Analysis Overview
SHA256
19a087166b899e4f6c63c76e3a8978a2429ed4e3f2479299c4b2a3f8872f6e3d
Threat Level: Known bad
The file Wallpaper.zip was found to be: Known bad.
Malicious Activity Summary
Wannacry
Deletes shadow copies
Reads user/profile data of web browsers
Modifies file permissions
Drops startup file
Loads dropped DLL
Executes dropped EXE
Adds Run key to start application
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
Sets desktop wallpaper using registry
Drops file in System32 directory
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Office loads VBA resources, possible macro or embedded object present
NTFS ADS
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Interacts with shadow copies
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-29 12:58
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-29 12:58
Reported
2024-07-29 13:01
Platform
win7-20240704-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Wallpaper.jpg
Network
Files
memory/2636-0-0x0000000000220000-0x0000000000221000-memory.dmp
memory/2636-1-0x0000000000220000-0x0000000000221000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-29 12:58
Reported
2024-07-29 13:07
Platform
win7-20240704-en
Max time kernel
502s
Max time network
516s
Command Line
Signatures
Wannacry
Deletes shadow copies
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDD174.tmp | C:\Users\Admin\Desktop\[email protected] | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDD198.tmp | C:\Users\Admin\Desktop\[email protected] | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskdl.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\taskse.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\oipzgxjd460 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\icacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\vssadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\attrib.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\@[email protected] | N/A |
Office loads VBA resources, possible macro or embedded object present
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@searchfolder.dll,-32820 = "Indexed Locations" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\SNTSearch.dll,-504 = "Create short handwritten or text notes." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\mblctr.exe,-1008 = "Windows Mobility Center" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\wsecedit.dll,-718 = "Local Security Policy" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\NvpClientsCount = "32" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10059 = "Mahjong Titans" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10056 = "Hearts" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileGrowthQuantumSeconds = "180" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%windir%\system32\migwiz\wet.dll,-590 = "Transfers files and settings from one computer to another" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-118 = "Sleep Away" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\dfrgui.exe,-172 = "Defragments your disks so that your computer runs faster and more efficiently." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@gameux.dll,-10059 = "Mahjong Titans" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileDiscontinuitiesPerSecond = "20" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\LogInitialPageCount = "16" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%windir%\system32\miguiresource.dll,-102 = "View monitoring and troubleshooting messages from windows and other programs." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10054 = "Chess Titans" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\Windows Sidebar\sidebar.exe,-1005 = "Desktop Gadget Gallery" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\ehome\ehres.dll,-116 = "Opens your home entertainment option for digital and on-demand media, including TV, movies, music and pictures." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\SwagBitsPerSecond = "19922944" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\sud.dll,-10 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\recdisc.exe,-2001 = "Creates a disc you can use to access system recovery options." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\mstsc.exe,-4000 = "Remote Desktop Connection" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\System32\authFWGP.dll,-21 = "Configure policies that provide enhanced network security for Windows computers." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10308 = "Mahjong Titans is a form of solitaire played with tiles instead of cards. Match pairs of tiles until all have been removed from the board in this classic game." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\sud.dll,-1 = "Default Programs" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe,-102 = "Windows PowerShell ISE (x86)" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\C:\Windows\system32,@elscore.dll,-3 = "Microsoft Traditional Chinese to Simplified Chinese Transliteration" | C:\Windows\system32\SearchIndexer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Program Files\windows journal\journal.exe,-62005 = "Tablet PC" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E37A73F8-FB01-43DC-914E-AAEE76095AB9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000102d7195b7e1da01 | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@gameux.dll,-10102 = "Internet Backgammon" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\CommitMaxCheckPointPageCount = "7" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-113 = "Windows PowerShell Integrated Scripting Environment. Performs object-based (command-line) functions" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10301 = "Enjoy the classic strategy game of Backgammon. Compete against players online and race to be the first to remove all your playing pieces from the board." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\gameux.dll,-10060 = "Solitaire" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%windir%\system32\FXSRESM.dll,-115 = "Send and receive faxes or scan pictures and documents." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SampleRes.dll,-106 = "Tulips" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\NetProjW.dll,-501 = "Connect to a Network Projector" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\pmcsnap.dll,-710 = "Manages local printers and remote print servers." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\Msinfo32.exe,-130 = "Display detailed information about your computer." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@gameux.dll,-10103 = "Internet Spades" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\searchfolder.dll,-9023 = "Saved Search" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10306 = "Overturn blank squares and avoid those that conceal hidden mines in this simple game of memory and reasoning. Once you click on a mine, the game is over." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\xpsrchvw.exe,-106 = "XPS Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\SoundRecorder.exe,-100 = "Sound Recorder" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10311 = "More Games from Microsoft" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Multimedia | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\SearchFilterHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\ShadowFileMaxClients = "32" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SBE\SAL\FileGrowthBudgetMs = "45000" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@C:\Windows\system32\migwiz\wet.dll,-588 = "Windows Easy Transfer" | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%SystemRoot%\system32\gameux.dll,-10307 = "Purble Place is an educational and entertaining game that comprises three distinct games that help teach colors, shapes and pattern recognition." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@%systemroot%\system32\sdcpl.dll,-100 = "Backup and restore your files and system. Monitor latest backup status and configuration." | C:\Windows\system32\SearchProtocolHost.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\WannaCrypt0r.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Wallpaper.zip
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\CheckpointSearch.ogg"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d59758,0x7fef5d59768,0x7fef5d59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1384,i,4983923197139735829,2227545985947651059,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1384,i,4983923197139735829,2227545985947651059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1384,i,4983923197139735829,2227545985947651059,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1384,i,4983923197139735829,2227545985947651059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1384,i,4983923197139735829,2227545985947651059,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3216 --field-trial-handle=1384,i,4983923197139735829,2227545985947651059,131072 /prefetch:2
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.0.586011051\66456794" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dfb08d9-83cc-42f1-9336-a9d19f617ff6} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 1312 108cd458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.1.580859498\1706990311" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41965362-c731-4d3f-99c2-648b07d102e9} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 1516 e6fe58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.2.473176714\1107958815" -childID 1 -isForBrowser -prefsHandle 1844 -prefMapHandle 1796 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77b210ad-6c30-4ad0-9bec-bdefc3fe9456} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 2160 1ad7e358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.3.1099555060\377380975" -childID 2 -isForBrowser -prefsHandle 2448 -prefMapHandle 2596 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {893cb9a4-bb36-48fc-9bb7-6d25d6b301bf} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 2388 17ac3f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.4.570549637\1675166541" -childID 3 -isForBrowser -prefsHandle 2984 -prefMapHandle 2980 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b252f80-3e4f-4993-b8fe-b2a511a55d29} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 2996 e62258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.5.1751368306\1199658274" -childID 4 -isForBrowser -prefsHandle 1080 -prefMapHandle 3816 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6fbbc75-cda5-40b3-a92d-04e30913150e} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 3832 1d2e3c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.6.413658532\856276955" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3944 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf81f353-ee12-46a0-95fa-aa28ebd3bb71} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 3928 1e54e658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3028.7.110093210\1312008127" -childID 6 -isForBrowser -prefsHandle 4120 -prefMapHandle 4124 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {824ffad9-1351-40d9-9d1a-2aaa5b87f2dc} 3028 "\\.\pipe\gecko-crash-server-pipe.3028" 4108 1e54ef58 tab
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RegisterUnlock.rtf"
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RegisterUnlock.rtf"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d59758,0x7fef5d59768,0x7fef5d59778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2164 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2172 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1400 --field-trial-handle=1340,i,10852303166864379632,7597251296078806062,131072 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.0.1891462759\662012124" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64d24dcb-fe22-4dff-8952-9d77facb906b} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1304 e9d9158 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.1.1859239551\920774057" -parentBuildID 20221007134813 -prefsHandle 1484 -prefMapHandle 1480 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e56ac2b-aae5-4c04-983c-14ed0e1d26aa} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1496 d72e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.2.936223580\2052218447" -childID 1 -isForBrowser -prefsHandle 1900 -prefMapHandle 1764 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {294f2235-d448-4681-ac48-95c7cd612aac} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 1080 e95c058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.3.1580935771\221574641" -childID 2 -isForBrowser -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9acced1b-05fb-4cdd-8039-e9d3e86904ed} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2732 d62b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.4.315275235\1123339564" -childID 3 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e31f488-f34b-4ce5-b473-12cf475bbc7f} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 2880 1bca0b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.5.1729603688\1721957960" -childID 4 -isForBrowser -prefsHandle 3492 -prefMapHandle 3732 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba159501-31fd-41e0-916e-75ee71de0504} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3748 1e778a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.6.1810764088\989031849" -childID 5 -isForBrowser -prefsHandle 3836 -prefMapHandle 3872 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98a79122-d17c-4501-b649-aa65bccf4a2c} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3860 1e77ab58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.7.1809597830\2127324446" -childID 6 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7da5114b-086f-459d-88d7-0f74a0097bf0} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4032 1fe08e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.8.1118771668\1336278216" -childID 7 -isForBrowser -prefsHandle 4356 -prefMapHandle 4352 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3479ed73-d26d-455e-b478-1c59ec28c2c9} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 4368 20b5bd58 tab
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1548.9.1597055138\774755856" -childID 8 -isForBrowser -prefsHandle 3828 -prefMapHandle 3036 -prefsLen 26715 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd2b941d-eea1-4e99-bd7c-43cd70a4e034} 1548 "\\.\pipe\gecko-crash-server-pipe.1548" 3040 1fee9358 tab
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
cmd /c 165091722258356.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oipzgxjd460" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oipzgxjd460" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f
C:\Users\Admin\Desktop\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\taskse.exe
taskse.exe C:\Users\Admin\Desktop\@[email protected]
C:\Users\Admin\Desktop\@[email protected]
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\Wallpaper.jpg.WNCRY
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnlockUndo.MTS"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnlockUndo.MTS"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49387 | tcp | |
| N/A | 127.0.0.1:49395 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:49885 | tcp | |
| N/A | 127.0.0.1:49897 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 142.250.179.81:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| FR | 142.250.179.81:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| FR | 142.250.201.174:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.179.110:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| FR | 142.250.179.110:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| SE | 171.25.193.77:443 | tcp | |
| US | 154.35.175.225:443 | tcp | |
| SE | 171.25.193.77:443 | tcp | |
| RO | 185.100.85.101:9001 | tcp | |
| FR | 163.172.25.118:22 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:51669 | tcp | |
| NO | 185.35.202.221:9001 | tcp | |
| US | 199.254.238.52:443 | tcp | |
| DE | 193.23.244.244:443 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| NL | 192.87.28.82:9001 | tcp | |
| DE | 84.247.178.134:9001 | tcp | |
| N/A | 127.0.0.1:9050 | tcp |
Files
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
| MD5 | 65a33f66ae0a5f7ffe3a3275e1cef175 |
| SHA1 | 2cbbf3cb830bd29da9ade90c85b8910c2a4e7334 |
| SHA256 | 30616b44ae36565cd9c6635f2f3b9ae3bcbe4fba42958c5c3e7533edc76ad5c2 |
| SHA512 | f9d2c5fbbdef87141ef726ba79229f88769a51905dc278781e0b6e8c4560e682e4879dc968c194a9cb217f540bb754cc4d74856c48fdabb3c0f7779709fec794 |
memory/2116-17-0x000000013F2F0000-0x000000013F3E8000-memory.dmp
memory/2116-18-0x000007FEFA5E0000-0x000007FEFA614000-memory.dmp
memory/2116-21-0x000007FEFA3C0000-0x000007FEFA3D7000-memory.dmp
memory/2116-20-0x000007FEFA8D0000-0x000007FEFA8E8000-memory.dmp
memory/2116-22-0x000007FEFA3A0000-0x000007FEFA3B1000-memory.dmp
memory/2116-23-0x000007FEFA1C0000-0x000007FEFA1D7000-memory.dmp
memory/2116-19-0x000007FEF5AC0000-0x000007FEF5D76000-memory.dmp
memory/2116-24-0x000007FEFA1A0000-0x000007FEFA1B1000-memory.dmp
memory/2116-25-0x000007FEFA180000-0x000007FEFA19D000-memory.dmp
memory/2116-26-0x000007FEF7320000-0x000007FEF7331000-memory.dmp
memory/2116-28-0x000007FEF5780000-0x000007FEF598B000-memory.dmp
memory/2116-29-0x000007FEF71F0000-0x000007FEF7231000-memory.dmp
memory/2116-27-0x000007FEF4610000-0x000007FEF56C0000-memory.dmp
memory/2116-30-0x000007FEF5750000-0x000007FEF5771000-memory.dmp
memory/2116-31-0x000007FEF71D0000-0x000007FEF71E8000-memory.dmp
memory/2116-32-0x000007FEF6420000-0x000007FEF6431000-memory.dmp
memory/2116-33-0x000007FEF5730000-0x000007FEF5741000-memory.dmp
memory/2116-34-0x000007FEF5710000-0x000007FEF5721000-memory.dmp
memory/2116-35-0x000007FEF56F0000-0x000007FEF570B000-memory.dmp
memory/2116-36-0x000007FEF45F0000-0x000007FEF4601000-memory.dmp
memory/2116-37-0x000007FEF45D0000-0x000007FEF45E8000-memory.dmp
memory/2116-38-0x000007FEF45A0000-0x000007FEF45D0000-memory.dmp
memory/2116-39-0x000007FEF4530000-0x000007FEF4597000-memory.dmp
memory/2116-40-0x000007FEF44B0000-0x000007FEF452C000-memory.dmp
memory/2116-41-0x000007FEF4490000-0x000007FEF44A1000-memory.dmp
memory/2116-42-0x000007FEF4430000-0x000007FEF448C000-memory.dmp
memory/2116-43-0x000007FEF43D0000-0x000007FEF4427000-memory.dmp
memory/2116-44-0x000007FEF43A0000-0x000007FEF43C8000-memory.dmp
memory/2116-45-0x000007FEF4370000-0x000007FEF4394000-memory.dmp
memory/2116-46-0x000007FEF4350000-0x000007FEF4368000-memory.dmp
memory/2116-47-0x000007FEF4320000-0x000007FEF4343000-memory.dmp
memory/2116-48-0x000007FEF4300000-0x000007FEF4311000-memory.dmp
memory/2116-49-0x000007FEF3700000-0x000007FEF3711000-memory.dmp
memory/2116-63-0x000007FEF5AC0000-0x000007FEF5D76000-memory.dmp
memory/2116-64-0x000007FEF4610000-0x000007FEF56C0000-memory.dmp
memory/2116-62-0x000007FEFA5E0000-0x000007FEFA614000-memory.dmp
memory/2116-61-0x000000013F2F0000-0x000000013F3E8000-memory.dmp
\??\pipe\crashpad_3052_ZADNVRSKUYFGXFCL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f575dde29752fc8f1f75de157c1b4663 |
| SHA1 | 3d54f504e5f28aa48a96fc3d748ef7d43561bb46 |
| SHA256 | 784001a99bb53204aa18f9ff0617d4b04646b046f17dad76edb70408966486be |
| SHA512 | 9ba3459a495d33c3b51e3b596207b45c2866f01ab43003651112faabd0416adf4526029b19f14475c2e4fa8948b6cca7ee56fbadae4ee2077cdd17f350b52077 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f11fcd22608dd518f6d3420736effcb6 |
| SHA1 | 31de70e00c51b020431f0d5bcf1402ed7c49804d |
| SHA256 | 87716a20ee3be7e27cc0bf94ef8385d821fa4b8f9097f620d68e9788fb2c4523 |
| SHA512 | 7b0119b034bbd80a3d87df546ec4d10eaa0155b446f22c9a196c23ceaaeeeb3049c25e5923169224d2a0adeb7fbf42931424955c51e58beb4fde993c4d3fe234 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9611f650-3a91-4c90-969a-33509eb8b551.tmp
| MD5 | 20f55456275f3108ef35377abfcd799f |
| SHA1 | 4ad3dfbd01f26325bcc18a5948d99792d4a2dda1 |
| SHA256 | cf742b1278d704c245b4c808d3086203ca1e6e0a15a834b19e4f624feeb309c8 |
| SHA512 | 12a7e7387ced75bd7905b80d7092fdd98c0e2e1c203af4eb406292bef4eca354c0f5796006b7acd58325f0a8c388f097c4730a050dfb11b078b62ae5b91c5615 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 3e27424df4f7d5955a1c4e3fe56a6c06 |
| SHA1 | bab84ec4cbddcede7d6c39da54b972fba2ab0adb |
| SHA256 | b387a0b5c6022bd6162461f11019b66fe81353da1dd866ff20fd8b2b5e228cae |
| SHA512 | 8e997f0d98b0db07d6ed58ee8dba08f2495970887c4fbed58950dde10b4c1553528274b310aefd09dd10c8847f5437d1ff5efb863428f6c84b5758ab8d588d1c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\5ce812d0-d3a9-40c0-b417-a4d2c6a19233
| MD5 | 103c391cd9dc533968cc6c85b33d560b |
| SHA1 | b0bd617404bed1608ceb8646abdf578b221c52ab |
| SHA256 | 3748f8dd7294070578858c71fdf60b604b7b95a6dcf1da490513890b885534e0 |
| SHA512 | ef87064d582def0032d263672590547e137202e284909f1b4d5b7997825fe6901fa3affc46094582331ea7475577e96b055036ec0d08d36c646245be40fc3f81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\ae54a16a-442f-4119-bbe2-59ce86e8d384
| MD5 | bda882448e76e36c5a0b711637153610 |
| SHA1 | 7562ab7688f758eec17fe341229f552bd3d49320 |
| SHA256 | 8e11f687498f0f4609143756c5947c83aaa39b2439abad1f5e9a50eaa3f50f8d |
| SHA512 | 05ec248dc2e21d89771e9bf18cef4064b6a73f87e4b6bd2836a5315407881314c055300e207c2309654042dd4c289901a3cf8e15954c6022f09dd94f51b06ebb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 7b4e8073bb87168166903bb114a84f11 |
| SHA1 | 3742bddb3e239ce6bc28e516c58a770d17182ad1 |
| SHA256 | c08ff822a249f9f86021a2a6e2ca92f523f51fa85e4e933c68704fb4a5afca60 |
| SHA512 | ef574d83d0893e45ac52810e3619892612a54d76096212c4a46d842fc69f7117cba4aa6a9b9919645ca5c1d1ea3c53f999d063ec83234b3fdff14eedb4dd81dc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js
| MD5 | 43232df2999f07a706d2bdbea35eebba |
| SHA1 | 1627663f427cb8a377d52fcb84d0c6cfb6d075bf |
| SHA256 | aa7a6a85a556b8897c71d786bcfa199e6f4f99d379b8647422aa16e7cdc728ad |
| SHA512 | 78deddb480a45212884b6dee239f40197104eb182c1c96c6274b3ce233478726bf087083524f18b2f2a91966b0df549cc22a2148217bc619ae05a88a0e8f0f55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 360f391efeb7508dc08b521b9cd62f79 |
| SHA1 | 653d84514840b9c9aa9d7a55670ec7e05e2d59d1 |
| SHA256 | 2e359cc7b900bf463e3e09786fb515d0eccb8cfad0575b3d657d836a4359b83d |
| SHA512 | 15a8788341ae1fadb9f2d8f4e05662b4d83f1f1d7d1b98c2003a5f451b7efddc58cf985fc530cfd743e015334d2e5fd550475a3da7d1d1e728a72935e849e9c0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore.jsonlz4
| MD5 | 18b08243e552a29d8301cf1435fa8de8 |
| SHA1 | 59879db96c27b34d09f5db405b5e5372a9d52dfa |
| SHA256 | 7c811e5a58e990f98ecfb1d2879b06b2dd8f60c545b104f9d17869b2b6da4ec6 |
| SHA512 | 532fba3af333419a215de3bc129b1b902d8688507a0119a9ea988eda480ecbc0784a664708ecb5f773268648b83168885dc5a5fd0ac378fcec5787008dc9bf17 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
| MD5 | df2a1aa3fe7b49ec3ad8819c8314900a |
| SHA1 | 1b7433689a63762016917eb49087de6b6dbe2e8c |
| SHA256 | 5d2c0a6debd5459b18a19eda52f6d0323dfd9415be8f824d0456fb1aa00e5432 |
| SHA512 | 7238e849ab580a6f81cb63dc17e1d6e770bc08d5f7b1c89736a315aee0fb53357a08b98ed732c15ebae11587ab698992199c80128e3e9caf734f4e30e2412d1b |
memory/380-367-0x0000000001B30000-0x0000000001B40000-memory.dmp
memory/380-351-0x0000000001A30000-0x0000000001A40000-memory.dmp
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
| MD5 | 84ca72efbf79e289bcc90292b8a5580b |
| SHA1 | e1246a230739351a44850d75a27bc8052a9462bd |
| SHA256 | 9c7bc0480510edd003dc9ee6c8b9cbd42301900b8dfcafc18698c896db1aea1e |
| SHA512 | 4d037f7fea337a3343456a7c5a7253f38e479faeeb260a189877c752941f81dc6ff55a1087a78f53251428c49979f4f5fd57580cecb4ce146323b4060df0f877 |
C:\Users\Admin\Desktop\~$gisterUnlock.rtf
| MD5 | a5a545ab1d481c177a7f26cfc80ee14c |
| SHA1 | abdbd68d289e532464dc5888e608032603365ffa |
| SHA256 | e31d2b68eb20cb5627db473545054e682434e01198e32def51fd784cc315f98a |
| SHA512 | f8f2c0b330b0cfc9725a047e18ad64137fcc33cf74c687c33c5a4056dc50347e519695ffe414478a131afe5b641c80c2432e23bbe53fc18c9c97f705bf520123 |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm
| MD5 | a6eb7b572a59a9bc26ac52c742f16da1 |
| SHA1 | 63b28e13546b1711f0010d5aba0741eb5d8d524a |
| SHA256 | 456f7a19ea9237de143fd3e6fdd6ee95c1c9a3f6bd55cbd2badd42d2b9b36945 |
| SHA512 | ea7d1a950f8636e7c349d438635a211a660c3c5e71667a65f045009ebeac0364bb399ef046927c9d7d973637b987a05209c25254ed8e63287e76ea11e6e93623 |
C:\Users\Admin\Desktop\~$gisterUnlock.rtf
| MD5 | 3c477c50f937e5c2e3fb53e2bb6e1df1 |
| SHA1 | caab5d4237df141615ae7acec9e2b3e1eee60a07 |
| SHA256 | c3324fd3119dac8dd45d4b9ecede1eb26442f75d0113c98eefb4a3b4b2e09ced |
| SHA512 | d8b093c74ebcf2dc7dbd010bafcf42dd2e269ba53dc3881b7abd6ff35911bcfc274da3808234effe36cfbec3319422639a297bc6fb73690d17114c2a1c284d8d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRD0001.doc
| MD5 | abc3f7a6aca8613cc37c4eb3566438bf |
| SHA1 | 90a086a543fcec620069ae052f03c385186ef817 |
| SHA256 | ce23a4bd7a26123158c4d474b0ec4c2cc4eb00b156dd76cf9fc29a70712dab14 |
| SHA512 | 9d445a20654c5f6db2776573f1a0a8aa4b25303e51e15f017253ce5ec07c0b3b3f38903502dfc3c38192ca7515bb0deafcf396caf3d76893dfacc955f64d4717 |
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 2ccb45736f2afc9703a7ec37f402960a |
| SHA1 | 9d1af1eb3a7b96634d61b763098aa177b720d130 |
| SHA256 | 0542cfa39871770a37d1961bd2b5591676ec4115c8a97fcdc0780da57e0ab675 |
| SHA512 | 37112aee58379ad4efe0fc004d29c407386b169aa85b03c52fdd3117050e280ca3eb158cdaf24c0a3918f56574c01d5aaa5e45fa57ea6f16a6ebd4b5f0dc8fdf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | ca884b9f56c1a54418d0567909d733d8 |
| SHA1 | 784a175d1f780cae1ebdcae0b76a047f054c98d1 |
| SHA256 | c6f2142ff52f3bcfd677b1b5c884b586d878fa10267495d5a2643c3119f074cb |
| SHA512 | 2da2a3853922d08eb9cd5c52167a2574e179bb660726bcc251481ce81840f7e4de0ba11d39256019b0a43f76f9674ddfd6e2b75ffe2a6cd37aa26f8dcb5fe445 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 73dd5ed172a0946f5045c831d347a075 |
| SHA1 | 44a648044951363c8c1dccbfafa24f9558276263 |
| SHA256 | 471d8acbab930d024127e7db14c0552b8c8ef096732ad485368e212fe29072cd |
| SHA512 | 92a12b8b01cb743fdfe10bba19bccd13cd2bd0cd99bc5725b959282ac0a6c0a9778f928d91c1a29575b8c7294a4a9949bd32419e9ed13d6b632bde8395ddb148 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007
| MD5 | 17955c6a1bfe62d0dc5fef82ef990a13 |
| SHA1 | c4bc3f9ccf3fa9626c9279ecb1a4cbfbf4a0fcf5 |
| SHA256 | 1cba135964cd409db09911c7cd4699112622596ff633cea868a83c54088c03a7 |
| SHA512 | 5fb73bb4f7eb1c9e26f34e5d0f310783c7e629e717760ee38731a52a8e3fba6831d77abf0f37631fed820839a00c9242a582e59266de08d3c92c5c4f83c8e7a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | b4211804da950fea551ed322e4cb94db |
| SHA1 | da506e21699d8880ac61743eb2edec8e9db1041a |
| SHA256 | e9b4cedb695f73ec09a6cd55c23c3e1cc745ca2cd143260d9ad372a3e9f07ffd |
| SHA512 | f5780e1967ca836e15eb73173244cf2281c1a3782430e9353c930681d237624651ccaef509d5e4ffd40ca90bd75b18f819696f1547d89cbe47557b3077f2687e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007
| MD5 | 22b937965712bdbc90f3c4e5cd2a8950 |
| SHA1 | 25a5df32156e12134996410c5f7d9e59b1d6c155 |
| SHA256 | cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb |
| SHA512 | 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 85c6bb0028f67e8b8f8d71517fd78b53 |
| SHA1 | 5c00f4a8b9e852978406c866ea22ef59d15ddac8 |
| SHA256 | bcb39a6fb470f606c6c43774e4747b78710c60522534bb994a1d8ff5531a794e |
| SHA512 | 693814195df0f7de2ae1ee52d10450cb8d02acff88af5d1c9e0e50febf5e875a8d868912b466fefdc8a1ebf0ad32bd9c4d4483946a1d2f948cd5fd4278614840 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 955e8a6805f17972d80b885abc0fccf4 |
| SHA1 | 761190b76e7b39fa5fd2ed9e6aee012e3f9db171 |
| SHA256 | 185e3c14e53ed02a8d135c490eb8c22bb496f9f39aa351914895ff114df03f05 |
| SHA512 | 74992f0188966fe91f6a134f2cbb9d3bf752bb5afbc5b137fcb1eb66693a80d18946837aade1c14569cd3f42ef72686939201f55fcac04fcef987d194fb7c47e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 72cb44b8904d2be1722c9cafcbfef9bc |
| SHA1 | 4d473126001b414cd3e1d12d98617fe958ee6675 |
| SHA256 | 04d69ed4d404d1916e23c99b5d47ed2595fe0f285cf5553f32c1cf7e5b2d8955 |
| SHA512 | db071229e61ad7d4b4a3de570b8c6d29be009895a5ab4cd2b335bae6e0d7ff2bb8c5f1701640d36883d54c486c0cfeb0b96de27f807fc223155cab64cdb472ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb
| MD5 | 98e7c09432333799a751e87c6d53bc99 |
| SHA1 | 112e53d9ee5802d72a4c435bead7012682d08915 |
| SHA256 | 93d7827e9e2e979bf606146b41bbc16f5eb91b6bd31ce1994e52ac26c254d847 |
| SHA512 | 0751373b3b366acf41c7f644b5a6f8aefe5e69f25b6ca46f8ceab2f7dd3c2ef6ddada395dc909638bfeed91853e50c68868cc63eb72b4e2d7a071c1bdae55af3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007
| MD5 | 1be22f40a06c4e7348f4e7eaf40634a9 |
| SHA1 | 8205ec74cd32ef63b1cc274181a74b95eedf86df |
| SHA256 | 45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691 |
| SHA512 | b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log
| MD5 | fe62c64b5b3d092170445d5f5230524e |
| SHA1 | 0e27b930da78fce26933c18129430816827b66d3 |
| SHA256 | 1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4 |
| SHA512 | 924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007
| MD5 | d5842b6fb90a67708c353f0f3a33be85 |
| SHA1 | 48a9e06c9bcf2791ac6376622d6dea179689255e |
| SHA256 | c63523f14d423eee3b43947283056d5219edd0c63318007b1b876e24ab101d03 |
| SHA512 | 1a5f288211bfdceedc802fe9de9cda4596d3db06222a742600a67262671f5084feb4ac797d39a10c02854590f680d47df39cd81bd41312a0807db597beabbaec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | dca5959ddbb847ec5d1cf19450eea2f4 |
| SHA1 | 3265cd0f8d3ff9a3cc2ad483ff4ca45e7da99ffb |
| SHA256 | f4aa8ae771c2451ea3e39b55e759cd28d0a4bf0d0be23c846a1b5e6b1a03cc8b |
| SHA512 | df557168dd520d4f069dd167528a02715c0e1865765cbb8fa73f7ab6712bee486cb7f78d15c94175693dc7b4e22163962e95b20eba107c7fc046dcea54f7548f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp
| MD5 | 979c29c2917bed63ccf520ece1d18cda |
| SHA1 | 65cd81cdce0be04c74222b54d0881d3fdfe4736c |
| SHA256 | b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53 |
| SHA512 | e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 10f6177f1d91bcf227f4e605fd069045 |
| SHA1 | 5fe60116b1f1e9c657ea5379b6d6ce42e15de2dd |
| SHA256 | 613ec0170f6ee8c9b65ab51280c04fde7c8deb9d50616d1666d3d0d8aeae1147 |
| SHA512 | c88085f9639ae4d4f452cc3dadb61a8572f6716693d0e0d63180d6b60b3ea6ba8d94ded6bde767a70834d23b2dd9b7e222fe53aa3cbe4dd64c18cfc1d74f601a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log
| MD5 | a2f36fd75efcba856d1371d330ed4751 |
| SHA1 | fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b |
| SHA256 | 561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f |
| SHA512 | 79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007
| MD5 | cce6d9e0a2fca760e3a7904fca2fa80b |
| SHA1 | b637051510893c6688ef301bd59532f3255b3a01 |
| SHA256 | 7833d6eb2a94306bd3d04cf593243cda062e5deb67528a767a43f42d8a12e159 |
| SHA512 | 17740ac23a35c466429bd338214cff75d51321a95eac7785e3ff2b5597a1d6cc01a52bdfbd4143b0510affd86b4a892a6f0d337d057ee464d788abd8a4b7b2f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 0926df9c0757ba51190e7edde2498a45 |
| SHA1 | 13480dbdf82e1ae4b52abbad76faa4392ef72a31 |
| SHA256 | acaee310f7591b913e7b392631491845bcef51e4d72f389927598701c9f953bd |
| SHA512 | 2f21c5f08e2e9df961e2ecb6fd0bcd620a5f3a5d2742d5bc9d7fc81ff3cd57c1c45c68ac8ca9830d2025afc97fae93b7bd38d48a5949f1e2400a189eaf32f251 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb
| MD5 | ee979b6741a4ab9344ade8e8a5ba7041 |
| SHA1 | d9727ac1785b5dd231ffa2646cf64376fc7d9f17 |
| SHA256 | 3a96430102f631d13e948b8ef571bc338c09bc245e5bebea2ef148b37f62b7e6 |
| SHA512 | 78304ca9f8d96c011dbad85f4f529c9c74fd104557d1aed1ff87779d0c56831b313a2cf6cc8f8f73f5d96a7e362c412a4c602d289fb296c25986401486753400 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb
| MD5 | 5b1dc7019b7b8e74c422530a9579384e |
| SHA1 | c37c3275f78e2768d866555f0395ddb20f32e1b4 |
| SHA256 | ee1d16dd35241b1f4517d53911ae39090ffe5a91fd2045e65c29591d01e477df |
| SHA512 | a7e020a6206c469b65d444b41b99f7b97064330e02cda88ba5af5d10dc66a2c826d8e6b0e88d9d1939956d93181a69ab7b705acdab4032d172caa43c5a23b8e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006
| MD5 | 78c55e45e9d1dc2e44283cf45c66728a |
| SHA1 | 88e234d9f7a513c4806845ce5c07e0016cf13352 |
| SHA256 | 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec |
| SHA512 | f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007
| MD5 | b6d5d86412551e2d21c97af6f00d20c3 |
| SHA1 | 543302ae0c758954e222399987bb5e364be89029 |
| SHA256 | e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191 |
| SHA512 | 5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log
| MD5 | e9c694b34731bf91073cf432768a9c44 |
| SHA1 | 861f5a99ad9ef017106ca6826efe42413cda1a0e |
| SHA256 | 01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85 |
| SHA512 | 2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 3ac93fb60cd2ec48d5acbfb0e2cbc0fb |
| SHA1 | 80e7609e15b6ff705a8b8e78b324afe5129e1a58 |
| SHA256 | 4c3f478c740fbe4ac3cb76416f4512f1e9414b4a030c09cec93618790c765bbc |
| SHA512 | 689c60ad12f495eb07f0576bfe5905a38206d41c37add74634184653c80cbf9de2e39c57c84986d3a041bbf7398da8f2a49bbf92a9104d72e668be35fd033783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13366731577238000
| MD5 | 1e21ab35171db3ccc88ac8de0e912e44 |
| SHA1 | 73da13d5daf908b589688408d7023de88339433d |
| SHA256 | d30f7bc4b32d301eb80ee3f65adebe8ab7ad79a0b92efb6bf655d2c8d1e1bcfe |
| SHA512 | 37c1328a3b0b86a0fbad6c730de33cffb3485d66847437fceb437342f14e5cd1c9dc36c05e4436c9b20d85086c9d2509a5746e2723a344f9b3d8d92883ed762a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5ce5554c-c924-4f67-8d65-69f951d8946c.tmp
| MD5 | a89417f30a1a2c802b8dd99b9cf86339 |
| SHA1 | 4c05788d7563cdfd162fa464dd1fc7f80b32fc2e |
| SHA256 | c2d615b6ad5c6ff772770ca10383457d7ffb0eea41d3e317ca60aa8151a426fb |
| SHA512 | 0505c65d90d63026ba43ef42a4bfd1f003f6c3484885aa26677f93d5d9fedba7bdc3488e297ff6899a4fc058ae2973bc1f3afa9e3235e9455351250d05c03546 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | 709b805f80091c902e4985312f4b0646 |
| SHA1 | e63b78f9fe2171571cc81355825bd13ec5f39d00 |
| SHA256 | 367f4246b9ddd0060c0bf6c3b9892b7cb2d6ae948c025668f2cab71db7452427 |
| SHA512 | bf7fb9df0f431022eb52ff21acdf58ec9eb463045161bdea8c2058affcd8e02e7bfbaadb43ad1a9c42cfa642324df50873d0f09f04b22d248309e1706a44ad72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs.js
| MD5 | fb9368b11f3db8ef63641ebf30c87aea |
| SHA1 | cf0ff837130d4992c0d83cbf51797205a828caa8 |
| SHA256 | 226e2cee145f98919b89df71d0ff462871fab38f4f1770997ddba4f3c8c7d03f |
| SHA512 | 84ae17aca3d05b71ceeee7981b5429794c52bd99e393f2e52100fd8a99445506e3bba3d058926dfd13187fdb60d42394d539810b1ac684e566688ab9bac71d8b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\startupCache\urlCache.bin
| MD5 | 0989e3bebaed03f9cb2d5d3bddcd72d8 |
| SHA1 | c061db43a3b769aec6af75cd84969f19dc1273c7 |
| SHA256 | 6ea2e56c58fe6cc0bc1a2e15311f4ccbe68b89fb232e46ea6e4bbbb454caf382 |
| SHA512 | 3fd689f33140bbb72f693399bbffa40b69cff6367130680fadcbb63709a16ba0d6eaf65f81ebc06fed5267b43cfc844e5c4698c70d7ee8dce2612b1de8371666 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\xulstore.json
| MD5 | 05e1ddb4298be4c948c3ae839859c3e9 |
| SHA1 | ea9195602eeed8d06644026809e07b3ad29335e5 |
| SHA256 | 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be |
| SHA512 | 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionCheckpoints.json
| MD5 | 362985746d24dbb2b166089f30cd1bb7 |
| SHA1 | 6520fc33381879a120165ede6a0f8aadf9013d3b |
| SHA256 | b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e |
| SHA512 | 0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7e1a89da00038cc46c62096dcdd1d0cf |
| SHA1 | b02913641909b9910473d6d833b54286cbcad636 |
| SHA256 | f253cc4b5069da8238b7c9aed49c248b0025b8d8dd0d72650fc49d45397cf9a7 |
| SHA512 | 3976a5128109a70183f368a5fbc572bf7151b58cd3c725807fe345331c8e20ca8b16c9deff75b53bd24d20e710c874a765db1634fa2f18b2716134506466094c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\db\data.safe.bin
| MD5 | cc1ef1270854d7b8dc4c9fd223552a5e |
| SHA1 | 0a8bed7af73502ee393e9e532aeb58e4688b2c6c |
| SHA256 | 566685af946ed34eefcbe998cae4e231141b90e997474f38734823d4044cc913 |
| SHA512 | bfb60c4be88be3749c04a4cab045f63234e9e03a6bdd242c74c2c2b474602d6cf099df203fd8e99ae425a0e503f84d651ebd222da9e0ff3f18ee32f028989aff |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\datareporting\glean\pending_pings\dd3ef9ae-eb3b-4e60-a60e-94bb82944733
| MD5 | a8993c65fd0fe870e6f7a27169026530 |
| SHA1 | 0e29df58bf7318b4ba289171c1bbf9f9e65388f3 |
| SHA256 | 5a6fce24bbbe7c108286ff25cd8fa0f55750ce723a02126b22624b07a17a5e1d |
| SHA512 | 4ef5e67f81d7d875c8deb9f19bd5d2563ae603dfd5ad77777b211cf81fa3b2af309c8be4919e77eeebf74f10c8b12a5c9f57dbf0f70360522d66c1a82b728850 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
| MD5 | 78f52bfdc53788c42848bdd1f6ce4c31 |
| SHA1 | 5828e35d87f4921c80788412230d6d21160891da |
| SHA256 | 74934e990982896a40f50e956d020f3db59bdc0629c788138239f48c2a1d3f80 |
| SHA512 | 1820aec130410ac0a687bc8eac4e235281bba9b5d747d33e517fd711839d52a52c1d45556bd5de137116ba55e7618996d7bb0e7d90411f6724c353a3dc407e8d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 322c617b6b7c5cc00ca663b1e5f8b6ee |
| SHA1 | a790388a723261613f6ed15c35ac88ead1eb4622 |
| SHA256 | de7a57f3b4d83711dfceb92071b618eb0a92def6fcc352015e8c7d60269cec3b |
| SHA512 | 7fac21fea7f3224fece7cc9e37e5ddc57da485853a3d3eefa7f55d801c68ba3670cc8184839532039ae6f8575aefa115505b04a01153c8b0442e5eba27244848 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | ee71f45e9bad26fe6880693d72653f24 |
| SHA1 | c917ffd08ddd246d52f8a2300f92b74a06cd2546 |
| SHA256 | 99d43a92c17a7c27fee2db0f4978c6f9a84ac50b13254cd9340847ec123960ba |
| SHA512 | 8074ebb813083330da7454c7fe33c80e0484823e691defefde1b1b54d6bca9059a20a925edd994d54613a3668e72cc6ac8550e637daf6d0feb1b3db71870f985 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
| MD5 | 87307f19b4c4b739d0afcf4aeaa817d5 |
| SHA1 | 216119168cb237c7e57c181865afa6003b2c4acc |
| SHA256 | 074f1f0eb0bf2f6253c3987c4d6b89b0b903dabc6821c07083601b187e173a3b |
| SHA512 | 019788d538e881db8ff9832a95da4199129dba51d095c1a8d729e52ec209e55dd0e54822ef0a760fddc12a43dc7af420b33d8fd24c4abddd8cbf424b7ddf8c45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dbcfc4c7963b5f876206428808b5b2ca |
| SHA1 | 8aebba86cf2375e56d3217c50a99c3391b885c75 |
| SHA256 | 6c2e8312d6d7e0f3c2ec223705dea1ddfe4536542b26dbe56f7d67de7d9f6a2b |
| SHA512 | 7201165a96f31c169a1b7b3bdf1608f2b86d24f96770d4d0c4d08b0b23c38f896942eb26ca605b3a94e19e42c04d840a79ca6843a89ed195d6ba06d409fbe1cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed\11179
| MD5 | 3d67f04f8529a1fecc3aebe3e75b72e7 |
| SHA1 | b4b63e855332e4170598ea2fd2887b1ac684e0ae |
| SHA256 | c6a56aacc6904c70868888ce59f750fed2096958940d814faa4995524f198f1e |
| SHA512 | f766b6fa015da788e5492aa604acab884971117a4e24a3183fec5d8a611eefe5b7efd812f376c9658aa9a3a31e4cf54481383f8336519089511c6df4f75ce680 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 424c37536fef46a94e7de04e79c4f013 |
| SHA1 | 93dacd3065f71d6d494809194ece4f021108886c |
| SHA256 | e19d126b7cfbe25faf35bea81fa3ce5562e6d5e33d38f2024efdfd2f472f5297 |
| SHA512 | 8ecf5c89ae3a058bca5b48f228a3700099ca9b3e0fe3cfb239e4b0f9929e49275592fac8d90fd27951e75b64cce96e3f83e4a704ccbd555ee24831d94c97d1e4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5c6864267257cfe0512eecf696843539 |
| SHA1 | bc997377426e5a0ae6a52a02e06cf3514d6c9809 |
| SHA256 | 98335d657b9f4be33bc992fd220787258a522d3b95c82ca428ab96ca1458cc68 |
| SHA512 | 9e8748934ae4e57010676814d004b837186fd14bd1fd502cd1a304b0d9cff0d7c4316ee0d1d75c6787e76f2875d77ea17890d5e2e74f8e06d75e856737f20efd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\doomed\12859
| MD5 | c1e1d6ba4d090c333ac97033f999d0fe |
| SHA1 | bfcc9ced2932767bd7be019dd16d0b879abce01a |
| SHA256 | 423ba7d47ec14f3e213baecff7469034dfe6e54593214104ee6365a265ab42b3 |
| SHA512 | 23350a2de6a7e1bef0355f425de9366fb5d54bbdfb21a119751ea1322487f3c0ce7d5ff2d8ffaf2931233b4e2cb7a0ca0d7bf3d260e226d98f74289edcd828a6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\BA4CA3A32A0AB365A9EF8564FC67AC4461845518
| MD5 | 54a110472908be336a1f0635912b7c66 |
| SHA1 | c2dad908e670bf7c524cb220e0881d1372ae533d |
| SHA256 | 5153bf19ec5aeb5f02b7bb392c31409d9ce91e82c4f8805fcff49ab3ded1cb6f |
| SHA512 | 0f4cfdb35b194141932578bcbddb747c55432fcef5f29b417a11644c5fcdd3ae7ee1170643ca4cebf4b1ead96f038f5b6f6257c8d179e458a198ec5c651ef93c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3
| MD5 | 5c52f8574b19a6a3d48917f37c053fc3 |
| SHA1 | 73aecc17e50d99f063195709d1c6833ec5cb3c94 |
| SHA256 | 94a06a336a958651b83a55686e1e6e14e0987eb8beca66102be2621e13831862 |
| SHA512 | c059fccab894da44f0a6578bca8b4df91702c25fdfba1caa21ccee0885bfa25dcb2fb3a62ea7b00845baf73dfa4efa9cffe6fe6c981668c798cbacb58e245448 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\FC16C75B5606BF2DD15822549DB47B518E844CBC
| MD5 | d6f97e2f8471b2223ab826774a07e37d |
| SHA1 | c4d44b437148c8ade47611d7b17484048ae8a1b2 |
| SHA256 | 4a1152d833abe02569f5858abc50968160d9f6843a45b6ed1e8a68a1b0bd3b5e |
| SHA512 | 2a4c47ee957e0789ecf152fe0c3e35444a0bf2e164ca3607f65bd78c97106c39213624dbb0fe610aa5ec1e54bca4a14369cc4edca34ff49a9bee53472876b00a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\id09dv1m.default-release\cache2\entries\BB67B3449309EC6617C64DE8F83571ECD8DE14D3
| MD5 | 8717c860d643434aedcc36fdea644a76 |
| SHA1 | a426ef55684591768a354b6fe4438bfae1bd46d5 |
| SHA256 | 7247b0fb0aacfcc8f17f414be70d0e40e7d52e7e352930ff41dd77fcd963c1af |
| SHA512 | 6e7aa97c11ecdc006219e844abd0bb5b188854c3342d843ce7e95acbddd3807ca24978a4fd11bab0c7c7fe5f399886b160d378e3a4f7e8897135741d3d2cd4b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b95d5c27c97fb554956779d966f65e51 |
| SHA1 | de2c984dd0a3e97f959184d09f66d6248e5cd4b4 |
| SHA256 | 41db11568c21779180f369a6180a751c89afd85242d8297b4a29e7ff7d0268e0 |
| SHA512 | 4b9131ea093cc95df0778cf7758906f7cba30320ecc53624499236022a23e3379ae37877ea005fdaf394988a496805e335f18abc5d32832207c87bdfbd5b4b80 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dff8c2b6a2e826b0e6af78caaa62e03c |
| SHA1 | 26e82a94b37605ac3fa5362348f0aab74e438d33 |
| SHA256 | 471bd6a9f3f8ace8483b54e62aa6e0f5cbc6f0ee5fefc8fb0c70d8547a790d14 |
| SHA512 | 0d23799a341a8f9ead5efda8cc611b55401660e9eeff042e73f4924d09452a5638ec29e20f23fab2e815a61963714fdf413a3e20fd7f734bdc7f62ef0a89d427 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | e58fdd8b0ce47bcb8ffd89f4499d186d |
| SHA1 | b7e2334ac6e1ad75e3744661bb590a2d1da98b03 |
| SHA256 | 283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a |
| SHA512 | 95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\sessionstore.jsonlz4
| MD5 | 610b52831b4349c61d3bdf83bf9d1a65 |
| SHA1 | d3a613933545b078a9408ba8de0f7365b6d47d46 |
| SHA256 | d2abe93bb595f614567b977be611d65883e424a6676b47405917891596a3de78 |
| SHA512 | 26372cac8a85305999d91d01105cd0a176120fd41868e1e9c0caeb61c5634961420744d25fd9a41646d5123dff6272a7bd1d5b740b74cf802df550f153c78f90 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\id09dv1m.default-release\prefs-1.js
| MD5 | e9ba2db450d85237e24c2f15e3575d83 |
| SHA1 | 5c566d6a1847ac93215b0246cc12fc3e2f74b807 |
| SHA256 | c9fa3178c51982475366ed40b0813c640f9742311c38ba34a6b90403b87796ee |
| SHA512 | f653befe312952032c0731af2dc20e04aa4d23c8c22a352a84c66f4f92022bf6ba186b7a2ca2c27a17dbc17d3a735f1d36bfacd4c38b98d1090e8e9fcf7d5835 |
C:\Users\Admin\Desktop\msg\m_finnish.wnry
| MD5 | 35c2f97eea8819b1caebd23fee732d8f |
| SHA1 | e354d1cc43d6a39d9732adea5d3b0f57284255d2 |
| SHA256 | 1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e |
| SHA512 | 908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf |
C:\Users\Admin\Desktop\165091722258356.bat
| MD5 | b741d0951bc2d29318d75208913ea377 |
| SHA1 | a13de54ccfbd4ea29d9f78b86615b028bd50d0a5 |
| SHA256 | 595dc1b7a6f1d7933c2d142d773e445dbc7b1a2089243b51193bc7f730b1c8df |
| SHA512 | bf7b44ba7f0cfe093b24f26b288b715c0f0910fa7dc5f318edfc5c4fdc8c9b8a3b6ced5b61672ecfa9820ffd054b5bc2650ae0812804d2b3fc901aa06dd3ca14 |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
| MD5 | 34e3a180bf00000e94ed10d31033aeae |
| SHA1 | 5f6c52ec94f364a297667d638204214a5ff57ac6 |
| SHA256 | 7311c6cc07a01c8dda0385ac73a5d89a57e73487fc40a314d69e0821b58d3c41 |
| SHA512 | b190c938d04cdbe678e2ce2ef6f21bee1ddaa113009ab783cfda9947ee742f27d77e2868fa77ca17c4a5d712f469911459fb61e8ca71b3d02398477912acba44 |
| MD5 | 7bf2b57f2a205768755c07f238fb32cc |
| SHA1 | 45356a9dd616ed7161a3b9192e2f318d0ab5ad10 |
| SHA256 | b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25 |
| SHA512 | 91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9 |
C:\Users\Admin\Desktop\@[email protected]
| MD5 | f97d2e6f8d820dbd3b66f21137de4f09 |
| SHA1 | 596799b75b5d60aa9cd45646f68e9c0bd06df252 |
| SHA256 | 0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a |
| SHA512 | efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0 |
C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\@[email protected]
| MD5 | 013c2aa14753b74057eb294ca2aa01c2 |
| SHA1 | d797dc4d8b2e6b233bd9b8becaa18f8a4d19cf33 |
| SHA256 | fdbc9fd8a94228f803d0b26220a38e25276beb2febf384f143dd79549eaf35fa |
| SHA512 | 71014129a127e2fa10f1f5296893c856ffba008dbcca797749d82f4413a86dbe6c030759be511dff05b25f271af0b18b161c04ede394a4ff17a2e569d1e03404 |
C:\Users\Default\Desktop\@[email protected]
| MD5 | c17170262312f3be7027bc2ca825bf0c |
| SHA1 | f19eceda82973239a1fdc5826bce7691e5dcb4fb |
| SHA256 | d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa |
| SHA512 | c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c |
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exe
| MD5 | fe7eb54691ad6e6af77f8a9a0b6de26d |
| SHA1 | 53912d33bec3375153b7e4e68b78d66dab62671a |
| SHA256 | e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb |
| SHA512 | 8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f |
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
| MD5 | 99c061f909770f067ddd1a79af5ad943 |
| SHA1 | 09849ce5be55af36bf24e14b97348b6141710a3c |
| SHA256 | f8d84f0983ed452ea131f762a1f171a9a6ab42368cd60f46fedf7388c5151b7c |
| SHA512 | c28e935f5a076c8f2a2616a05acd18dbdf81be1e00f70733746929045813830ecbf792b3298744c94737b9df3c6684f7f02168a1ab524f2e9e1ea7d385d549f6 |
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new
| MD5 | 93aaccaa2249dd80fa247de4a483669e |
| SHA1 | 52faf4fdd2235a1a2fb65bab719633b689ee210d |
| SHA256 | 2b7a35e476c35d0788249a09b740575c93f5dacfca03ae7290942b5807a66631 |
| SHA512 | 19e7a9d470ec170e0eb439c50f878d3ef076d87f8909cdff10bb846b051d10799917bffb91353191c68abc8ba0515ccb3191f0f43a026894ed6b6c1869f3cc74 |