 |
| SHA1 | 246b23d3d79fc0d79f7044bcce8ab2f8deff85b2 |
| SHA256 | 04a3eea63f15173910bd01e4edc0e1376f253a9755a8b76a57c412a06b1dd595 |
| SHA512 | 3c55e9f536a11f54baaee8fd11c279beb027df55377c51690f1a285965ff028f67d5d9f381f8711266f111a3fe46e4263a2d90629270ab822b289978e1ab5a2b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | 75dd9e0f535578e1adf84d131cd488b7 |
| SHA1 | eeb45e2818c9523c4dc8e38f7f89a83a0502aa19 |
| SHA256 | b18b7baf140073199200c0f72e086c76b24f4c8f06d357b0c369e5214067cb36 |
| SHA512 | 66d7dcfb44a659960cd38d5988df40f376a37978f2dc5e86f5adc7d89c752a0ec4189b4ac8924e12b80014124a3ea314ac54045600342f41b675cf3be89051e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 25e4300c801bfbb00dae8ba999e0d755 |
| SHA1 | 06700161a74442f11b6b0950118dd670cdef8f44 |
| SHA256 | 5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90 |
| SHA512 | 8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
| MD5 | 24f143b645a0f86872330c92512fac37 |
| SHA1 | 6931205f1cd5a3b373d12e3d1191a92726bf57dd |
| SHA256 | c35b217fa946160a7c4092bcba34d2ebf84c15320973fe1d01df079abdc51040 |
| SHA512 | 84096e48f3d0048e88069b7e594cc107de993c269d60073fd2c17497126d6c92b771a2d366afd1ba6255808b1f35590215a4446d5d684bd4347b780c055a0ded |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 33f1b20b02e9eb322acbd865c82a4fc0 |
| SHA1 | f84a0b500226c838b410d94fe389360d23c0e09d |
| SHA256 | 1a5759d595b569230ed4cfb47b7c461310c02a03b0df7793ae661fb127ec6bc4 |
| SHA512 | fd811fcc33dd208fb1c5f923874ff89e5b07dbf8f87b479c895867477aacdfb028289b24ae774a43fff8d194a51db87650ac687a16fd78b462c722911e92f185 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1261d95fd7981a603b2075d0bede11ac |
| SHA1 | a00eafdffcc4917b8cdb7cce873ba7b3d18189b9 |
| SHA256 | a0310e514c818949ed378564afc036610aed0e5e0febb2f781a1e519007f316f |
| SHA512 | ff5b07635e2cf1628fb3f5f53e2c3e8165dbe5687f3cbad235b167cc4417af1822c548f92f1281cbb8e87ab1592552eb127c8c5ae44591a210ed5c213e5a7c3d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8A011D3FEBBDA9B9C46229715A74F1937B2EEC47
| MD5 | ed6993476c7506d028fba0b9efd86e8d |
| SHA1 | 61199363a6b02daec4791c6eaef7e28c6508b047 |
| SHA256 | b721776873b5c8886c8324bc472c676a66b531a9ae6d28f7d83e8a405605d2e4 |
| SHA512 | b507cc62ce67a1a777cb246cd03fda17deaca17e2532a73ad77bcb796a09377e38af6de7159de62d09b7c33d9bb555538d0e16be40b4686285b6ef8bb7a3aec2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2aaffa57bfae6e1d8e6dc90a39340e8 |
| SHA1 | 430fd6488c8610d2706a59623aa2c86f78486478 |
| SHA256 | 0a4a8bc9f7573e23a6a949cc9c9540f42124e2411eeea70278c30e782b83c7f5 |
| SHA512 | 916ee2bf7cf2bbb23482ec51bffb98dfa9fee927f40441e36ce947ec690fe7c404b1aca8f53eb788f36d7760bfe58cf8f1ee0f0d20f7672fe4703120d8370d72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 31193231d85721650bf3d77340885785 |
| SHA1 | 722d92c3935e4657b23b1863e4397b7a1f418b48 |
| SHA256 | 235054d956f692458aa2a035fefabf7504fd3fc399a8e106867698c7b805ea09 |
| SHA512 | 8ac9bebb1d70fdfd5834a82a2e39838618c6ae4cc878ed82209aef22c9f8a30438d6f4fdc8f581e46537ea4c60ebfc10a6553cd1fec0866b1ed5e0f7124e2168 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js
| MD5 | f41bb955b7cca73aa664868f6732b6fd |
| SHA1 | dd279197b049f8b22295b73f232f0c2c71dbebba |
| SHA256 | ba9318a4d8d8f72df85030a5fed7ffbec99a447754a394b4197ae873e69a5aa4 |
| SHA512 | 06edd203101e41a932d15fa7770dee03114bc5cb4c399c21ebb12f0a06e0c61f0fcaa757ca1da05351206cdbf4cce76386b2f0d19f10a997e43e028e24e9f675 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\937B0A95D30B6F8721EA1482D95FB40B1165F3FE
| MD5 | d0ff55f4f417ca9e996eafdd7396387a |
| SHA1 | 0e298d184c48f79f865bb06e4b65b90b13e24ce5 |
| SHA256 | 81d452bbeebdbf9999fdb0cebb22d8e848eab567f17582eb5b87a6887263ec81 |
| SHA512 | a0113008f49cdb047b0e0ed9707bc49e60a00516a8cd7eaaa9576e91f92ff990ae9655a4b20664ce573ec753dc1aa73124940673a71bba94d1454b27ba61577c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D911690572EFF44BA9B379A93A81EA65D99204DB
| MD5 | f33ccbf789b72753e22445e80b506986 |
| SHA1 | d9920dda4aa623f98b166324554ba71911bbd548 |
| SHA256 | 6b921f781ed0b239b5f5d9c97891e76e81b43d8819df6cbb532363fee8f16ab6 |
| SHA512 | 1d2ec42efe8d117d87d0af9d39587da8a4c7ea7e0399b0049d11ea4f4619f9224ce8d1fae8ca57f6867bba62c0ca5c0ffcee55feba653c8a2ccc01dabae50189 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\462E5FADCC82A134C10A828C114C5F747964CF3D
| MD5 | f92dba966ce4f3e70ff5dc45b13e1523 |
| SHA1 | c0e39cca2451c342d8e379b1eef797b445de7dad |
| SHA256 | 7e1d29e7e4a010eb26119229032d9778851227ebcb726fff4c79c9e1b47eb1f8 |
| SHA512 | 2bebb5a362a212afd2c5f376749349a6765e3cfb06a5059163207c457a7b5ec88c39f6954a7aefc709fd6c7a14c1fb041267450bbefb77be5f3f727f64fcfb3f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\4D3373C611DE638ED6CA0F7AB92AED0C904A3795
| MD5 | 986338efa6f022f278187c394caf4ff1 |
| SHA1 | a5d2e917c80aacb3c9cee65b098581c60783e59b |
| SHA256 | 44cd553698108e916a7fe3704dc5b1f78db4c58eb408b2e273bcb83b4c5cbb8d |
| SHA512 | f799f1961615d8101560a56293b1d276f788a5f3dc39da3305fdd4c2d28774c1eb26870d61fb9c9a5e360c997d9bc4059e29a7c8a41c0c1ead61ae7c42ef8e63 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\21235C60DB68B39BE5D5AAFD7CFDA8EB241CAC6D
| MD5 | 7e2eaa1134bac29f34f6f3e1e7400586 |
| SHA1 | c13a88ee79c9e6c416e0f1a1d569cfd0fd5f0b51 |
| SHA256 | 43227f76fabafb9e1e395577e756908f936f550244529c5d7b8945110919dfd5 |
| SHA512 | de287a04d1f0f961fcdcba207b6ae9a4064598792b1696ce35226859a2ac02ba1a5064c18245d14d4708a6a80fb16f5e3e5ab7db2c677f1e4f39cbdfb9ff50ad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\88D2DD145122466A8C6F39785D5A392BF5E86A0D
| MD5 | 86a2d5539e65a08313007c4a52d8a3fe |
| SHA1 | 3ed7b5c245e8c9f5f0e870eca3688fc8d841460f |
| SHA256 | 6a52ffeb098ead73f4a2aeeecdf383a5ec004759a2fbf0a08f8640be2dc82cc0 |
| SHA512 | 565e95c8060cf9d52d28462554019ee7177ac2fb794fae3cda328cc3643e3a4a47dd70480cf5f78d9f697ece039ac12be494ab204af1380093c834096cf86907 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 538e2def40cb4a568649091d9d597fc8 |
| SHA1 | dd9b588d8c30342938d49aab13faae8e39227b14 |
| SHA256 | b176d6b59ec63dcc7ea7f72ea2502dba604069a6f2adaf544757def349d7ed8b |
| SHA512 | 433dd675ff1ca04b2c68ff8847fa919f2acc5c73dda8d4dca33f27dbd882a25250239e32c7eeb6dc51bed0e08c0b0ea3b11d4c38ddf8c85af375a3b3049ac424 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fe50b6540de43fc5af0d2f884f10d531 |
| SHA1 | 16f1e234f6fab9ccca4a48dc13d8ef3a3ebb02fe |
| SHA256 | 5847afef9eeccd47b1759a2193741538b5fcb7a5a90b114b9934bc8ff281a202 |
| SHA512 | e5bb5c568f0237148247c8f7850743dee1b750110afee8751508d4a572de134fe437844e00236688a4cda9ccb300de861de25039ffffaa48352c4115eb3f1921 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BC7B7AB3A1A1CACC9DB3BD9132E73E97CFF6D875
| MD5 | f6d6174ba17acb48e347aa3e59690a80 |
| SHA1 | 2bfbc48e0e2b4752b004213adccc865220bf26b0 |
| SHA256 | 61319a9306e2d7347077b6f5b0d9fd5df9ae06daf4dc7f2b585967faa460f933 |
| SHA512 | d14e64ab77d0c68ba976cd2309b75216f113df9235f4795574f9335cef7d6d77e99ef22befa5d065d431d873550f085264018296ab108c2bdf1d73fa79f570ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | 871b699b9dda1a45d38d1e19bac19de2 |
| SHA1 | f0596c855f3b5629218eb512530ea84b5445134f |
| SHA256 | 71002f0f5ff1052f281573e772b4c19cd85db27acc753fad0167fe9426d2ab7c |
| SHA512 | a00d4c001756750dc88acd41c50f29ae222761e2ab62a68c00e14a8cfbcdbb364d64a4a7c8c42951864f4ce65b337908cfd7c9fc4959574c7d208bac07e1cb03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cd9d6567948b60cde2d1b4d64b4f5df6 |
| SHA1 | ca842fe5a441e124872a41b0d6c0006ebfec0b89 |
| SHA256 | 63c460f5e7afb276f958e7a430e57b5cd9b6ec5dfb5fc95d453a9f4adc407468 |
| SHA512 | e446560d264dd146d37dde1e912b6c79de5b883c791af7c3a803f2ab43c14de3835a4d7208a67f34717ef3387ee455fc636d0dcbe48d9bf8d881d62ebe61c5e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 923d7a305ccdd9d7335bb4f4c884e577 |
| SHA1 | fdd7fbdfa2c96b1a8a51bd08f1b68401accef522 |
| SHA256 | 62d3aecbd4c35ea83a3cfec71813c5dd8f972e2824c2c4c85bf006e7d667df78 |
| SHA512 | a01012d5348be28857366581b6c90bcb929cce3519d4ef0e14ef620982ba2395d170fd66a924438741a453fecacc75a828d5e2af249bfd34d4449747ba6fa381 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B401A9DBB8ABD9638F6C0E8E90A39BCE66D2B213
| MD5 | e4189e454db2f6fcf091dfcd11e2a893 |
| SHA1 | 47a8f9ff7a90a700ecdda09f625a1f973082c3f3 |
| SHA256 | ec8d724879b7c2113a1162f42f1575620754b34b2441707e906b7855ef3b2e20 |
| SHA512 | 3e7dc480514a3c67082db1acb753d3006251b5d10cc6dfe82fbcb7c70f6030647edbf745987577382885761ae465d612228ce4fc570fa0c6b9a5ecf89f03ea76 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E17BA016257CE59D87A31FCC310FC91590650A91
| MD5 | 13e8b8cf5e7ced134b5d6f5d2b374c7f |
| SHA1 | e5aafffbbf9adc0d76341e6436d17c4a56bad9c4 |
| SHA256 | b5ddb78ec0f5ff3c93484d665349da7f673deddad8ebb94b94e384c418eda928 |
| SHA512 | 4916d1b8145889c8c913262df332d330aa0fb04b4b44f15e6b766ff854705506c5ac2acc2384d96f0e63aee798d6db19732dfb2edfbcd28331d0d2afca108dd3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\1F94A3B019E2B2B47E2356E16C996C9287E700CD
| MD5 | 76dd5f415c3be9ec8b28a496f5ba545e |
| SHA1 | e97595443a4259417e693165073d94fbe4b30c03 |
| SHA256 | ffe829e952ed568a83f0a06844534aaec5a410674e579185dbc54bd10920b078 |
| SHA512 | 111b58db2badda6267bcb1bde1efb1aa73ceafa34d42ce84cccfec528e86cac7a03e223fe2537c71db57685fda7b8fed7af97ae18a257fe131fbce0beb7b8c56 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C206C91D6551A4C015941478C44B2524F1DC9590
| MD5 | 6349830da1c9f95529a70ff2a727db66 |
| SHA1 | f590440d586e369fcdfe54299265f9ce69b7f4ab |
| SHA256 | 0c7169814971de32dbc9e195ea1fcf3f1e3440a92d18ff9e0f189dedb94aaf69 |
| SHA512 | e8b8f42b73e8215307478f66a6d0ee2ef321b4e9a49712b8c746ffd9139b6c6b0781d5cdbfacdc21102a71b6c53f460e029e8cbf0597785af6ff6e4e3ce9c68f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E37F0C9F306DC48775447C1CB63D24537A2B4D38
| MD5 | 3de6f71449cdb7086a2d1759ee8521bd |
| SHA1 | f9fc7455504f3bc338e854963419029fc10b3173 |
| SHA256 | 747ac5c5c8899e62fb91f84686fd76dcea393e96a037ec8f525cd7e75f0be263 |
| SHA512 | e79e65c7de7c52b6fb5ead50bc0e937018b2e3d3c736fd89089ba3a4b179eddc082892de55ecf7288a68040a51071da236ca77e81a74d68c5d213fa23c26de05 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\8107661E821032A9B67FC2BF2B10824A0EC8E0CE
| MD5 | 395a23913da8b92cba04c81a0150df37 |
| SHA1 | 8a0eac5d053d53ceadcb8a7a54d1bd5d05178590 |
| SHA256 | f9f6c16cc489274d4f0cda578bfcd43831985241b74cbf8fbb6ebe213de0edbb |
| SHA512 | e9fd7dbe4ca7542ea37da7c2f4331a6c654ff11b678498ed9eac870060a7f504f5dd9fa9b8950b114ab494dc2aa5f13424326f60d7f9a18c12dccfa42ad4c5e5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\688D7161DF88994D3E0155C4934C2CB11D2FF708
| MD5 | a7485535e00853e377828ca90146db0d |
| SHA1 | 5c823ee90afa88425edf3ed8fcf23502b5998614 |
| SHA256 | 96ae2101e1ba16b4e68a57e9dc5801a4fbba3341b10fdaa95a40eceb9def578d |
| SHA512 | 0588c5694dbfff4ab7cca0c33a4c509e2773141364850d7ebfa46e2226b59b1de4bbda8eb35bd3718f7ae1faaa7bd92cb20f88cb58bddd6d6faf3fa00fe7f439 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BD9566772423F895BDD105EB415F3A927D10DF17
| MD5 | 743442a8092629c8a273fb038e71135f |
| SHA1 | badaa62f8b3e9c2271220a3d031caaa57be7892b |
| SHA256 | ebfe22cf19c01e8bf9fe9f3481ee8b61381d5cea0d4b4514b7ce5103a74f725c |
| SHA512 | 02b120fe7e859c00728af97521f33c7282ee6bb51389ce4297116b853b6ba683f368e312178a9606137d9c81607e0c5021d694d661e32c38f32fcc29e2715365 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\39BD34902EF075E03D5716FC8E374A55F40DB0AC
| MD5 | 4c3c176030364a2fc9599e289ad10bda |
| SHA1 | 203da5d395469b042afb6df405ab6b5e2270c43c |
| SHA256 | 3a7d318ae2e47931cc7345157dac8fa07ad78a5396ad1aff17d24cd6d856ad19 |
| SHA512 | 55cd10c27efe97469385db317c6884e8f6e9e454aa344a3e1817f10aee0e5f2c073c975db5c8113b23d9f60425cd8d1e2fe600ae98bb81b2bd1ca8bd70919bcf |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\DAB642B31EC4377C8AA32D120B0CE38EEF99245C
| MD5 | 775b0ad9f053c1c8ab97b8838db5c9c2 |
| SHA1 | a22aa189bce59dcf2851a3ce4b6b0d9cdcaba1f0 |
| SHA256 | 8ac154ff2fa95231232dd236cae64b946265c6279835f6833864c9f8005d5c2e |
| SHA512 | c1a4ad143d4e8838e3a2bb9a52440b31410144096c0dc5215e6af6e1b67ea8e982f6f472383c5c13ef581d772ca9661d0a362d59f6b57864539409bc0ef4daea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
| MD5 | 71e8370dea7637785c648b5be1428515 |
| SHA1 | f45fe2189555ccdbd5cdb44c32e29017df4d7f03 |
| SHA256 | b5d2f5be1712a594d1284e4291734ec03505290c9b07f35a87170f7dee01b479 |
| SHA512 | f95eda66897cb38cc75a49ef801397eab2cbeb012518e954c8e89855e9ba6e80d503a731efa3e279b7a36324503b7fd21d37f9f6567e53cac82990599e155697 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\40A48D6FB1C16FBE729C2E2DB9B8B9E79A67D5B7
| MD5 | 48f695b9e40364164ea6a1074c247a2a |
| SHA1 | 3ea295d34ee4fe3e772c7269acffdbbe729f966e |
| SHA256 | c9101e6eb91f8bed757d4c40196899c9a5f3b01ce5a7c9ee929e21d2079534d3 |
| SHA512 | 850de812b07541d6eca7dfa7afd65f5144b5986f428ee02aa5708854467ba9136315ad35ac142d704069c4e031fcb1617022cf071f055ea0757ac9ae06c07fc3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\77AE23D63A0729247D98D0C459BF75613CAEAC33
| MD5 | a03181fc94f4befe37fe6be1e9048b8f |
| SHA1 | 6724ccfd2d271aca65d2907772e12819b3264000 |
| SHA256 | f3eb40c31b5b1f3d016dd153c36b1e96735bef0f84084f7566e8b30baa3a086d |
| SHA512 | caf20ea5d7823161a5c60665bb07c69bbca25d2f5e9bfe8150b33a06fa220d19e0e3e234e94001e872205a9186d227d3b6670f260711b497aa154fd0c6a1b5d8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\A7CF3ED5C01DEE0C144A5D0CA5CF0BA94AA917AA
| MD5 | 4e91ed7416899aea8564d09c0744806a |
| SHA1 | e1a3ae3f89e34e9a67a774a0e2e418ad78f817db |
| SHA256 | 2a28e7f7bd9b36c00aeaaace76e598ebb9afcdecaf71b80ff35ed2b55cfff794 |
| SHA512 | 924ce89766e1b56e2cc872d7dd26eef180e859e2b6d74f6081c64237454da424c2459ac7f516cec48831f0908b8a60ac18157af2650b88739ab1bea6d2433a62 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7AB59E4546BDC9E6723B2365530A07135603D153
| MD5 | b372be547fab8c960146d8e6c35e9408 |
| SHA1 | 39a074dfb98ac53a414f6b83624571db9f8213b0 |
| SHA256 | 93eda971530bd7c6551e88d2d4ba9ace8bf37d46d367e49639a4d61bc7053a2f |
| SHA512 | a3dbde2f4f8a9cca3be046adda8c09ba51054f2b6230916cffc55d5cd2e2557880d17b6caa6072dd8aad5416a5cb98b701ee6f8f9b11bb33f1f8d3d2c8247a14 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\4F05431968F5759ACFEB8F279C9ED028F86195EE
| MD5 | 2ae816e264fa50b77af5e3eaaef3938f |
| SHA1 | 5e3716086320393d088e973d8a4fb1c5a176939e |
| SHA256 | dc34a565933d32dbe6255ffe06cb310c132ae2f61d06ebf3b3e2c50da793be7f |
| SHA512 | 5d28359ac851ea7a59c824edd34086d03f833458f6995d4205761aa77d1ce4a55eeb57a6c8f7f64c730b1dcc2608187c1273396e3cf4cb973d150fa0aebd9223 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E29FDE07AE5BEE729429D4F236AD31EC43F719A0
| MD5 | acf8b773de60a98a2091df9f0609aa04 |
| SHA1 | efda96bd84749c2812ae471a940931a28019901b |
| SHA256 | 3624be745789adb614714bd378a8420b64286c03ab2d1356e5bc60ba5eb57e65 |
| SHA512 | 0d6944e2d3832a7f108c446385ae83dff749cc9d45391cf81028042e270425df929390d214dae32909b18d2a9b87a5fc762e2b3f17f65533e4c130c54c8e6226 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6046BBEB80663C9D9087B8588BEC3BF050114DB8
| MD5 | 02eda6f3021e1b08e9330ad15801b3e4 |
| SHA1 | ce19f8be2826a20ca70c019b97ad21eb5831cb80 |
| SHA256 | dc71ce2933f4d33be6ab3f5907b5b58d382e4567d71ee7c789a145c33e8c7fc1 |
| SHA512 | 6c1fb4f285eea6e0260f77aed583e0c2c72c0c4bec3b871223ad7537eadb7c4add175b54b4c1e5dae73055689c51fffeb70993e277db35cf990008db200144e3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D3C4AF30400A633E9CF2C87EC1994BADBBF9447A
| MD5 | 201d3006881a458feb3374f77b52cd73 |
| SHA1 | 97491226a53457bf4d5455c27595ce339b492a2a |
| SHA256 | dc4baa25f65998a5cc7f243b216bd117f9f53df420d07633673d28ffb7d9305f |
| SHA512 | 8054afb023c433cdad775b25056a0d4984d837e2649abfd4fd43382785fe728b9e8de396f05949ad266f89a0c5b5871a2c146ac3cb85a2a5a6cf6c3e1d2b1eb7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\ED5EDA73DA800382C7A46A389B5CA3C9FAD29BE7
| MD5 | b57a56f2a0450ea573412fe3c7eb2571 |
| SHA1 | e132b5e19d21a4269adf4781dffa56a6c8a57778 |
| SHA256 | ced80c9d2db9fef7b4f2fc2ad55b5f99d98bf503fc55384953a3a2fd7aabdf54 |
| SHA512 | a55a710290efda48bbf48093a1ec1c659583c179e61a6bc88100fe226c2c6739e3909427e8b09e2abb7cc9cc2887b7717d81244fd0e492aaf767632919def526 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\028C0894AD87F10A73B973631F70818724BAD700
| MD5 | a3d4b39ca9728c4df515be80efa9a5f9 |
| SHA1 | ce2c227b907730699e6a297690bd62300228ec17 |
| SHA256 | 4f47bae8e0bfde690f06f4d722a4ce3467bc98aedd2d50af652ce9fe1bf99142 |
| SHA512 | 86aeb2ed335e744a45b3faebf55bf53727231c28a6aa760f784fdec1849612ba6ec72758fb0a20bdcbd63ecc4ddf3babf044354e86dd3dcffc5a300648ffd4ab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0DE2403E40606B9197622D9499699DCABEF1EE41
| MD5 | d5b635c6d3cf2a3eae86669df79672f0 |
| SHA1 | 429a91ed864f6e5a6edc869ff6f7d4305bfa2fcb |
| SHA256 | 237eda53943d84aa1d7408747bc3cecc1d29b98cade305608f10b2e437b91e33 |
| SHA512 | a99c588eda0a357931275c4b8d288ac0f6cbad9821d2144b3b14c12a0585d281c4fbb1e4ec4247f01d9961902ed125cf55fc9985c0299f3286a37139551387e7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\429DC8AB78A8473DC45C70CA74453F829ADE8BD6
| MD5 | 724c8f1b6afa90714cf9724f5785e2f0 |
| SHA1 | e1532e9be63b8a9b019f39a1a69496259602ee68 |
| SHA256 | bfb33a166835a65ce4eb8d08574a3057c50b9a3eb68142761a92df03fb4bae3a |
| SHA512 | 93e44769dc1b4b3f8ebe3109312cff711f5be7fd05622be6e27a78e3683d2fda4aa08a278a32cfc6f7670f14668c6d679a288d5d858fbb990288950985fd249d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\9C96235CAD726D63F60DE1389F02007E7CBA3632
| MD5 | d4b595acf5f908b19c4efede876faa4c |
| SHA1 | 2e775c1edb7b51b9b1e61c3c46e6cce5b95ee903 |
| SHA256 | ae1333d894af52330173ee999d44728c28b8e4ac321b3d3c1a2ef8729f516999 |
| SHA512 | 590113e8c482a1daaa0c8006bb851f54b05dee2d5538048cdc67e9fa26b21116b871591993e264ea2d4eb6aa0c4eff1acd8e14409fee76cfd65998877d35f207 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6018DCCE8EFCE22F8F648A32D28EA223F80C84C9
| MD5 | 826b01969e8512477450bfa0c057de36 |
| SHA1 | cff27c793980d90c2db8abd528557232b41c7b9f |
| SHA256 | 9e1f7f468fd66463d322747101c2ec8ce662fa3aa11f75d3ec11fce52fb88a1d |
| SHA512 | c0c18b23f2afbb24efe218661d12c51a48f656386c10af7423a1a50c92b8a143cc890c16c9b84e13b5d2c5c52e592c8474ba3e0b1d2b3c786ee04a38b36f6feb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\FFF3544547FC343205CC3E77C1CBC1E5D83178EE
| MD5 | 059787e3c89634dd5aba43bf751acff5 |
| SHA1 | ef488eeda38796ec0cba41eaa46a4f939c8e9333 |
| SHA256 | 03217adf18d9690804872fb471c5946fb8c1944db61f24d5186aee47d218bedb |
| SHA512 | 8424397fdc961bf86c5b4294eb99988ebe9964fbd1fd75979df4e83cfd9e54a58ad4460d5be7213acc2889e9dccad031551863f9d4acbfbfd7276f4351397366 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\E5BE8E29771EA4CFFCB4277853ACD23A853EC722
| MD5 | 6da1e3eff3214322d16c0a086b4b0dcc |
| SHA1 | 2cdb93b891e975c3356e66cdf743d39508b7084f |
| SHA256 | f035f7912375c4525cd47b30e2a56067749576ed4bc315e3e493a3549d73429d |
| SHA512 | 7a3cac94213f822eb4c6707f94c6b15dc3fa296b4f981d8947103db594c6c550df78df99b60335a7e45c54898da2b24bcd04a6fe2fd5bcfb144f21cbb6b665c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\C8C33A31FA3382D567EBFB931E93E181758D8F9F
| MD5 | a3afb59dc51ea9469d6a1879c36224f5 |
| SHA1 | bf89af075567fab7c7392ab44d25a436b56305a6 |
| SHA256 | 8187dd109c9c08cf3db39b189788bed3d0f4b085f4644d7cdc4b2f4295f40084 |
| SHA512 | 923b28c0a302b2eeac432e7030121b417528b1723058f5adb6fae5912c3556bb95793a483949575043da564e63f91f34aabbf680a65ab14fa9645f2bc94803d3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\0B9518A460364544938F3720963D92ADA6E35019
| MD5 | b5aae1f29f708c1ee255497735414d09 |
| SHA1 | 3e4f8a3c57bd0630529b5fdf09a1182a9e4dadcf |
| SHA256 | 3c7bdb7adfa9ced812c212fecbad93be7e82ac75bf3ed090a209584d315aad9b |
| SHA512 | a2a4d4f7750f7f86a517cd4137d136e5fde33e2ff494f44cde95d3ef3d9177d058ee034a389c6a73999efed4595b8e9721fb6c11f312b100e6b26132918015d0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\B8C8DDD2A07579E58FAE2BE95019A6D79E31F546
| MD5 | dc79ab4d6863492e76a39db7d2590ae4 |
| SHA1 | b5c73a4edc433f97929556de4f6b4ef1de5b92bb |
| SHA256 | 4917dd1ae7cf64943659ccf11b1855c55e45d154b91d9ff762d07722abc0fcb6 |
| SHA512 | c57d11119cdac96f7384a92e89f9420bb4335946e07729030ce8bc28b19fc8e80f3059092906b2bceb3f1328a76b30d246a8d11c4cef16a4b2c47bbd59880f7d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D1D59FB4C558CE2A8474DECF1A3849FF49942A48
| MD5 | bf63739d800f0de6c7dc2d5520a095e7 |
| SHA1 | a1d2d38c3125bcc9558fc32a06c518a18935d140 |
| SHA256 | d9e38e7039fdb98d214b4526e68cdc00f7928e72171ef18cb2152fdf5a74c504 |
| SHA512 | 3aef995a07533f235a0c1870943a44a8d27272a3103256a3448e1ab0906dda67643f81dad7e3dd0e224263174b7cdb132bf968a3fa79c4c70ecadf307f7cbe8b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\6F0688B3765FA8BF425C4B00475ACE53E2AC9A6C
| MD5 | 4d42d435edecebaeacda710c7d19fc7d |
| SHA1 | a09b8254360835770fe36d628c1a34a435ea1ec9 |
| SHA256 | b04b4ea6862d6bf9e40f69db5251ee8ee726db55d08284e809e94c6decd628be |
| SHA512 | de747f49d691024e009e3efadcadb65b2bdea1b91cb5363bce383ad68c731bd6fe3001c7c5e8370acd6e359f8f67fc32eb3ec24585feff6c00cfc39b1d78d30d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\15B93BC621B274AC627F930BBC2A3DC1A7CF1BB3
| MD5 | 664262021f8df57520d5521cedae341f |
| SHA1 | 97c96895cc52d63db7769f7083b0e2b84b7e7161 |
| SHA256 | 6c0bfbc8da6f8fa7c0174fbaf044168864954375a6238dd1239c53c14214e489 |
| SHA512 | 26ebd8aed1d9b3979366c1167c1382dce2332312415c9c73e05113b87f9b51bbbef19a2b76ef14fd97bb56f28406e5f001eefcc2b9deb6dff8d229237af4bd76 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\D453B01773E636BA24E6ABC48242770C54B79557
| MD5 | 96855d1bf5d1134f9aa3175f30986dde |
| SHA1 | 637bfee67a8bcb6c8081fa0588151384b60ffe21 |
| SHA256 | c885090ec188ad7485b860a4cd7e9f8f45fd6a5ec618168761894bf646baf0d0 |
| SHA512 | 6907b195e21a4b0c7ebd990699a6f8ec85b42123429b79f26a306beb1fd0f03ba450cd16dc6aff12ef8962b394c4d3e9c1fbce2d629ff5cdcbe11d4b7f2b9819 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f08add51bf72b5ad1a193dbacc8c3f20 |
| SHA1 | a1cd539dfaf3ca7036cfa8227e74048de88cd83a |
| SHA256 | 8614ea64b2292e23a78cce4c4a76491be989d3283ea9a338f378313491cf995b |
| SHA512 | 77837269385d359de69329a4eee2d621cbfa270f4afcc86afea5747865173b0e7a4f1644d7bcbbe7ad94a71a6f05d8bafa98e852fc7cfeb7f42e5fc98540236c |
C:\Users\Admin\Downloads\$uckyLocker.exe
| MD5 | c850f942ccf6e45230169cc4bd9eb5c8 |
| SHA1 | 51c647e2b150e781bd1910cac4061a2cee1daf89 |
| SHA256 | 86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f |
| SHA512 | 2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9 |
C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier
| MD5 | dce5191790621b5e424478ca69c47f55 |
| SHA1 | ae356a67d337afa5933e3e679e84854deeace048 |
| SHA256 | 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8 |
| SHA512 | a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c38873dee51527aad6b87d4b2f962e39 |
| SHA1 | 107355e13ea7617453883e6213a12b5a52bfe2b0 |
| SHA256 | eeb9acccb7c00d09e6f27f132381f2d3498442a1829611fe484b360fef4fd043 |
| SHA512 | 3aa047530d8096b4a2f4612b36a23bf7c626f545d00d8b63bcc366a87dd5802502cc98ec291630a5bdd00877b175e9c45f24fa248281084a1e5a898ca26fdaf4 |
memory/7068-3612-0x00000000003F0000-0x000000000045E000-memory.dmp
memory/7068-3614-0x00000000053E0000-0x0000000005986000-memory.dmp
memory/7068-3615-0x0000000004F10000-0x0000000004FA2000-memory.dmp
memory/7068-3616-0x00000000050B0000-0x00000000050BA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1e1c262efbba4fefc92959434f62606 |
| SHA1 | bb61e7e36afba4bef57505ecc39cfe3a79e7eb28 |
| SHA256 | b6dca3ce81d06dbe9095d540573118204422c8bb274e28b2ee7fd8beac60b04e |
| SHA512 | 1c03644b4cefb1c16b50e8583bc93048ec8415fbf3734d417af2ac75bf26ee94eb415d3b75d6e675ad17c38c7cc02ba28712311de988d9dfe2614bf485200905 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e26dcf5e510b4483d7a665ddc9ec8467 |
| SHA1 | 2df2e5541fa4b7296938cfb5d4ffc97378858df8 |
| SHA256 | 65fc29d58cef1f5f520b4e81f56b69b99484c533f2a97b5b2a436df1c53983df |
| SHA512 | f7d139e6f8516ce4ce5a205f797d72a572001f5d894953f10c9c38c56255e0caea7473b9f211bf44d5e0997516d6ca72f7f9bd8ff2eab80cf6d44ffa7c05d11f |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | 0f743287c9911b4b1c726c7c7edcaf7d |
| SHA1 | 9760579e73095455fcbaddfe1e7e98a2bb28bfe0 |
| SHA256 | 716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac |
| SHA512 | 2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677 |
memory/6260-3700-0x000002188A730000-0x000002188B724000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26ade91988e2bbd8b54aaddc9a4e2015 |
| SHA1 | 455efcdcf12d18ae5907a6e476d2974122d71a4c |
| SHA256 | 18d8f895986799fe54b59d1a17db2d0cebd0a8df8a1e90477d2ec685a4b7d370 |
| SHA512 | 7327a26b3ae251bb3d69e092632070d6eee8262651e64847dffe1c7e5be7fdac5fc868514421f4f30f342f907243c02c14283bbf0e40045dbea567194789a37a |
memory/6260-3721-0x00000218A5E80000-0x00000218A740E000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 14ddcdef91983ff33d610b7653607897 |
| SHA1 | 1005c1a61aca9bb905dd016a898d760507160a14 |
| SHA256 | 4f5749dd2192500bcc88d2d88fd3171edfaa36f99732cc6e2f888111b0cc76a2 |
| SHA512 | 5e8ba89021080f164d8ec4023d4986276eaf591dbf633e779a62a0ed3a8b5bcbe76f41e7cd793216d51de296bc14cbb7ab3fd1224de7b2bd4efe47e76151d7eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ffdfce26cfcf0d775c6a207f1bd05348 |
| SHA1 | 8e01100f81f5230976ad63abb95910511bc3891d |
| SHA256 | db953697855f1c9eb5cf7ee6a2baea5c4a169a9888f35f3d9c7dcb678d96f9d6 |
| SHA512 | e03e84d364a93afaf0f659701cabf34ae220fc97a2c9af948975117e58582dd3eeb16d8a960da9b406ec1a05613b89f5e0db95a5f9f5ad269ef7076b9dc8ef9b |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-18467
| MD5 | 63210f8f1dde6c40a7f3643ccf0ff313 |
| SHA1 | 57edd72391d710d71bead504d44389d0462ccec9 |
| SHA256 | 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f |
| SHA512 | 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\jumpListCache\z24cnRoSyeSaPQOnN4DM8EyDkXFOmETtvITwe8CogA8=.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | c0b3b4ff9fdf70c0e900ae7cf377dea2 |
| SHA1 | 06b9aa34e8f4ccc43593f2fd773287b4aa48a410 |
| SHA256 | 33a9f74a4aae828657301dd4952b825213d10faea5cd2e37bfe22e09b2605152 |
| SHA512 | 6e9fad8eeb72e70fcba03844e22e21ecf8d0d792a2fcb88f1a64c7962454465ecd6d6f38579dbbbd2251c68a15b778f49c633c86441e91353fef70c022e2d46b |
memory/6696-3980-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/6696-3984-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/6696-3982-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/6696-3981-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9de46f796a98acdc85f588ae9a9af228 |
| SHA1 | 3f13abba3899d4f061a5124a8caeca75d3770163 |
| SHA256 | fb61a04b511275f1d6915de5943269d92661f2c9525aa5f4aead28ed4dce7f15 |
| SHA512 | 3d5d749fbce4daf329ddcfd42a4a240d76c57197232c612241bb0384943db0b8a38d0968fe8fa6a72fe1abf4607644797538c5f7dae238aec0e73fad6b214b75 |
C:\Users\Admin\Downloads\WannaCry.exe
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
memory/5540-4035-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Downloads\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\Downloads\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 5a9687bbb9c24dc297a0530d650de2c4 |
| SHA1 | 6a6ad0dd9a09623c88957e47bd5269150f01d935 |
| SHA256 | a53169aeae2c65e15c6379625338ccedbe68eb4036c0e5e92865cf11229a28a4 |
| SHA512 | 7763bceb70a9ac765eadaea99422be71c2e70f5c3692e7acc3d90a4f09c8529b39d91469fa975d0e14143f551400aba11b16e07edf2266e094b93449c19aa73b |
memory/6696-4157-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\ViraLock.exe
| MD5 | 8803d517ac24b157431d8a462302b400 |
| SHA1 | b56afcad22e8cda4d0e2a98808b8e8c5a1059d4e |
| SHA256 | 418395efd269bc6534e02c92cb2c568631ada6e54bc55ade4e4a5986605ff786 |
| SHA512 | 38fdfe0bc873e546b05a8680335526eec61ccc8cf3f37c60eee0bc83ec54570077f1dc1da26142488930eabcc21cb7a33c1b545a194cbfb4c87e430c4b2bfb50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e8479f4ec41857fa0be9ef63ac17b99f |
| SHA1 | 118e17d839db064515091f1175cf843cc639e256 |
| SHA256 | 883a05c8970c4d1cb6021dd4675f355dd4cff5c588e7f4d18dc0a130b307c852 |
| SHA512 | b10198a38e8809fbc950d7fd63fb23606883e3e30bbfc6f9cd4177671610e168e5b14caf231eb222f813920a438d139afdf111db6d7d3ae6e5672660210b21f7 |
memory/5388-4984-0x0000000000400000-0x0000000000432000-memory.dmp
memory/304-4994-0x0000000000400000-0x0000000000434000-memory.dmp
memory/312-4999-0x0000000000400000-0x000000000042E000-memory.dmp
memory/5388-5003-0x0000000000400000-0x0000000000432000-memory.dmp
memory/6696-5020-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 61489fd2af8cdd9d73a8f2ad5f6cefd6 |
| SHA1 | 0f5c4a402d82153affaaf01398734c6c2e7a786f |
| SHA256 | d42b9f7bc0692916e11db1858d32d664d365a011aa39ee4f8e6354bed81ed438 |
| SHA512 | 54f322aa2b6f28e801e2adf97cf8a82d459b26ee26a6a146f3c381182e8931cb446a060299d065a723297d67539411c810f384fcf3a94152cf0f11e7168e33d7 |
C:\Users\Admin\Downloads\UIWIX.exe
| MD5 | a933a1a402775cfa94b6bee0963f4b46 |
| SHA1 | 18aa7b02f933c753989ba3d16698a5ee3a4d9420 |
| SHA256 | 146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc |
| SHA512 | d83da3c97ffd78c42f49b7bfb50525e7c964004b4b7d9cba839c0d8bf3a5fe0424be3b3782e33c57debc6b13b5420a3fa096643c8b7376b3accfb1bc4e7d7368 |
memory/6696-5064-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10fdddbf6e7c61e6e8a01e7771100dee |
| SHA1 | f95f3c378c7649977e948e2a560db60a04742702 |
| SHA256 | 69f0cada861cf97c3eb1c5a5b53e4aa8f81bc97c9cfd0b2da1999d53417514ec |
| SHA512 | f49529797249a299097dd697c2834d9e3d9d0f1ce53eabfdfb122b4e55b95063c4094a8c0d4e1759b9c533b5caf59fdffbdff3ff7e5c856d50fa11fa76c8c945 |
C:\Users\Admin\Downloads\SporaRansomware.exe
| MD5 | 4a4a6d26e6c8a7df0779b00a42240e7b |
| SHA1 | 8072bada086040e07fa46ce8c12bf7c453c0e286 |
| SHA256 | 7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02 |
| SHA512 | c7a7b15d8dbf8e8f8346a4dab083bb03565050281683820319906da4d23b97b39e88f841b30fc8bd690c179a8a54870238506ca60c0f533d34ac11850cdc1a95 |
memory/1432-5143-0x0000000000400000-0x0000000000407200-memory.dmp
C:\Users\Admin\Downloads\mEYI.exe
| MD5 | 496dd64633ba5d89811426930d86711c |
| SHA1 | 97f5f443be0a6d1b9f9b34c4aa89c9d730fc53cd |
| SHA256 | 9cdb4432b5dfcd34998de62dd5361045b86eeb6d7509329236fab72572874d80 |
| SHA512 | d07e92e935dd0802c26c66a89c3cec9e22630c8ae1094438636cf483c223ad234281bcc006c4d4b7a83570dd0d128ba99c26b68bc1f4ddcf1828277b3690c65b |
C:\Users\Admin\Downloads\GgwC.exe
| MD5 | dc4396eb8175c7ae9e5e3d4ce1a57673 |
| SHA1 | e01071cdbec29fe64b78bbfdc20bce637f93eb84 |
| SHA256 | f5ae1c979564618b861101c9ab2b0d066fb61ffacda5cc2ee1c0ccf575532d4b |
| SHA512 | 82d0fd7064b11d2caa712e054e4c877bd2bc2a302c3b4c9d89fa92debb93a9c29a3dcd1bc4e5453f885c0a7942769871272715a7126a715a60ee3dc2a9e44536 |
C:\Users\Admin\Downloads\Ecwq.exe
| MD5 | c1432283847cde239d723568b3fd04ed |
| SHA1 | 6c1f1d9a1d76df47bc2bd73e27b7ad6950a2b66a |
| SHA256 | 423441badab4619bbece12c273fbcf47a25bed897b0ec4635afac62963218c79 |
| SHA512 | 6608bb74a60a07c6f1346bbfef387b7d7c9edb3f314e9ae4ce2b8696dd8cb8a5f78d7322545c82fd3d6b34209227c9af2c1dfbe2ea4bcf6bdcbd6e266931e6fc |
C:\Users\Admin\Downloads\GUUg.ico
| MD5 | 9af98ac11e0ef05c4c1b9f50e0764888 |
| SHA1 | 0b15f3f188a4d2e6daec528802f291805fad3f58 |
| SHA256 | c3d81c0590da8903a57fb655949bf75919e678a2ef9e373105737cf2c6819e62 |
| SHA512 | 35217ccd4c48a4468612dd284b8b235ec6b2b42b3148fa506d982870e397569d27fcd443c82f33b1f7f04c5a45de5bf455351425dae5788774e0654d16c9c7e1 |
memory/6696-5199-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\qEkE.exe
| MD5 | 52ab02588302339d0a07e12945c4b8e3 |
| SHA1 | f70eab0af26fedfeabd243480b577a4f1ebf3ebf |
| SHA256 | c2b985625a3bd270e96c6fed9793ff8a092f50194a0a5e7f088a328aa0d21082 |
| SHA512 | 2d031950f9de189e9ac233aa5f8110c9d029287aa03782f59367b7aa8af2aaa077f2ef5baf447dfd4f98483adbcbe2a7a46cfb8647dc281ab2e6aba537a56348 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | e67aa4b22217b218e315fe3db465c3a7 |
| SHA1 | de6f32708b2810f885ad6b6bff01b1d6cc9ba4ed |
| SHA256 | ce3a663f6c77868484729ad71aa82b714cfadcb513494ae41aed080a2c8eb45e |
| SHA512 | 145b8a0c17fa6bb548298e721d1f75674226fa16163477085fad7d70f70cf4ad52c150b58ffeacf2334922f1ec0e4e8fabd9589dbb35dc65980fd35248e623c2 |
C:\Users\Admin\Downloads\ugwk.exe
| MD5 | 5b937969626c21074089d96ac921384a |
| SHA1 | ff7efea2a41e9f2f4b700b7b3de3a26d10b6672e |
| SHA256 | 90243538d66399ee80dd57effe9306aefeb9b0f86277e5de5a46d9e762af6215 |
| SHA512 | d2a9a55dcaa4227e59c8aac88c9e49db8a7a0f971bfc919d21c6337ced71cd28dcbf2db7ed3a75c0a7a000aacc16a937d8048e9efaec56e49cade1f222dba0a2 |
C:\Users\Admin\Downloads\kYAC.exe
| MD5 | 88b4c949cbe9e9892ed290a0538a0a7d |
| SHA1 | f09d5dc549e5ff17928977bf50e82b76be25d7c6 |
| SHA256 | 43847c4ff4c1c31d7ac29253fe67a74caa51509cc20a9124aa02c0d6484d8878 |
| SHA512 | ff7be676bb88afe8f6d01069ea649aead3bec621a1c27e4c3c495e89dbca2006f5c91a038103f9c2664ca82911ebfaac8244b252efdb6422bb0ec71b0b16a2b0 |
C:\Users\Admin\Downloads\EYIy.exe
| MD5 | 05a7e59435ab226d23a7192a06f09b99 |
| SHA1 | 4d41e15bb9eb37e7a0d4e74bd890a56be83cf3ec |
| SHA256 | 2ebc5b2c4fb909ff78dc215dabd9e911489bde7d7f512f8166bcda320ca2bf00 |
| SHA512 | cca5602f834f16f4a63150e08bfa387c13ddb0eaf96a0d2b5f69745ec88b050a853cb3c69cb561783f4283342f0276910643238fb89a8a6342e42a49939a417c |
C:\Users\Admin\Downloads\Seftad.exe
| MD5 | 86a3a3ce16360e01933d71d0bf1f2c37 |
| SHA1 | af54089e3601c742d523b507b3a0793c2b6e60be |
| SHA256 | 2ebe23ba9897d9c127b9c0a737ba63af8d0bcd76ec866610cc0b5de2f62b87bd |
| SHA512 | 65a3571cf5b057d2c3ce101346947679f162018fa5eadf79c5a6af6c0a3bc9b12731ff13f27629b14983ef8bc73fa9782cc0a9e6c44b0ffc2627da754c324d6e |
C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
| MD5 | 0ec3a50daf1d0d3c5bcdebae2ae10ac4 |
| SHA1 | e9d0d8a5bfc6a4ec8192f4004466fc08385875e0 |
| SHA256 | 044ca1aac26e6eb56135b9bcfaa9efd8146bbd4399e5491cae77ea4ba050357e |
| SHA512 | f4171b8a246b7541de79014ca670c76123433e30e46ffc530946b390e72ea8118667aaaeb8ae65034e69eef2e6925b8f67f3a2be9d1b6f192b1e833474282995 |
C:\Users\Admin\Downloads\kYkm.ico
| MD5 | ac4b56cc5c5e71c3bb226181418fd891 |
| SHA1 | e62149df7a7d31a7777cae68822e4d0eaba2199d |
| SHA256 | 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 |
| SHA512 | a8136ef9245c8a03a155d831ed9b9d5b126f160cdf3da3214850305d726d5d511145e0c83b817ca1ac7b10abccb47729624867d48fede0c46da06f4ac50cf998 |
C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
| MD5 | 7eca1f99bfae1e92f24071668119e36a |
| SHA1 | 1d26013a3f620a44f5e9097c5730c431bc0bd985 |
| SHA256 | ad359fc6fe3cd862ca76476543fc53a0109361210fc64be2772d08238657d1a2 |
| SHA512 | 2a8eb6df9b641ff35976a848649bae212633807c9632e780c2682b74de3a91e7564a691c110af36792ee587a6d8c8fae2d69de7850edb5b74f2cf1ee3a7512de |
C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
| MD5 | c853c0bac7da514b0dc4b24f6e3b190f |
| SHA1 | 74a222642df6aa1b69647066c9b3ce3a1750461a |
| SHA256 | 396c8d6f8098a0a2604317bdc4fd06d3dce2b88d9377a3e48685ca725656ef58 |
| SHA512 | 6f770644d35c0255cd5ec72f30ef140200200f68cd197ec5642a455a40f790e932b5853654216aaedd2cc5dfa508aa7a51c31f795b63287ee71f9a8d742fad61 |
C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
| MD5 | 74c421ef1884e4bcb86a1f763186e25c |
| SHA1 | 1f365ee0bc2574b4feedcaf5d44db9632546e306 |
| SHA256 | d7789fb59c9df9a2894d77ba01acf31292ff3cd19626f20340c8936972d390e9 |
| SHA512 | 85db7ba09c15cccba9a184855609f93969d344cd5bf43658800e43c4119d695a0d1ad5050fc8087bc1dec79a3d76abe2307916aaf6199ff7a0ef7cf774c67101 |
C:\Users\Admin\Downloads\kgIK.exe
| MD5 | 7abf9a6961b2800b98ca9e7beed3048a |
| SHA1 | 510b10f5ba078372a6f74d47aaacb8f5cba01339 |
| SHA256 | 656c275a48d565d737f492f2132057bc0da14dcc3a0907fc9aed23f3f1908b5a |
| SHA512 | dc232d1a277b9ab76574b29b7a7aa7c48c30351285748407ecbaaea7ec8e1ccdc39064b407ef67dcce9610445467862ced991c9b6acf5fd59152d2c91bd0c5d9 |
C:\Users\Admin\Downloads\OYAU.exe
| MD5 | ac74eaa8e765f9877342cb5b18a33e03 |
| SHA1 | 579ae5fb7ca0c7d675256e9929eadb58f1b23e71 |
| SHA256 | d65ffb2419deadc8f5b2ea5ed7366bf61124d67dbc6a0ed5330656e944a293c7 |
| SHA512 | b829a3479ed6631d2f19947614c9df9e30312169fbe3b7ca2c21bdb9c536cf7c1ebe8e6ae4af0b0a7f12868b6a8a4a903886df9adc631f39960107ca13fa8b7c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 587d266eb43d244c168029b754208bf0 |
| SHA1 | 2b362f2cfaa74fe7538b0b864677bb62819bb14e |
| SHA256 | ce9f127b3ca6c89c0cc031700228a0b9489d35c21d1d4f391594132bdc86df32 |
| SHA512 | dd87e472e88ad31b4d636f8a39f4ac03bde63ae4043184cc3bd915fbc50e463942fe8c6eeac174f574b4d0e69d12cb4c545ddb93495da3e96f0c38137b378f46 |
C:\Users\Admin\Downloads\iwEI.exe
| MD5 | aa72a04e0aba0cd27f90145fefb793dd |
| SHA1 | acf5813ab485c99d1b42eadb690a4dac78b0a50e |
| SHA256 | 1a686a9421228d6b3d80cd68e1fbadf5fbd9697ab15d52da6c2cf5000b6d9577 |
| SHA512 | d6d586f7f0f660da9678afae68d9c6cc7da3f531dc6c314595bb863106a10e3a5ef763e8d4656b3ce04c0d28c1069826c65ffbfcf29b356dfe7cefe9b728b17a |
C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\windowsdesktop-runtime-7.0.16-win-x64.exe
| MD5 | 0b2269878d0b5e05a52230c1083118cc |
| SHA1 | f5dbb9f54436768c230fb26af848db4aec96e5be |
| SHA256 | 09cf70d920c9b421a46403ea2ff07855f5b332a18373e09a2d63b99e9a7273fa |
| SHA512 | 99d6ffe460ed377819cbf03a94a9bbbb54b80304571ab1d0e09d1c9be925a9cc88b5d4bbca512b792bf30541f6167d0c6f47c80f2288a72d2cc8b1e86e822718 |
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
| MD5 | 0a62892457b0057bc615585833a1cac9 |
| SHA1 | 68df61eeb385ad8af05380995f50190727dcd38c |
| SHA256 | 8782e3525d6cf45914e3c0fefa5d79f853b276597508ca7c57ed0434c6587df4 |
| SHA512 | 7a41adb0144bf1ceb983b6b1164de834cb434a2c5976e72f318c7a18f4a79e3f34e1276b89c5e87f5454a25beeb0b0c6b81a2f67afab0b5fa8e18c1ff0d3c930 |
memory/6696-5442-0x0000000000400000-0x00000000005DE000-memory.dmp
F:\US84A-08ZTZ-TZTXE-TRTZY.KEY
| MD5 | 195fca9d228141c68b6cdb0b15062b86 |
| SHA1 | 7c2b3f18f533ffb03de879dd95b45c150dfa91ed |
| SHA256 | e08e849c50c24b34c5fd52e356e218d5118e1fc54cdd75f44c53c0cd3f818d9f |
| SHA512 | 5f932d6b29a275906438218f7b6f9a86454c33f1019c68a61c4a2f86238d3f10e79f5b65ac80d0dcb2722126c3a1234ac19701ad570d7ec3f74f5b5359635940 |
C:\Users\Admin\Downloads\SowS.exe
| MD5 | 5baa333ae36fc9ff001417c2331513d7 |
| SHA1 | bbd531dd068740c0426f7a5e9a90b57d8f6762cc |
| SHA256 | 7a539e4bbc14917171aa98b8b0d8c9393ed2a2ba0ad76f52fa7d7e293d77e48f |
| SHA512 | ec8e903bb320bafb476a806d9fa84a421f82add4002d9260c90ed6d72fa0f398b6d643e50d4bcb48a11cc64fc6a57c3a6caff009ebe5633096e72b5486ad9e78 |
C:\Users\Admin\AppData\Roaming\US84A-08ZTZ-TZTXE-TRTZY.HTML
| MD5 | c93bc7969c3afc1cd733fcc50940c0bf |
| SHA1 | 89ab6a2509abe3c23fff155a0a03aef1511015ca |
| SHA256 | 5cc3e63347da8d28919516af1bdb8505c80c82e9ede7b67f25f6803dfcc80c08 |
| SHA512 | dda888f7a76d531ae7d08c6019438c6032e6342da90aa14d7d7b272da3ce03746638bccc1ebe6b0d98e6dc939efa16cabee130b54b75c5063c65b7839aa864cb |
C:\Users\Admin\AppData\Roaming\US84A-08ZTZ-TZTXE-TRTZY.LST
| MD5 | e84e78b7c592b01d62ef0fed15cd0eee |
| SHA1 | 6691b113a858c74ce112c72819d065318204caae |
| SHA256 | 0396691b7cd26f75b5d25e13582ebce11f3b1fa716262c89eb6e8f954e77066c |
| SHA512 | c5a3a30d5dc5c068bffc791bf01a488acab9df4570c317b8d0278f74c835f92c762c855cab2c5df3044c9f81efbd8509ba188cf88af67f752a6fbb35a58ab794 |
C:\Users\Admin\Downloads\CIwe.exe
| MD5 | a7a72403f4e6a92799155233d4d547bc |
| SHA1 | 88160a71bcc03e5a96459d7353cb7bc818944f33 |
| SHA256 | bed6c51f4a0a1cb92bb7f6676da314cef7aee5c379e49ad1d320389b481d84a8 |
| SHA512 | 0c65eb9c82f1560d8c22aa4cb9ee061b0b4a41a934931066f1388fb90f7747279fda0e2eb9d599498149029cab8b4cc3cc0fdedc872039a5e47ac13c8978b272 |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\background.png.exe
| MD5 | 13383ec2a190e4a6a217d3dc4afa846b |
| SHA1 | 5a0b5310aa2b0e8b542ce189ab57cbe34e877fe3 |
| SHA256 | 742fa3b99347d96d81bbab4b96796c4b3b7e46b71131b7a27b901020dc2fe158 |
| SHA512 | d54dc8edf04c3d39c403d097888f0b88988069dbe5f034e4bc21ad5bd8bf29e89dda3dc7bb2a12fda681601a18c8cfead4d918953517e0799420a7f2ae589dbc |
C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\device.png.exe
| MD5 | 259b487528a48c8043c00352f1ff0bb7 |
| SHA1 | 565ba0f7cb78803dc54240809469e9b6e4914b2d |
| SHA256 | 67410ead3384327ed7f1fbcfd50d76cfa4f4a7553a75389c2eb56bc4930565ec |
| SHA512 | d27e8e974c449ce484d96f2346b3a4da17f9a44c74e2a0a832d48662b359471eaf865e9451fa3df11b381bd75627fc30385726ad0b8c8243e1c31e1da008f94f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 78312e7e18ecff0c85c463120b47fd77 |
| SHA1 | d4e968066e49ae74beec72f5073fb961e70ed78f |
| SHA256 | 4fe6e70bb54064eed557f74cb19ee38d931598d44ffdf965bde7d305f74deb09 |
| SHA512 | a3df6cf62393409ac45dc29f7caa7086415317dd24e56874ca6f05571bbb88118bb98fed62f9eaee6ff47eed96dbf1d91bd7293bff8d4d7c0ce1cffa68e67a9d |
C:\Users\Admin\Downloads\WIsE.exe
| MD5 | 53992f103f1a7c2a577c1cd1cf52c188 |
| SHA1 | 56dda20ea7b109ae0e21447dfe80f0d45a7021c5 |
| SHA256 | 0e0ba04a99cf2aa62ba1fe9e84d547d01d4261f0036edc65812fa804c9e28b40 |
| SHA512 | ed4763e2fd0dbfd4242318401f36afa4c9e33b61da6448ef8bd59126f56aaea6c721f3550f7b03e1bd145f9965a73f3b461be72ef8fc0aeae30f9712852268e9 |
C:\Users\Admin\Downloads\eUwk.exe
| MD5 | 2902b5d0d06269da367aed7872963100 |
| SHA1 | 09ec8c86db44a3f76ae05a9fd2557800063d04f6 |
| SHA256 | adeaeb516bb10ccf5eb9a60ee1fd8b545efcb179c07cc9c7444119f380cd6f8a |
| SHA512 | be7a10ca63d44336653178f919fcc68c8c71ac76208ce76339889c1143c109ae49d3907867fa4fdf1adb90a0d4695671e69ed332e210c1f8c22f714f84e042ed |
C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\background.png.exe
| MD5 | f67d2fdbacd4b557b919b013442ddeec |
| SHA1 | 90f138270f82050498fd96e2b7704d8ea1fbec89 |
| SHA256 | 1033a60dade629923174edb697727007fe6d25cf339c8b03ff4d01b123b1055a |
| SHA512 | be713d6dc11585eec7002b604c16db7fe12fa5c50136e7d0515103cbc7867520bbf2f4689cfd76711e73f5bdc95f9900e2def4e5f6c300232bcc2656d9bb9f2e |
C:\Users\Admin\Downloads\ukIA.exe
| MD5 | 29c8e176130d9a656e31235ea1cae309 |
| SHA1 | 97bd75b4a7b7cf45f2f2b4a3bc8e4ba35db16a8a |
| SHA256 | c63a7994bf3810002e9b3fa60bfd40d63a496ee0a8bc7056ce281d9bed2dea1d |
| SHA512 | 77289b076e1b4488d98ee4c4b6da57fc211381e3886380fc6c91a989290d1a57ed21796d0d7a3788df8616468826286acdcf1dc1219a25e969a83cfc93f7c10c |
memory/6696-5725-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\Rokku.exe
| MD5 | 97512f4617019c907cd0f88193039e7c |
| SHA1 | 24cfa261ee30f697e7d1e2215eee1c21eebf4579 |
| SHA256 | 438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499 |
| SHA512 | cfbb8dd91434f917d507cb919aa7e6b16b7b2056d56185f6ad5b6149e05629325cdb3df907f58bb3f634b17a9989bf5b6d6b81f5396a3a556431742ed742ac4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e09d9cab6d0f24633fc8525b152289d2 |
| SHA1 | 5febba4886c8a61257c60e90559427361fc10fbb |
| SHA256 | e5416baca9b5eade29741d3c8de5db5db933639e378fe32f25639ab169ddd2dc |
| SHA512 | 1dbf88ac92527b65bc2de214965abf52abad36a29a345fe93348629b7aba03985feaf483e22485ea7f9bbe50fa9dcc67f156abad0c51bc4898c7a48ec0d26989 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d0f84c55517d34a91f12cccf1d3af583 |
| SHA1 | 52bd01e6ab1037d31106f8bf6e2552617c201cea |
| SHA256 | 9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c |
| SHA512 | 94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1af75b7745f96c9f76a6c4f1feff4547 |
| SHA1 | 16cea759b569b2a45ddb2dfcfc2319d90dba6498 |
| SHA256 | 1e43b6055e06462ea5f4420e97a2b47948a371a69ff9e2a5eca2a6976020769c |
| SHA512 | 74f97d62630293a492bbd2a271ab175cbacfa5827ce3802af5f88704bc1327f31549b79b2ec9c4529416a0f9bc8678ec55280740e9a31e77a81b75060d2243ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
memory/6696-5827-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e469c13b0fd14fa15cde496f90c2d601 |
| SHA1 | fb337aa74c3f837111c2ae1d9204f14116c005a1 |
| SHA256 | b03493c5c5be85657e7cb42af6ef02d67e745f10492207d894d0c0244b76a118 |
| SHA512 | 446eac467691c7bd7b3482e9883fd9eda110deba0c894854fea34b4bce8ba0d5fa4e0e2fc6638ee92bca8237d4e8db286f1c0b2343966637ca76862534d8edd7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\328edd80-3656-452b-9c66-5ce49064650e
| MD5 | 6b657b2823be0fb711a87127f31f4cd4 |
| SHA1 | 0d420c1edca7d679c95c2bf92e48cb118b13816d |
| SHA256 | 912cde7b468b5d8c9db0f578197339de7144f65ac8f679736d709d06ce0047be |
| SHA512 | 501230fe04baeb48f539ee77e69cab0fda035742a92d9ee105a1974b6b1f71c9374652a09cd281a41b686ec8f1232b44dab85329186716e641df38f01f64edfe |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\3c6afe1f-4a1c-4e5f-83e3-759ea748e40e
| MD5 | 98a2678a7264e065d5a2f1b08998d14e |
| SHA1 | c3ddb4ad5230e5937956fe25b4595e452e0f3bb6 |
| SHA256 | 23271e9676473c4e3ed4c147b71ba9d46066a224e18a4ab49f230be9828c8eec |
| SHA512 | 7e3e4738b8e15885820d965e9a433f9550613c358665e448bc96fe01182a5925cf53a050101cd43ce7539fa70d239d800aa9289769c6b4490e083de5f19b84f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4218593b132ef69046825fec1140da9e |
| SHA1 | e126df6643e1cbefb30a534d468b0cba555082fb |
| SHA256 | 29318872b9ea89c6e6fcc3e133964c0437119eb48080e2bbffc5010f4ea79be9 |
| SHA512 | 91b747b784427ebb8459f0c7bf8598638add8b24112ac15832deaa62499ad186e88e6854eb1a48c0c72a38df3744382f00bee0d7e724459dda53d1c79ee8e681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3b2e7175fb933db6408433cbe7c8989 |
| SHA1 | f664b3394d9ac9dbfabe943867112b99db5477ea |
| SHA256 | a11871802dff9021567ed592d71c7283d42361ecfd02d5ceff18da8066099206 |
| SHA512 | 3756b8afffc2c9f42dc84219bd0dd22e58b066f03b4fc1cb057a616569ddfbae2177ca196e1770a5d67a5ebe26840510f8bc1b16801a3f498d72ef27c4748b06 |
memory/1432-5886-0x0000000000400000-0x0000000000407200-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f697db84df24dd9250221b86c230c829 |
| SHA1 | 144eb4fe42a2878f00b13af2be275ffef8711664 |
| SHA256 | ec4409e10cafdf006b6c87cf8fbfe28c3f70d786f2aac6f4d01e42dae2000b03 |
| SHA512 | b9bc3d31ef1e984ca20ac6f13d08b360bd9ce8bcb9063728b86a25f6540c93cc7db12a948c623d1ba4f503983d285cb4554023eb00dbd19e589d009967ed5e0b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 7a22238136c7665e285512762aa5c5d2 |
| SHA1 | e19757448a2945179fe5f149fe1bfd3e690ceeef |
| SHA256 | cf6e710b123c3b65cfdfbda414d3d8ed9d50d2198da8aefaf5a50d473d041fcf |
| SHA512 | 2d2aec13a3ae21843745f0fb5a37a78b797799deecdfaa66daf6eb5b5486b3106b947199331c448acd9475756487f45aacef5751c2d8c4f0d528c616b14ab048 |